All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series)

Certificate#5071StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc.
High review priority  ·  no TCB surface named  ·  last validated 10 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/22/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy
VendorCisco Systems, Inc.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series)
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series)
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Cisco Systems, Inc. Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series) Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware6
Table 3: Modes List and Description7
Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation9
Table 5: Approved Algorithms - Nitrox-V GC9
Table 6: Vendor-Affirmed Algorithms9
Table 7: Security Function Implementations15
Table 8: Entropy Certificates16
Table 9: Entropy Sources16
Table 10: Ports and Interfaces18
Table 11: Authentication Methods20
Table 12: Roles20
Table 13: Approved Services39
Table 14: Mechanisms and Actions Required40
Table 15: Storage Areas45
Table 16: SSP Input-Output Methods46
Table 17: SSP Zeroization Methods46
Table 18: SSP Table 153
Table 19: SSP Table 262
Table 20: Pre-Operational Self-Tests63
Table 21: Conditional Self-Tests68
Table 22: Pre-Operational Periodic Information68
Table 23: Conditional Periodic Information71
Table 24: Error States71
Figure 1 FPR 4215, 4225, 42456
Figure 2. FPR-4200 Front view41
Figure 3. FPR-4200 Back view41
Figure 4. FPR-4200 Left view41
Figure 5. FPR-4200 Right view41
Figure 6. FPR-4200 Bottom view42
Figure 7. FPR-4200 Top view42
Figure 8 Opacity Shield Brackets44
Page 5

The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operational environment; physical security; non-invasive security; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. The following table indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels

Section Title Security Level

1 General 2

2 Cryptographic module specification 2

3 Cryptographic module interfaces 2

4 Roles, services, and authentication 3

5 Software/Firmware security 2

6 Operational environment N/A

7 Physical security 2

8 Non-invasive security N/A

9 Sensitive security parameter management 2

10 Self-tests 2

11 Life-cycle assurance 2

12 Mitigation of other attacks N/A

Overall Level 2 Table 1: Security Levels

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: This module is a multi-chip standalone hardware cryptographic module identified as Firewall Threat Defense (FTD) which houses ASA and Firepower solutions with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FXOS throughout this document). The module is operated in a limited operational environment. FTD delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. The FTD solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications, HTTPS/TLSv1.2, SSHv2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B using the ASA Cryptographic Module. Module Type: Hardware Module Embodiment: MultiChipStand Module Characteristics: © 2021-2025 Cisco Systems, Inc.

Page 6

Cryptographic Boundary: The Tested Operational Environment Physical Perimeter (TOEPP) is defined as the entire chassis unit’s physical perimeter encompassing the "top," "front," "left," "right," “rear” and "bottom" surfaces of the case as shown in the figures below and in the Physical Security section. The cryptographic boundary encompasses the entire TOEPP. The FPR 4215, FPR 4225, and FPR 4245 all have the same exterior appearance. Where they differ is in Firewall throughput, IPS throughput, IPsec VPN throughput and number of VPN peers allowed. Figure 1 FPR 4215, 4225, 4245

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

4215 Nitrox V CNN5560-900BG676-C45-G

FRP FPR-4225 7.4 AMD EPYC 7763 (Zen 3), Marvell Cavium

4225 Nitrox V CNN5560-900BG676-C45-G

FRP FPR-4245 7.4 AMD EPYC 7763 (Zen 3), Marvell Cavium

4245 Nitrox V CNN5560-900BG676-C45-G

Table 2: Tested Module Identification

Page 7

Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: N/A for this module.

2.3 Excluded Components
2.4 Modes of Operation

Modes List and Description: Mode Name Description Type Status Indicator Approved The module is always in the approved Approved Approved mode Mode of mode of operation after initial indicator: "FIPS is Operation operations are performed. currently enabled." Table 3: Modes List and Description The module has one approved mode of operation and is always in the approved mode of operation after initial operations are performed (See Section 11). The module does not claim implementation of a degraded mode of operation. Section 4 provides details on the service indicator implemented by the module.

2.5 Algorithms

Approved Algorithms: CiscoSSL FOM Cryptographic Implementation Algorithm CAVP Properties Reference Cert AES-CBC A4446 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM A4446 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 Counter DRBG A4446 Prediction Resistance - Yes SP 800-90A Mode - AES-128, AES-192, AES-256 Rev. 1 Derivation Function Enabled - Yes ECDSA KeyGen A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) Secret Generation Mode - Testing Candidates ECDSA SigGen A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512 ECDSA SigVer A4446 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) Hash Algorithm - SHA2-224, SHA2-256, SHA2384, SHA2-512 © 2021-2025 Cisco Systems, Inc.

Page 8

Algorithm CAVP Properties Reference Cert HMAC-SHA-1 A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1 HMAC-SHA2- A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1 HMAC-SHA2- A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1 HMAC-SHA2- A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1 HMAC-SHA2- A4446 Key Length - Key Length: 256-448 Increment 8 FIPS 198-1 KAS-ECC-SSC A4446 Domain Parameter Generation Methods - P- SP 800-56A Sp800-56Ar3 256, P-384, P-521 Rev. 3 Scheme ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC A4446 Domain Parameter Generation Methods - SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, Rev. 3 modp-3072, modp-4096 Scheme dhEphem KAS Role - initiator, responder KDF IKEv2 A4446 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 (CVL) Hellman Shared Secret Length: 2048 Rev. 1 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 KDF SNMP A4446 Password Length - Password Length: 256, 64 SP 800-135 (CVL) Rev. 1 KDF SSH (CVL) A4446 Cipher - AES-128, AES-192, AES-256 SP 800-135 Hash Algorithm - SHA-1, SHA2-256 Rev. 1 RSA KeyGen A4446 Key Generation Mode - B.3.4 FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072 Hash Algorithm - SHA2-256 Private Key Format - Standard RSA SigGen A4446 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072 RSA SigVer A4446 Signature Type - PKCS 1.5, PKCSPSS FIPS 186-4 (FIPS186-4) Modulo - 2048, 3072 Safe Primes Key A4446 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Generation ffdhe4096, modp-2048, modp-3072, modp- Rev. 3 4096 SHA-1 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-224 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-384 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 © 2021-2025 Cisco Systems, Inc.

Page 9

Algorithm CAVP Properties Reference Cert SHA2-512 A4446 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 TLS v1.2 KDF A4446 Hash Algorithm - SHA2-256, SHA2-384, SHA2- SP 800-135 RFC7627 (CVL) 512 Rev. 1 Table 4: Approved Algorithms - CiscoSSL FOM Cryptographic Implementation Nitrox-V GC Algorithm CAVP Properties Reference Cert AES-CBC C1026 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-GCM C1026 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External Key Length - 128, 192, 256 Hash DRBG C1026 Prediction Resistance - No SP 800-90A Mode - SHA2-512 Rev. 1 HMAC-SHA-1 C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 HMAC-SHA2- C1026 - FIPS 198-1 SHA-1 C1026 Message Length - Message Length: 0- FIPS 180-4

51200 Increment 8

SHA2-256 C1026 Message Length - Message Length: 0- FIPS 180-4

51200 Increment 8

SHA2-384 C1026 Message Length - Message Length: 0- FIPS 180-4

102400 Increment 8

SHA2-512 C1026 Message Length - Message Length: 0- FIPS 180-4

102400 Increment 8

Table 5: Approved Algorithms - Nitrox-V GC Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key Type:Asymmetric N/A SP 800-133r2 Section 4, Method 1 Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: © 2021-2025 Cisco Systems, Inc.

Page 10

N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

Name Type Description Properties Algorithms KAS-ECC- KAS-KeyGen KAS ECC Bit-strength Counter DRBG: KeyGen CKG keygen used in Caveat:Provides (A4446) (SSHv2) SSHv2 service between 128 Hash DRBG: and 256 bits (C1026) encryption CKG: () strength KAS-FFC- KAS-KeyGen KAS FFC Bit-strength Counter DRBG: KeyGen CKG keygen used in Caveat:Provides (A4446) (SSHv2) SSHv2 service between 112 Hash DRBG: and 152 bits (C1026) encryption Safe Primes Key strength Generation: (A4446) Domain Parameter Generation Methods: MODP-2048, MODP-3072, MODP-4096 CKG: () KAS-ECC- KAS-KeyGen KAS ECC Bit-strength Counter DRBG: KeyGen CKG keygen used in Caveat:Provides (A4446) (TLSv1.2) TLSv1.2 service between 128 Hash DRBG: and 256 bits (C1026) encryption CKG: () strength KAS-FFC- KAS-KeyGen KAS FFC Bit-strength Counter DRBG: KeyGen CKG keygen used in Caveat:Provides (A4446) (TLSv1.2) TLSv1.2 service between 112 Hash DRBG: and 152 bits (C1026) encryption Safe Primes Key strength Generation: (A4446) Safe Prime Groups: ffdhe2048, ffdhe3072, © 2021-2025 Cisco Systems, Inc.

Page 11

Name Type Description Properties Algorithms ffdhe4096 CKG: () KAS-ECC- KAS-KeyGen KAS ECC Bit-strength Counter DRBG: KeyGen (IKEv2) CKG keygen used in Caveat:Provides (A4446) TLSv1.2 service between 128 Hash DRBG: and 256 bits (C1026) encryption CKG: () strength KAS-FFC- KAS-KeyGen KAS FFC Bit-strength Counter DRBG: KeyGen (IKEv2) CKG keygen used in Caveat:Provides (A4446) IKEv2 service between 112 Hash DRBG: and 152 bits (C1026) encryption Safe Primes Key strength Generation: (A4446) Domain Parameter Generation Methods: MODP-2048, MODP-3072, MODP-4096 CKG: () KAS-ECC KAS-Full KAS-ECC for Bit-strength KDF SSH: (SSHv2) SSHv2 service Caveat:Provides (A4446) between 128 KAS-ECC-SSC and 256 bits of Sp800-56Ar3: encryption (A4446) strength KAS-FFC KAS-Full KAS-FFC Bit-strength KDF SSH: (SSHv2) SSHv2 service Caveat:Provides (A4446) between 112 KAS-FFC-SSC and 152 bits of Sp800-56Ar3: encryption (A4446) strength Domain Parameter Generation Methods: MODP-2048, MODP-3072, MODP-4096 KAS-ECC KAS-Full KAS-ECC for Bit-strength TLS v1.2 KDF (TLSv1.2) TLSv1.2 service Caveat:Provides RFC7627: between 128 (A4446) and 256 bits of KAS-ECC-SSC encryption Sp800-56Ar3: strength (A4446) KAS-FFC KAS-Full KAS-FFC for Bit-strength TLS v1.2 KDF (TLSv1.2) TLSv1.2 service Caveat:Provides RFC7627: © 2021-2025 Cisco Systems, Inc.

Page 12

Name Type Description Properties Algorithms between 112 (A4446) and 152 bits of KAS-FFC-SSC encryption Sp800-56Ar3: strength (A4446) Domain Parameter Generation Methods: ffdhe2048, ffdhe3072, ffdhe4096 KAS-ECC KAS-Full KAS-ECC for Bit-strength KAS-ECC-SSC (IKEv2) IKEv2 Service Caveat:Provides Sp800-56Ar3: between 128 (A4446) and 256 bits of KDF IKEv2: encryption (A4446) strength KAS-FFC KAS-Full KAS-FFC for Bit-strength KAS-FFC-SSC (IKEv2) IKEv2 service Caveat:Provides Sp800-56Ar3: between 112 (A4446) and 152 bits of Domain encryption Parameter strength Generation Methods: MODP-2048, MODP-3072, MODP-4096 KDF IKEv2: (A4446) KTS (TLSv1.2 KTS-Wrap KTS via TLSv1.2 Bit-strength AES-CBC: with AES and service by using Caveat:Provides (A4446) HMAC) AES and HMAC between 128 HMAC-SHA-1: and 256 bits of (A4446) encryption HMAC-SHA2strength 256: (A4446) HMAC-SHA2384: (A4446) SHA-1: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) KTS (TLSv1.2 KTS-Wrap KTS via TLSv1.2 Bit-strength AES-GCM: with AES-GCM) service by using Caveat:Provides (A4446) AES-GCM between 128 and 256 bits of encryption strength © 2021-2025 Cisco Systems, Inc.

Page 13

Name Type Description Properties Algorithms KTS (SSHv2 KTS-Wrap KTS via SSHv2 Bit-strength AES-CBC: with AES and service by using Caveat:Provides (A4446) HMAC) AES and HMAC between 128 HMAC-SHA-1: and 256 bits of (A4446) encryption HMAC-SHA2strength 256: (A4446) SHA-1: (A4446) SHA2-256: (A4446) KTS (SSHv2 KTS-Wrap KTS via SSHv2 Bit-strength AES-GCM: with AES-GCM) service by using Caveat:Provides (A4446) AES-GCM between 128 and 256 bits of encryption strength RSA KeyGen AsymKeyPair- RSA KeyGen for RSA KeyGen (SSHv2, KeyGen SSHv2, (FIPS186-4): TLSv1.2, IKEv2) CKG TLSv1.2, and (A4446) IKEv2 services Counter DRBG: (A4446) Hash DRBG: (C1026) CKG: () ECDSA KeyGen AsymKeyPair- ECDSA KeyGen ECDSA KeyGen (SSHv2, KeyGen for TLSv1.2 and (FIPS186-4): TLSv1.2 and CKG IKEv2 services (A4446) IKEv2) Counter DRBG: (A4446) Hash DRBG: (C1026) CKG: () RSA SigGen DigSig-SigGen RSA SigGen for RSA SigGen (SSHv2, SSHv2, (FIPS186-4): TLSv1.2, IKEv2) TLSv1.2, and (A4446) IKEv2 services ECDSA SigGen DigSig-SigGen ECDSA SigGen ECDSA SigGen (SSHv2, for TLSv1.2, and (FIPS186-4): TLSv1.2 and IKEv2 services (A4446) IKEv2) RSA SigVer DigSig-SigVer RSA SigVer for RSA SigVer (SSHv2, SSHv2, (FIPS186-4): TLSv1.2, and TLSv1.2, and (A4446) IKEv2) IKEv2 services ECDSA SigVer DigSig-SigVer ECDSA SigVer ECDSA SigVer (SSHv2, for TLSv1.2 and (FIPS186-4): TLSv1.2, and IKEv2 services (A4446) IKEv2) Block Cipher BC-Auth Block Cipher for AES-CBC: (SSHv2) BC-UnAuth SSHv2 service (A4446) © 2021-2025 Cisco Systems, Inc.

Page 14

Name Type Description Properties Algorithms AES-GCM: (A4446) Block Cipher BC-Auth Block Cipher for AES-GCM: (TLSv1.2) BC-UnAuth TLSv1.2 service (A4446) AES-CBC: (A4446) Block Cipher BC-Auth Block Cipher for AES-CBC: (IPSec/IKE) BC-UnAuth IPSec/IKEv2 (A4446, C1026) service AES-GCM: (A4446, C1026) Block Cipher BC-UnAuth Block Cipher for AES-CBC: (SNMPv3) SNMPv3 service (A4446) KDF SNMP: (A4446) MAC (SSHv2) MAC MAC for SSHv2 HMAC-SHA-1: service (A4446) HMAC-SHA2256: (A4446) SHA-1: (A4446) SHA2-256: (A4446) MAC (TLSv1.2) MAC Message HMAC-SHA-1: Authentication (A4446) for TLSv1.2 HMAC-SHA2services 256: (A4446) HMAC-SHA2384: (A4446) SHA-1: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) MAC MAC Message HMAC-SHA2(IPSec/IKEv2) Authentication 256: (A4446, for IPSec/IKEv2 C1026) services HMAC-SHA2384: (A4446, C1026) HMAC-SHA2512: (A4446, C1026) SHA2-256: (A4446, C1026) SHA2-384: (A4446, C1026) SHA2-512: (A4446, C1026) HMAC-SHA-1: © 2021-2025 Cisco Systems, Inc.

Page 15

Name Type Description Properties Algorithms (C1026) SHA-1: (C1026) MAC (SNMPv3) MAC Message HMAC-SHA-1: Authentication (A4446) for SNMPv3 SHA-1: (A4446) service KDF SNMP: (A4446) HMAC-SHA2256: (A4446) HMAC-SHA2384: (A4446) SHA2-256: (A4446) SHA2-384: (A4446) HMAC-SHA2224: (A4446) SHA2-224: (A4446) Firmware Load MAC MAC for HMAC-SHA2Test firmware load 512: (A4446) test Table 7: Security Function Implementations

2.7 Algorithm Specific Information
Page 16

In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

2.8 RBG and Entropy

Cert Vendor Name Number E3 Cisco Systems, Inc. Table 8: Entropy Certificates Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample Cisco Jitter Non- AMD EPYC 7543 (Zen 256 bits Full A2810 (SHA3Entropy Physical 3), AMD EPYC 7763 Entropy 256) Source (Zen 3) Table 9: Entropy Sources The module implements two approved DRBGs based on SP800-90Arev1, including CRT_DRBG with Algo Cert. #A4446, and HASH_DRBG with Algo Cert. #C1026. Those two DRBGs are used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). Each DRBG is seeded by the entropy source described in the table above. The CTR_DRBG (AES-128/192/256) enables Derivation Function capability, and the HASH_DRBG (SHA2-512) doesn’t support Prediction Resistance. Each DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy) and provides at least 256 bits security strength for the cryptographic keys generation while in the approved mode. The Cisco JENT entropy source implementation generates an output that is considered to have full entropy. More information can be found in the public use document for ESV cert #E3.

2.9 Key Generation

The module generates RSA, ECDSA, ECDH, and DH asymmetric key pairs compliant with FIPS 186-4, using a NIST SP 800-90Arev1 CTR DRBG or NIST SP 800-90Arev1 Hash DRBG for random number generation. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs CKG for asymmetric keys as per section 5.1 of NIST SP 800-133rev2 (vendor affirmed) by obtaining a random bit string directly from an approved DRBG. The random bit string supports the required security strength requested by the calling application (without any V, as described in Additional Comments 2 of IG D.H.). © 2021-2025 Cisco Systems, Inc.

Page 17
2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation:

7919 (TLS) and RFC 3526 (IKE).

SSH (RFC 4419): MODP-2048 (ID =

  1. MODP-3072 (ID =
  2. MODP-4096 (ID =
  3. TLS (RFC 7919): ffdhe2048 (ID = 256) ffdhe3072 (ID = 257) ffdhe4096 (ID = 258) IKE (RFC 3526): MODP-2048 (ID =
  4. MODP-3072 (ID =
  5. MODP-4096 (ID = 16) • KAS-ECC Shared Secret Computation: - The module provides SP800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation. The shared secret computation provides between 128 and 256 bits of encryption strength.
2.11 Industry Protocols

The module supports SSHv2, TLS v1.2, SNMPv3 and IPsec/IKEv2 industrial protocols. Please refer to the Security Function Implementations Table for more information. No parts of IPSec/IKEv2, SNMPv3, SSH and TLS protocols, other than the KDFs, have been tested by the CAVP and CMVP.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces
Page 18

Physical Port Logical Data That Passes Interface(s) Ethernet Port, SFP28 Data Input Data input into the module for all the services (1/10/25G) port, and defined in Approved Services Table, including Console Port TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP28 Data Output Data output from the module for all the services (1/10/25G) port, and defined in Approved Services Table, including Console Port TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP28 Control Control Data input into the module for all the (1/10/25G) port, Console Input services defined in Approved Services Table, Port and RESET including TLSv1.2, SSHv2, SNMPv3 and IPsec/IKEv2 service data. Ethernet Port, SFP28 Status Status Information output from the module. (1/10/25G) port, Console Output Port and LEDs N/A Control N/A Output Power Power Provide the Power Supply to the module. Table 10: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides physical ports which are mapped to logical interfaces provided by the module (data input, data output, control input, control output and status output) as above. The module’s data output interface will be disabled when performing pre-operational self-tests, loading new firmware, zeroizing keys, or when in an error state.

4 Roles, Services, and Authentication
4.1 Authentication Methods

Method Description Security Strength Strength per Minute Name Mechanism Each Attempt Password The minimum length is Password The probability The probability of eight (8) characters (94 Based that a random successfully possible characters). attempt will authenticating to the The configuration succeed or a module within one supports at most ten false minute is 10/(94^8), failed attempts to acceptance which is less than authenticate in a one- will occur is 1/100,000. minute period. 1/(94^8) which is less than 1/1,000,000. RSA- The modules support RSA SigVer The probability the probability of Based RSA public-key based (FIPS186-4) that a random successfully Certificate authentication (A4446) attempt will authenticating to the © 2021-2025 Cisco Systems, Inc.

Page 19

Method Description Security Strength Strength per Minute Name Mechanism Each Attempt mechanism using a succeed is module within a one minimum of RSA 2048 1/(2^112). minute period is bits, which provides 112 Please refer to 17,000 * 60 = bits of security strength. Description 1,020,000/(2^112). The probability that a section in this Please refer to random attempt will table for more Description section in succeed is 1/(2^112) details this table for more which is less than details 1/1,000,000. For multiple attacks during a one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a oneminute period, the probability of successfully authenticating to the module within a one minute period is 17,000 * 60 = 1,020,000/(2^112), which is less than 1/100,000. ECDSA- The modules support ECDSA The probability the probability of Based ECDSA public-key SigVer that a random successfully Certificate based authentication (FIPS186-4) attempt will authenticating to the mechanism using a (A4446) succeed is module within a one minimum of curve P- 1/(2^128) minute period is 256, which provides 128 which is less 17,000 * 60 = bits of security strength. than 1,020,000/(2^128). The probability that a 1/1,000,000. Please refer to random attempt will Please refer to Description section in succeed is 1/(2^128) Description this table for more which is less than section in this details 1/1,000,000. For table for more multiple attacks during a details one-minute period, as the module at its highest can support at most 17,000 new sessions per second to authenticate in a oneminute period, the probability of successfully authenticating to the © 2021-2025 Cisco Systems, Inc.

Page 20

Method Description Security Strength Strength per Minute Name Mechanism Each Attempt module within a one minute period is 17,000 * 60 = 1,020,000/(2^128), which is less than 1/100,000. Table 11: Authentication Methods The module implements identity-based authentication. The module supports Crypto Officer role and the User role. The module also allows the concurrent operators.

4.2 Roles

Name Type Operator Type Authentication Methods Crypto Officer Identity CO Password RSA-Based Certificate ECDSA-Based Certificate User Identity User Password RSA-Based Certificate ECDSA-Based Certificate Table 12: Roles

4.3 Approved Services

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Show Provide Global Command Module's None Crypto Status Module's Indicator used to Operationa Officer current or syslog show l Status User status message Module's (return Status codes and/or syslog messages) Show Provide Console Command Module's None Crypto Version Module's message to show ID and Officer name and version versioning User version information information Perform Perform Global Command Status of None Crypto Self-Tests Self-Tests Indicator to trigger the self- Officer (Pre- or syslog Self-Test tests User operational message results Unauthentic self-test ated © 2021-2025 Cisco Systems, Inc.

Page 21

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions and Conditional Self-Tests) Perform Perform Syslog Command Status of None Crypto Zeroization Zeroization message to zeroize the SSPs Officer the module zeroization - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State (V, Key): Z - DRBG Internal State (V, C): Z - User Password: Z - Crypto Officer Password: Z - RADIUS Secret: Z - Firmware Load Test Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: © 2021-2025 Cisco Systems, Inc.

Page 22

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Z - SSH ECDH Shared Secret: Z - SSH RSA Private Key: Z - SSH RSA Public Key: Z - SSH ECDSA Private Key: Z - SSH ECDSA Public Key: Z - SSH Session Encryption Key: Z - SSH Session Authenticatio n Key: Z - TLS DH Private Key: Z - TLS DH Public Key: Z - TLS Peer DH Public Key: Z - TLS DH Shared Secret: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH © 2021-2025 Cisco Systems, Inc.

Page 23

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Shared Secret: Z - TLS ECDSA Private Key: Z - TLS ECDSA Public Key: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - TLS Session Authenticatio n Key: Z - IPSec/IKE DH Private Key: Z - IPSec/IKE DH Public Key: Z - IPSec/IKE Peer DH Public Key: Z - IPSec/IKE DH Shared Secret: Z - IPSec/IKE ECDH Private Key: Z - IPSec/IKE ECDH Public Key: Z - IPSec/IKE Peer ECDH © 2021-2025 Cisco Systems, Inc.

Page 24

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Public Key: Z - IPSec/IKE ECDH Shared Secret: Z - IPSec/IKE ECDSA Private Key: Z - IPSec/IKE ECDSA Public Key: Z - IPSec/IKE RSA Private Key: Z - IPSec/IKE RSA Public Key: Z - IPSec/IKE Pre-shared Secret: Z SKEYSEED: Z - IPSec/IKE Session Encryption Key: Z - IPSec/IKE Authenticatio n Key: Z - SNMPv3 Shared Secret: Z - SNMPv3 Encryption Key: Z - SNMPv3 Authenticatio n Key: Z Configure Sets None Command Status of None Crypto Network configurati s to the Officer on of the configure completion systems the of network network configurati on status © 2021-2025 Cisco Systems, Inc.

Page 25

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Crypto CO Role N/A CO Status of None Crypto Officer Authenticat Authenticat the CO Officer Authenticat ion ion authenticat - Crypto ion Request ion Officer Password: W,Z User User Role N/A User role Status of None User Authenticat Authenticat authenticat the User - User ion ion ion request role Password: authenticat W,Z ion Configure Configure Global Command Status of KAS-ECC- Crypto SSHv2 SSHv2 Indicator s to the KeyGen Officer Function Function and configure completion (SSHv2) - SSH DH SSHv2 SSHv2 of the KAS-FFC- Private Key: configurat SSHv2 KeyGen G,W,E ion configurati (SSHv2) - SSH DH success on KAS-ECC Public Key: status (SSHv2) G,R,W message KAS-FFC - SSH Peer (SSHv2) DH Public KTS Key: W,E (SSHv2 - SSH DH with AES Shared and Secret: HMAC) G,W,E KTS - SSH ECDH (SSHv2 Private Key: with AES- G,W,E GCM) - SSH ECDH RSA Public Key: KeyGen G,R,W (SSHv2, - SSH Peer TLSv1.2, ECDH IKEv2) Public Key: ECDSA W,E KeyGen - SSH ECDH (SSHv2, Shared TLSv1.2 Secret: and IKEv2) G,W,E RSA - SSH RSA SigGen Private Key: (SSHv2, G,W,E TLSv1.2, - SSH RSA IKEv2) Public Key: ECDSA G,R,W SigGen - SSH (SSHv2, ECDSA TLSv1.2 Private Key: © 2021-2025 Cisco Systems, Inc.

Page 26

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions and IKEv2) G,W,E RSA - SSH SigVer ECDSA (SSHv2, Public Key: TLSv1.2, G,R,W and IKEv2) - SSH ECDSA Session SigVer Encryption (SSHv2, Key: G,W,E TLSv1.2, - SSH and IKEv2) Session Block Authenticatio Cipher n Key: (SSHv2) G,W,E MAC - DRBG (SSHv2) Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E Configure Configure Global Command Status of KAS-ECC- Crypto HTTPS HTTPS Indicator s to the KeyGen Officer over over and configure completion (TLSv1.2) - TLS DH TLSv1.2 TLSv1.2 HTTPS TLSv1.2 of TLSv1.2 KAS-FFC- Private Key: Function Function over configurati KeyGen G,W,E TLSv1.2 on (TLSv1.2) - TLS DH configurat KAS-ECC Public Key: ion (TLSv1.2) G,R,W success KAS-FFC - TLS Peer status (TLSv1.2) DH Public message KTS Key: W,E (TLSv1.2 - TLS DH with AES Shared and Secret: HMAC) G,W,E KTS - TLS ECDH (TLSv1.2 Private Key: with AES- G,W,E GCM) - TLS ECDH RSA Public Key: KeyGen G,R,W © 2021-2025 Cisco Systems, Inc.

Page 27

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions (SSHv2, - TLS Peer TLSv1.2, ECDH IKEv2) Public Key: ECDSA W,E KeyGen - TLS ECDH (SSHv2, Shared TLSv1.2 Secret: and IKEv2) G,W,E RSA - TLS SigGen ECDSA (SSHv2, Private Key: TLSv1.2, G,W,E IKEv2) - TLS ECDSA ECDSA SigGen Public Key: (SSHv2, G,R,W TLSv1.2 - TLS RSA and IKEv2) Private Key: RSA G,W,E SigVer - TLS RSA (SSHv2, Public Key: TLSv1.2, G,R,W and IKEv2) - TLS Master ECDSA Secret: SigVer G,W,E (SSHv2, - TLS TLSv1.2, Session and IKEv2) Encryption Block Key: G,W,E Cipher - TLS (TLSv1.2) Session MAC Authenticatio (TLSv1.2) n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E © 2021-2025 Cisco Systems, Inc.

Page 28

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Configure Configure Global Command Status of KAS-ECC- Crypto IPsec/IKEv IPSec/IKEv Indicator s to the KeyGen Officer

2 Function 2 Function with configure completion (IKEv2) - IPSec/IKE

IPsec/IKE IPsec/IKEv of KAS-FFC- DH Private v2 2 IPsec/IKEv KeyGen Key: G,W,E configurat 2 (IKEv2) - IPSec/IKE ion configurati KAS-ECC DH Public success on (IKEv2) Key: G,R,W status KAS-FFC - IPSec/IKE message (IKEv2) Peer DH RSA Public Key: KeyGen W,E (SSHv2, - IPSec/IKE TLSv1.2, DH Shared IKEv2) Secret: ECDSA G,W,E KeyGen - IPSec/IKE (SSHv2, ECDH TLSv1.2 Private Key: and IKEv2) G,W,E RSA - IPSec/IKE SigGen ECDH (SSHv2, Public Key: TLSv1.2, G,R,W IKEv2) - IPSec/IKE ECDSA Peer ECDH SigGen Public Key: (SSHv2, W,E TLSv1.2 - IPSec/IKE and IKEv2) ECDH RSA Shared SigVer Secret: (SSHv2, G,W,E TLSv1.2, - IPSec/IKE and IKEv2) ECDSA ECDSA Private Key: SigVer G,W,E (SSHv2, - IPSec/IKE TLSv1.2, ECDSA and IKEv2) Public Key: Block G,R,W Cipher - IPSec/IKE (IPSec/IKE RSA Private ) Key: G,W,E MAC - IPSec/IKE (IPSec/IKE RSA Public v2) Key: G,R,W - IPSec/IKE Pre-shared © 2021-2025 Cisco Systems, Inc.

Page 29

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Secret: G,W,E SKEYSEED: G,W,E - IPSec/IKE Session Encryption Key: G,W,E - IPSec/IKE Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E Configure Configure Global Command Status of Block Crypto SNMPv3 SNMPv3 Indicator s to the Cipher Officer Function Function and configure completion (SNMPv3) - SNMPv3 SNMPv3 SNMPv3 of MAC Shared configurat SNMPv3 (SNMPv3) Secret: W,E ion configurati - SNMPv3 success on Encryption status Key: G,W,E message - SNMPv3 Authenticatio n Key: G,W,E Run Execute Global Initiate Status of KAS-ECC- Crypto SSHv2 SSHv2 Indicator SSHv2 SSHv2 KeyGen Officer Function Function and tunnel tunnel (SSHv2) - SSH DH successfu establishm establishm KAS-FFC- Private Key: l SSHv2 ent ent KeyGen G,W,E log (SSHv2) - SSH DH message KAS-ECC Public Key: (SSHv2) G,R,W KAS-FFC - SSH Peer (SSHv2) DH Public © 2021-2025 Cisco Systems, Inc.

Page 30

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions KTS Key: W,E (SSHv2 - SSH DH with AES Shared and Secret: HMAC) G,W,E KTS - SSH ECDH (SSHv2 Private Key: with AES- G,W,E GCM) - SSH ECDH RSA Public Key: KeyGen G,R,W (SSHv2, - SSH Peer TLSv1.2, ECDH IKEv2) Public Key: ECDSA W,E KeyGen - SSH ECDH (SSHv2, Shared TLSv1.2 Secret: and IKEv2) G,W,E RSA - SSH RSA SigGen Private Key: (SSHv2, G,W,E TLSv1.2, - SSH RSA IKEv2) Public Key: ECDSA G,R,W SigGen - SSH (SSHv2, ECDSA TLSv1.2 Private Key: and IKEv2) G,W,E RSA - SSH SigVer ECDSA (SSHv2, Public Key: TLSv1.2, G,R,W and IKEv2) - SSH ECDSA Session SigVer Encryption (SSHv2, Key: G,W,E TLSv1.2, - SSH and IKEv2) Session Block Authenticatio Cipher n Key: (SSHv2) G,W,E MAC - DRBG (SSHv2) Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG © 2021-2025 Cisco Systems, Inc.

Page 31

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E User - SSH DH Private Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: E - SSH RSA Public Key: R - SSH ECDSA Private Key: E - SSH ECDSA Public Key: R © 2021-2025 Cisco Systems, Inc.

Page 32

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions - SSH Session Encryption Key: G,W,E - SSH Session Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E Run Execute Global Initiate Status of KAS-ECC- Crypto HTTPS HTTPS Indicator TLSv1.2 TLSv1.2 KeyGen Officer over over and tunnel tunnel (TLSv1.2) - TLS DH TLSv1.2 TLSv1.2 successfu establishm establishm KAS-FFC- Private Key: Function function l HTTPS ent request ent KeyGen G,W,E over (TLSv1.2) - TLS DH TLSv1.2 KAS-ECC Public Key: log (TLSv1.2) G,R,W message KAS-FFC - TLS Peer (TLSv1.2) DH Public KTS Key: W,E (TLSv1.2 - TLS DH with AES Shared and Secret: HMAC) G,W,E KTS - TLS ECDH (TLSv1.2 Private Key: with AES- G,W,E GCM) - TLS ECDH RSA Public Key: KeyGen G,R,W (SSHv2, - TLS Peer TLSv1.2, ECDH IKEv2) Public Key: ECDSA W,E KeyGen - TLS ECDH © 2021-2025 Cisco Systems, Inc.

Page 33

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions (SSHv2, Shared TLSv1.2 Secret: and IKEv2) G,W,E RSA - TLS SigGen ECDSA (SSHv2, Private Key: TLSv1.2, G,W,E IKEv2) - TLS ECDSA ECDSA SigGen Public Key: (SSHv2, G,R,W TLSv1.2 - TLS RSA and IKEv2) Private Key: RSA G,W,E SigVer - TLS RSA (SSHv2, Public Key: TLSv1.2, G,R,W and IKEv2) - TLS Master ECDSA Secret: SigVer G,W,E (SSHv2, - TLS TLSv1.2, Session and IKEv2) Encryption Block Key: G,W,E Cipher - TLS (TLSv1.2) Session MAC Authenticatio (TLSv1.2) n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E User - TLS DH Private Key: G,W,E - TLS DH Public Key: © 2021-2025 Cisco Systems, Inc.

Page 34

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: G,W,E - TLS ECDSA Private Key: E - TLS ECDSA Public Key: R - TLS RSA Private Key: E - TLS RSA Public Key: R - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticatio n Key: G,W,E - DRBG © 2021-2025 Cisco Systems, Inc.

Page 35

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E Run Execute Global Initiate Status of KAS-ECC- Crypto IPSec/IKEv IPsec/IKEv Indicator IPsec/IKEv IPSec/IKE KeyGen Officer

2 Function 2 Function and 2 tunnel v2 tunnel (IKEv2) - IPSec/IKE

succesful establishm establishm KAS-FFC- DH Private IPsec/IKE ent request ent KeyGen Key: G,W,E v2 log (IKEv2) - IPSec/IKE message KAS-ECC DH Public (IKEv2) Key: G,R,W KAS-FFC - IPSec/IKE (IKEv2) Peer DH RSA Public Key: KeyGen W,E (SSHv2, - IPSec/IKE TLSv1.2, DH Shared IKEv2) Secret: ECDSA G,W,E KeyGen - IPSec/IKE (SSHv2, ECDH TLSv1.2 Private Key: and IKEv2) G,W,E RSA - IPSec/IKE SigGen ECDH (SSHv2, Public Key: TLSv1.2, G,R,W IKEv2) - IPSec/IKE ECDSA Peer ECDH SigGen Public Key: (SSHv2, W,E TLSv1.2 - IPSec/IKE and IKEv2) ECDH RSA Shared SigVer Secret: (SSHv2, G,W,E TLSv1.2, - IPSec/IKE and IKEv2) ECDSA ECDSA Private Key: © 2021-2025 Cisco Systems, Inc.

Page 36

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions SigVer G,W,E (SSHv2, - IPSec/IKE TLSv1.2, ECDSA and IKEv2) Public Key: Block G,R,W Cipher - IPSec/IKE (IPSec/IKE RSA Private ) Key: G,W,E MAC - IPSec/IKE (IPSec/IKE RSA Public v2) Key: G,R,W - IPSec/IKE Pre-shared Secret: G,W,E SKEYSEED: G,W,E - IPSec/IKE Session Encryption Key: G,W,E - IPSec/IKE Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E User - IPSec/IKE DH Private Key: G,W,E - IPSec/IKE DH Public Key: G,R,W - IPSec/IKE Peer DH © 2021-2025 Cisco Systems, Inc.

Page 37

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Public Key: W,E - IPSec/IKE DH Shared Secret: G,W,E - IPSec/IKE ECDH Private Key: G,W,E - IPSec/IKE ECDH Public Key: G,R,W - IPSec/IKE Peer ECDH Public Key: W,E - IPSec/IKE ECDH Shared Secret: G,W,E - IPSec/IKE ECDSA Private Key: E - IPSec/IKE ECDSA Public Key: R - IPSec/IKE RSA Private Key: E - IPSec/IKE RSA Public Key: R - IPSec/IKE Pre-shared Secret: G,W,E SKEYSEED: G,W,E - IPSec/IKE Session Encryption Key: G,W,E - IPSec/IKE © 2021-2025 Cisco Systems, Inc.

Page 38

Name Descriptio Indicator Inputs Outputs Security SSP Access n Functions Authenticatio n Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State (V, Key): G,W,E - DRBG Internal State (V, C): G,W,E Run Execute Global Initiate Status of Block Crypto SNMPv3 SNMPv3 Indicator SNMPv3 SNMPv3 Cipher Officer Function Function and tunnel tunnel (SNMPv3) - SNMPv3 successfu establishm establishm MAC Shared l SNMPv3 ent request ent (SNMPv3) Secret: W,E log - SNMPv3 message Encryption Key: G,W,E - SNMPv3 Authenticatio n Key: G,W,E User - SNMPv3 Shared Secret: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticatio n Key: G,W,E Firmware Execute Global Command Outcome Firmware Crypto Load Test the indicator s to load of the Load Test Officer Firmware and new Firmware - Firmware Load Test successfu firmware Load Test Load Test l image Key: R Firmware Loading status message © 2021-2025 Cisco Systems, Inc.

Page 39
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded

The module supports the firmware load test by using HMAC-SHA2-512 (HMAC Cert. #A4446) for the new validated firmware to be uploaded into the module. A Firmware Load Test Key was preloaded to the module’s binary at the factory and used for firmware load test. In order to load new firmware, the Crypto Officer must authenticate to the module before loading the firmware. This ensures that unauthorized access and use of the module is not performed. The module will load the new update upon reboot. The update attempt will be rejected if the verification fails. Any firmware loaded into the module that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation.

4.6 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.7 Additional Information

The module supports unauthenticated service. The unauthenticated User/Operators can trigger the self-test service by power-cycling the module, and is able to observe the module’s LEDs status.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the module is protected by RSA 2048 bits with SHA2-512 (RSA Cert. #A4446) algorithm. A Firmware Integrity Test Key (non-SSP) was preloaded to the module’s binary at the factory and used for firmware integrity test only at the pre-operational self-test. The module uses the RSA

2048 bits modulus public key to verify the digital signature. If the firmware integrity test fails, the

module would enter to an Error state with all crypto functionality inhibited.

5.2 Initiate on Demand
Page 40

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited

7 Physical Security
7.1 Mechanisms and Actions Required

Mechanism Inspection Inspection Guidance Frequency Tamper labels (10) with Part Recommend 30 Visible inspection of platform for number: AIR-AP-FIPSKIT= Days residual evidence of tampering Opacity shield (1) with Part Recommend 30 Visible inspection of platform for number: FPR4200-FIPS-KIT Days evidence of tampering, removal or access Production grade components N/A N/A Table 14: Mechanisms and Actions Required The module utilizes a production-grade enclosure and removable cover along with tamper evidence labels as the physical security mechanisms. Appling Tamper Evidence Labels Step 1: Turn off and unplug the module. Step 2: Clean the chassis of any grease, dirt, oil or any other material other than the surface coating from manufacture before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Step 3: Apply a label to cover the module as shown in the figures below. The tamper evident labels are produced from a special thin gauge vinyl with self-adhesive backing. Any attempt to open the module will damage the tamper evident labels or the material of the security appliance cover. Because the tamper evident labels have non-repeated serial numbers, they may be inspected for damage and compared against the applied serial numbers to verify that the security appliance has not been tampered with. Tamper evident labels can also be inspected for signs of tampering, which include the following: curled corners, rips, and slices. The word “FIPS” may appear if the label was peeled back.

7.2 User Placed Tamper Seals

Number: Ten (10) © 2021-2025 Cisco Systems, Inc.

Page 41

Placement: Figure

  1. FPR-4200 Front view TEL 1 TEL 2 TEL 3 TEL 4 Figure
  2. FPR-4200 Back view TEL 5 Figure
  3. FPR-4200 Left view TEL 6 Figure
  4. FPR-4200 Right view © 2021-2025 Cisco Systems, Inc.
Page 42

TEL 4 TEL 3 TEL 7 TEL 2 TEL 8 Figure

  1. FPR-4200 Bottom view TEL 1 TEL 6 TEL 9 TEL 10 TEL 5 Figure
  2. FPR-4200 Top view Surface Preparation: Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose. Operator Responsible for Securing Unused Seals: Any unused TELs must be securely stored, accounted for, and maintained by the CO in a protected location. © 2021-2025 Cisco Systems, Inc.
Page 43

Part Numbers: AIR-AP-FIPSKIT=

7.3 Filler Panels

FPR 4215, FPR 4225 and FPR 4245 Opacity Shield FPR4200-FIPS-KIT= Step 1: Attach the Slide Rail Locking Bracket, #2 in diagram to the Side of the Chassis using the countersink screws #3 in diagram. Step 2: Attach the Cable Management Bracket (#1) to the Slide Rail Locking Bracket (#2) using the countersink screws (#3) Step 3: Route the Cables through the Cable Management Brackets © 2021-2025 Cisco Systems, Inc.

Page 44

Step 4: Attach the FIPS Opacity Shield (#1) to the Cable Management Brackets (#3) using the countersink screws (#2) Figure 8 Opacity Shield Brackets

8 Non-Invasive Security
9 Sensitive Security Parameters Management
9.1 Storage Areas
Page 45

Storage Description Persistence Area Type Name DRAM Volatile Memory Dynamic Flash Non-Volatile Memory Static Table 15: Storage Areas

9.2 SSP Input-Output Methods

Name From To Format Distributio Entry SFI or Type n Type Type Algorith m Peer Public Key External Module Plaintext Automated Electroni Input (Outside c of the Module's Boundary ) Module Public Module External Plaintext Automated Electroni Key Output (Outside c of the Module's Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via (Outside d c (SSHv2 SSHv2 of the with AESencrypted by Module's GCM) GCM Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via (Outside d c (SSHv2 SSHv2 of the with AES encrypted by Module's and AES and HMAC Boundary HMAC) ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via TLS (Outside d c (TLSv1.2 encrypted by of the with AESGCM Module's GCM) Boundary ) Password/Secre External Module Encrypte Automated Electroni KTS t Input via TLS (Outside d c (TLSv1.2 encrypted by of the with AES AES and HMAC Module's and Boundary HMAC) ) © 2021-2025 Cisco Systems, Inc.

Page 46

Table 16: SSP Input-Output Methods

9.3 SSP Zeroization Methods

Zeroization Description Rationale Operator Method Initiation Zeroization CO issues the zeroization command will CO issues Command zeroization service erase all SSPs stored in the command 'format DRAM or in the Flash of the everything' module. Session Zeroization upon Session termination will Terminate session termination session automatically zeroize all session termination based temporary SSPs Reboot Zeroization upon Reboot to zeroize all temporary Reboot rebooting the SSPs stored in Module's DRAM module Table 17: SSP Zeroization Methods Performing the zeroization command will explicitly zeroize the module returning the “System restarted due to disks being reformatted.” status message upon completion. Please note that the Firmware Load Test Key is only used for Firmware Load Test Authentication and not subject to the zeroization requirement.

9.4 SSPs

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By DRBG Used to 384 bits - Entropy Counter Entropy seed the at least Input - CSP DRBG Input DRBG 256 bits (A4446) Hash DRBG (C1026) DRBG Seed Used in 256 bits - DRBG Seed Counter DRBG 256 bits - CSP DRBG Generation (A4446) Hash DRBG (C1026) DRBG Used in 256 bits - DRBG Counter Internal DRBG 256 bits Internal DRBG State (V, Generation State - CSP (A4446) Key) DRBG Used in 256 bits - DRBG Hash Internal DRBG 256 bits Internal DRBG State (V, C) Generation State - CSP (C1026) © 2021-2025 Cisco Systems, Inc.

Page 47

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By User User 8-30 Authenticati Password authenticati Characte on Data on rs - 8-30 CSP Characte rs Crypto Crypto 8-30 Authenticati Officer Officer Characte on Data Password authenticati rs - 8-30 CSP on Characte rs RADIUS RADIUS 16 Authenticati Secret Server Characte on Data Authenticati rs - 16 CSP on Characte rs Firmware Used for 112 bits - Public Key - Firmware Load Test Firmware 112 bits CSP Load Test Key Load Test SSH DH Used to MODP- Private Key KAS- KAS-FFCPrivate Key derive the 2048, - CSP FFC- SSC SSH DH MODP- KeyGen Sp800Shared 3072, (SSHv2) 56Ar3 Secret MODP- (A4446)

4096 -

112-152 bits SSH DH Used to MODP- Public Key - KAS-FFCPublic Key derive SSH 2048, PSP KeyGen DH Shared MODP- (SSHv2) Secret 3072, MODP-

4096 -

112-152 bits SSH Peer Used to MODP- Public Key - KAS-FFCDH Public derive SSH 2048, PSP SSC Key DH Shared MODP- Sp800Secret 3072, 56Ar3 MODP- (A4446)

4096 -

112-152 bits SSH DH Used to MODP- Shared KAS-FFC- KDF SSH Shared derive SSH 2048, Secret - SSC (A4446) Secret Session MODP- CSP Sp800Encryption 3072, 56Ar3 Keys, SSH MODP- (A4446) Session 4096 © 2021-2025 Cisco Systems, Inc.

Page 48

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By Authenticati 112-152 on Keys bits SSH ECDH Used to Curves: Private Key KAS- KAS-ECCPrivate Key derive the 256, 384, - CSP ECC- SSC SSH ECDH 521 bits - KeyGen Sp800Shared 128 to (SSHv2) 56Ar3 Secret 256 bits (A4446) SSH ECDH Used to Curves: Public Key - KAS-ECCPublic Key derive SSH 256, 384, PSP KeyGen ECDHE 521 bits - (SSHv2) Shared 128-256 Secret bits SSH Peer Used to Curves: Public Key - KAS-ECCECDH derive SSH 256, 384, PSP SSC Public Key DH Shared 521 bits - Sp800Secret 128 to 56Ar3

256 bits (A4446)

SSH ECDH Used to Curves: Shared KAS-ECC- KDF SSH Shared derive SSH 256, 384, Secret - SSC (A4446) Secret Session 521 bits - CSP Sp800Encryption 128 to 56Ar3 Keys, SSH 256 bits (A4446) Session Authenticati on Keys SSH RSA Used for Modulus Private Key RSA RSA Private Key SSH 2048 and - CSP KeyGen SigGen session 3072 bits (SSHv2, (FIPS186-4) authenticati - 112- TLSv1.2, (A4446) on 128 bits IKEv2) SSH RSA Used for Modulus Public Key - RSA Public Key SSH 2048 and PSP KeyGen sessions 3072 bits (SSHv2, aiuthenticati - 112- TLSv1.2, on 128 bits IKEv2) SSH Used for Curves: Private Key ECDSA ECDSA ECDSA SSH 256, 384, - CSP KeyGen SigGen Private Key session 521 bits - (SSHv2, (FIPS186-4) authenticati 128 to TLSv1.2 (A4446) on 256 bits and IKEv2) SSH Used for Curves: Public Key - ECDSA ECDSA SSH 256, 384, PSP KeyGen Public Key sessions 521 bits - (FIPS186aiuthenticati 128 to 4) (A4446) on 256 bits © 2021-2025 Cisco Systems, Inc.

Page 49

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By SSH Used for 128-256 Session KAS-ECC Block Session SSH bits - Key - CSP (SSHv2) Cipher Encryption Session 128-256 KAS-FFC (SSHv2) Key confidentialit bits (SSHv2) y protection SSH Used for 160-256 Session KAS-ECC MAC Session SSH bits - Key - CSP (IKEv2) (SSHv2) Authenticati Session 160-256 KAS-FFC on Key integrity bits (IKEv2) protection TLS DH Used to ffdhe204 Private Key KAS- KAS-FFCPrivate Key Derive TLS 8, - CSP FFC- SSC DH Shared ffdhe307 KeyGen Sp800Secret 2, (TLSv1.2 56Ar3 ffdhe409 ) (A4446)

6 - 112-
152 bits

TLS DH Used to ffdhe204 Public Key - KAS-FFCPublic Key Derive TLS 8, PSP KeyGen DH Shared ffdhe307 (TLSv1.2) Secret 2, ffdhe409

6 - 112-
152 bits

TLS Peer Used to ffdhe204 Public Key - KAS-FFCDH Public derive TLS 8, PSP SSC Key DH Shared ffdhe307 Sp800Secret 2, 56Ar3 ffdhe409 (A4446)

6 - 112-
152 bits

TLS DH Used to ffdhe204 Shared KAS-FFC- TLS v1.2 Shared Derive TLS 8, Secret - SSC KDF Secret Session ffdhe307 CSP Sp800- RFC7627 Encryption 2, 56Ar3 (A4446) Key and ffdhe409 (A4446) TLS 6 - 112Session 152 bits Authenticati on Key TLS ECDH Used to Curves Private Key KAS- KAS-ECCPrivate Key Derive TLS P-256, P- - CSP ECC- SSC ECDH 384, and KeyGen Sp800Shared P-521 - (TLSv1.2 56Ar3 Secret 128-256 ) (A4446) bits © 2021-2025 Cisco Systems, Inc.

Page 50

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By TLS ECDH Used to Curves Public Key - KAS-ECCPublic Key Derive TS P-256, P- PSP KeyGen ECDH 384, and (TLSv1.2) Shared P-521 Secret 128-256 bits TLS Peer Used to Curves: Public Key - KAS-ECCECDH derive IKE P-256, P- PSP SSC Public Key ECDH 384, P- Sp800Shared 521 - 56Ar3 Secret 128-256 (A4446) bits TLS ECDH Used to Curves Shared KAS-ECC- TLS v1.2 Shared Derive TLS p-256, P- Secret - SSC KDF Secret Session 384, P- CSP Sp800- RFC7627 Encryption 521 - 56Ar3 (A4446) Key and 128-256 (A4446) TLS bits Session Authenticati on Key TLS Used to Curves Private Key ECDSA ECDSA ECDSA support CO P-256, P- - CSP KeyGen SigGen Private Key and Admin 384, P- (SSHv2, (FIPS186-4) HTTPS 521 - TLSv1.2 (A4446) interfaces 128-256 and bits IKEv2) TLS Used to Curves Public Key - ECDSA ECDSA support CO P-256, P- PSP KeyGen Public Key and User 384, P- (SSHv2, HTTPS 521 - TLSv1.2 Interfaces 128-256 and bits IKEv2) TLS RSA Used to Modulus Private Key RSA RSA Private Key support CO 2048 and - CSP KeyGen SigGen and Admin 3072 bits (SSHv2, (FIPS186-4) HTTPS - 112- TLSv1.2, (A4446) Interfaces 128 bits IKEv2) TLS RSA Used to Modulus Public Key - RSA Public Key support CO 2048 and PSP KeyGen and User 3072 bits (SSHv2, HTTPS - 112- TLSv1.2, interfaces 128 bits IKEv2) TLS Master Used to 384 bits - Master TLS v1.2 Secret protect 384 bits Secret - KDF HTTPS CSP RFC7627 Session. (A4446) © 2021-2025 Cisco Systems, Inc.

Page 51

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By Pre-master secret TLS Used to 128-256 Session KAS-ECC Block Session protect bits - Key - CSP (TLSv1.2) Cipher Encryption HTTPS 128-256 KAS-FFC (TLSv1.2) Key Session. bits (TLSv1.2) TLS Master secret TLS Used to 160-384 Session KAS-ECC MAC Session protect bits - Key - CSP (TLSv1.2) (TLSv1.2) Authenticati HTTPS 160-384 KAS-FFC on Key Session. bits (TLSv1.2) TLS master secret IPSec/IKE Used to MODP- Private Key KAS- KAS-FFCDH Private derive 2048, - CSP FFC- SSC Key IPSec/IKE MODP- KeyGen Sp800DH Shared 3072, (IKEv2) 56Ar3 Secret MODP- (A4446)

4096 -

112-152 bits IPSec/IKE Used to MODP- Public Key - KAS-FFCDH Public derive 2048, PSP KeyGen Key IPSec/IKE MODP- (IKEv2) DH Shared 3072, Secret MODP-

4096 -

112-152 bits IPSec/IKE Used to MODP- Public Key - KAS-FFCPeer DH derive 2048, PSP SSC Public Key IPSec/IKE MODP- Sp800DH Shared 3072, 56Ar3 Secret MODP- (A4446)

4096 -

112-152 bits IPSec/IKE Used to MODP- Shared KAS-FFC- KDF IKEv2 DH Shared derive 2048, Secret - SSC (A4446) Secret IPSec/IKE MODP- CSP Sp800Session 3072, 56Ar3 Encryption MODP- (A4446) Keys, 4096 IPSec/IKE 112-152 Authenticati bits on Keys © 2021-2025 Cisco Systems, Inc.

Page 52

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By IPSec/IKE Used to Curves Private Key KAS- KAS-ECCECDH derive P-256, P- - CSP ECC- SSC Private Key IPSec/IKE 384, P- KeyGen Sp800ECDH 521 - (IKEv2) 56Ar3 Shared 128-256 (A4446) Secrets bits IPSec/IKE Used to Curves Public Key - KAS-ECCECDH derive P-256, P- PSP KeyGen Public Key IPSec/IKE 384, P- (IKEv2) ECDH 521 Shared 128-256 Secrets bits IPSec/IKE Used to Curves Public Key - KAS-ECCPeer ECDH derive P-256, P- PSP SSC Public Key IPSec/IKE 384, P- Sp800ECDH 521 - 56Ar3 Shared 128-256 (A4446) Secrets bits IPSec/IKE Used to Curves Shared KAS-ECC- KDF IKEv2 ECDH derive P-256, P- Secret - SSC (A4446) Shared IPSec/IKE 384, P- CSP Sp800Secret ECDH 521 - 56Ar3 Shared 128-256 (A4446) Secrets bits IPSec/IKE Used for Curves Private Key ECDSA ECDSA ECDSA IPSec/IKE P-256, P- - CSP KeyGen SigGen Private Key peer 384, P- (SSHv2, (FIPS186-4) authenticati 521 - TLSv1.2 (A4446) on 128-256 and bits IKEv2) IPSec/IKE Used for Curves Public Key - ECDSA ECDSA IPSec/IKE P-256, P- PSP KeyGen Public Key peer 384, P- (SSHv2, authenticati 521 - TLSv1.2 on 128-256 and bits IKEv2) IPSec/IKE Used for Modulus Private Key RSA RSA RSA Private IPSec/IKE 2048 or - CSP KeyGen SigGen Key peer 3072 - (SSHv2, (FIPS186-4) authenticati 112 or TLSv1.2, (A4446) on 128 bits IKEv2) IPSec/IKE Used for Modulus Public Key - RSA RSA Public IPSec/IKE 2048 or PSP KeyGen Key peer 3072 - (SSHv2, authenticati 112 or TLSv1.2, on 128 bits IKEv2) © 2021-2025 Cisco Systems, Inc.

Page 53

Name Description Size - Type - Generat Establish Used By Strength Category ed By ed By IPSec/IKE Used for 16-32 shared Pre-shared IPSec/IKE bytes secret Secret peer character CSP authenticati s - 16-32 on bytes character s SKEYSEED Keying 160 bits - Keying KDF IKEv2 material 160 bits Material - (A4446) used to CSP derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key IPSec/IKE Used to 128-256 Session KAS-ECC Block Session secure bits - Key - CSP (IKEv2) Cipher Encryption IPSec/IKEv2 128-256 KAS-FFC (IPSec/IKE) Key session bits (IKEv2) confidentialit y IPSec/IKE Used to 160-512 Session KAS-ECC MAC Authenticati secure bits - Key - CSP (IKEv2) (IPSec/IKEv on Key IPSec/IKEv2 160-512 KAS-FFC 2) session bits (IKEv2) integrity SNMPv3 Used for 8-32 Authenticati Shared SNMPv3 character on Secret Secret user s - N/A CSP authenticati on SNMPv3 Used to 128 bits - Encryption KDF Block Encryption protect 128 bits Key - CSP SNMP Cipher Key SNMPv3 (A4446) (SNMPv3) traffic confidentialit y SNMPv3 Used to 160-384 Authenticati KDF MAC Authenticati secure bits - on Key - SNMP (SNMPv3) on Key SNMPv3 160-384 CSP (A4446) traffic bits integrity Table 18: SSP Table 1 © 2021-2025 Cisco Systems, Inc.

Page 54

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n DRBG DRAM:Plainte Until Zeroizatio DRBG Entropy xt Reboot n Seed:Used With Input Command DRBG Internal Session State (V, terminatio Key):Used With n DRBG Internal Reboot State (V, C):Used With DRBG Seed DRAM:Plainte Until Zeroizatio DRBG Entropy xt Reboot n Input:Used With Command DRBG Internal Session State (V, terminatio Key):Used With n DRBG Internal Reboot State (V, C):Used With DRBG DRAM:Plainte Until Zeroizatio DRBG Entropy Internal xt Reboot n Input:Used With State (V, Command DRBG Key) Session Seed:Used With terminatio n Reboot DRBG DRAM:Plainte Until Zeroizatio DRBG Entropy Internal xt Reboot n Input:Used With State (V, C) Command DRBG Session Seed:Used With terminatio n Reboot User Password/Sec Flash:Encrypt Zeroizatio Password ret Input via ed n TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 © 2021-2025 Cisco Systems, Inc.

Page 55

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n encrypted by AES and HMAC Crypto Password/Sec Flash:Encrypt Zeroizatio Officer ret Input via ed n Password TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC RADIUS Password/Sec Flash:Encrypt Zeroizatio Secret ret Input via ed n TLS encrypted Command by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Firmware Flash:Plaintex N/A Load Test t Key © 2021-2025 Cisco Systems, Inc.

Page 56

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n SSH DH DRAM:Plainte While SSH Zeroizatio SSH DH Public Private Key xt tunnel is n Key:Paired With on Command SSH Peer DH Session Public Key:Used terminatio With n Reboot SSH DH Module Public DRAM:Plainte While SSH Zeroizatio SSH DH Private Public Key Key Output xt tunnel is n Key:Paired With on Command Session terminatio n Reboot SSH Peer Peer Public DRAM:Plainte While SSH Zeroizatio SSH DH Private DH Public Key Input xt tunnel is n Key:Used With Key on Command Session terminatio n Reboot SSH DH DRAM:Plainte While SSH Zeroizatio SSH DH Private Shared xt tunnel is n Key:Derived From Secret on Command SSH DH Public Session Key:Derived From terminatio n Reboot SSH ECDH DRAM:Plainte While SSH Zeroizatio SSH ECDH Private Key xt tunnel is n Public Key:Paired on Command With Session SSH Peer ECDH terminatio Public Key:Used n With Reboot SSH ECDH Module Public DRAM:Plainte While SSH Zeroizatio SSH ECDH Public Key Key Output xt tunnel is n Private on Command Key:Paired With Session terminatio n Reboot SSH Peer Peer Public DRAM:Plainte While SSH Zeroizatio SSH ECDH ECDH Key Input xt tunnel is n Private Key:Used Public Key on Command With Session terminatio © 2021-2025 Cisco Systems, Inc.

Page 57

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n n Reboot SSH ECDH DRAM:Plainte While SSH Zeroizatio SSH ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From Session SSH ECDH terminatio Public n Key:Derived From Reboot SSH RSA Flash:Plaintex Zeroizatio SSH RSA Public Private Key t n Key:Paired With Command SSH RSA Module Public Flash:Plaintex Zeroizatio SSH RSA Private Public Key Key Output t n Key:Paired With Command SSH Flash:Plaintex Zeroizatio SSH ECDSA ECDSA t n Public Key:Paired Private Key Command With SSH Module Public Flash:Plaintex Zeroizatio SSH ECDSA ECDSA Key Output t n Private Public Key Command Key:Paired With SSH DRAM:Plainte While SSH Zeroizatio SSH Session Session xt tunnel is n Authentication Encryption on Command Key:Used With Key Session terminatio n Reboot SSH DRAM:Plainte While SSH Zeroizatio SSH Session Session xt tunnel is n Encryption Authenticati on Command Key:Used With on Key Session terminatio n Reboot TLS DH DRAM:Plainte While TLS Zeroizatio TLS DH Public Private Key xt tunnel is n Key:Paired With on Command TLS Peer DH Session Public Key:Used terminatio With n Reboot TLS DH Module Public DRAM:Plainte While TLS Zeroizatio TLS DH Private Public Key Key Output xt tunnel is n Key:Paired With on Command Session terminatio © 2021-2025 Cisco Systems, Inc.

Page 58

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n n Reboot TLS Peer Peer Public DRAM:Plainte while TLS Zeroizatio TLS DH Private DH Public Key Input xt tunnel is n Key:Used With Key on Command Session terminatio n Reboot TLS DH DRAM:Plainte While TLS Zeroizatio TLS ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From Session TLS Peer ECDH terminatio Public n Key:Derived From Reboot TLS ECDH DRAM:Plainte While TLS Zeroizatio TLS ECDH Public Private Key xt tunnel is n Key:Paired With on Command TLS Peer ECDH Session Public Key:Used terminatio With n Reboot TLS ECDH Module Public DRAM:Plainte While TLS Zeroizatio TLS ECDH Public Key Key Output xt tunnel is n Private on Command Key:Paired With Session terminatio n Reboot TLS Peer Peer Public DRAM:Plainte while TLS Zeroizatio TLS ECDH ECDH Key Input xt tunnel is n Private Key:Used Public Key on Command With Session terminatio n Reboot TLS ECDH DRAM:Plainte While TLS Zeroizatio TLS ECDH Shared xt tunnel is n Private Secret on Command Key:Derived From Session TLS Peer ECDH terminatio Public n Key:Derived From Reboot TLS ECDSA Flash:Plaintex Zeroizatio TLS ECDSA Private Key t n Public Key:Paired Command With © 2021-2025 Cisco Systems, Inc.

Page 59

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n TLS ECDSA Module Public Flash:Plaintex Zeroizatio TLS ECDSA Public Key Key Output t n Private Command Key:Paired With TLS RSA Flash:Plaintex Zeroizatio TLS RSA Public Private Key t n Key:Paired With Command TLS RSA Module Public Flash:Plaintex Zeroizatio TLS RSA Private Public Key Key Output t n Key:Paired With Command TLS Master DRAM:Plainte While TLS Zeroizatio TLS ECDH Secret xt tunnel is n Shared on Command Secret:Derived Session From terminatio n Reboot TLS DRAM:Plainte While TLS Zeroizatio TLS Session Session xt tunnel is n Authentication Encryption on Command Key:Used With Key Session terminatio n Reboot TLS DRAM:Plainte While TLS Zeroizatio TLS Session Session xt tunnel is n Encryption Authenticati on Command Key:Used With on Key Session terminatio n Reboot IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH DH Private xt IPSec/IKE n Public Key:Paired Key v2 tunnel Command With is on Session IPSec/IKE Peer terminatio DH Public n Key:Used With Reboot IPSec/IKE Module Public DRAM:Plainte While Zeroizatio IPSec/IKE DH DH Public Key Output xt IPSec/IKE n Private Key v2 tunnel Command Key:Paired With is on Session terminatio n Reboot IPSec/IKE Peer Public DRAM:Plainte while Zeroizatio IPsec/IKE DH Peer DH Key Input xt IPSec/IKE n Private Key:Used Public Key tunnel is Command With on Session © 2021-2025 Cisco Systems, Inc.

Page 60

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n terminatio n Reboot IPSec/IKE DRAM:Plainte While Zeroizatio SKEYSEED:Used DH Shared xt IPSec/IKE n With Secret v2 tunnel Command is on Session terminatio n Reboot IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE ECDH ECDH xt IPSec/IKE n Public Key:Paired Private Key v2 tunnel Command With is on Session IPSec/IKE Peer terminatio ECDH Public n Key:Used With Reboot IPSec/IKE Module Public DRAM:Plainte While Zeroizatio IPSec/IKE ECDH ECDH Key Output xt IPSec/IKE n Private Public Key v2 tunnel Command Key:Paired With is on Session terminatio n Reboot IPSec/IKE Peer Public DRAM:Plainte While Zeroizatio IPSec/IKE ECDH Peer ECDH Key Input xt IPSec/IKE n Private Key:Used Public Key v2 tunnel Command With is on Session terminatio n Reboot IPSec/IKE DRAM:Plainte While Zeroizatio SKEYSEED:Used ECDH xt IPSec/IKE n With Shared v2 tunnel Command Secret is on Session terminatio n Reboot IPSec/IKE Flash:Plaintex Zeroizatio IPSec/IKE ECDSA t n ECDSA Public Private Key Command Key:Paired With IPSec/IKE Module Public Flash:Plaintex Zeroizatio IPSec/IKE ECDSA Key Output t n ECDSA Private Public Key Command Key:Paired With IPSec/IKE Flash:Plaintex Zeroizatio IPSec/IKE RSA RSA Private t n Public Key:Paired Key Command With © 2021-2025 Cisco Systems, Inc.

Page 61

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n IPSec/IKE Module Public Flash:Plaintex Zeroizatio IPSec/IKE RSA RSA Public Key Output t n Private Key Command Key:Paired With IPSec/IKE Password/Sec Flash:Encrypt While Zeroizatio SKEYSEED:Deriv Pre-shared ret Input via ed IPSec/IKE n ed to Secret SSHv2 v2 tunnel Command encrypted by is on GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC Password/Sec ret Input via TLS encrypted by GCM Password/Sec ret Input via TLS encrypted by AES and HMAC SKEYSEED DRAM:Plainte While Zeroizatio IPSec/IKE DH xt IPSec/IKE n Shared v2 tunnel Command Secret:Derived is on Session From terminatio IPSec/IKE ECDH n Shared Reboot Secret:Derived From IPSec/IKE Preshared Secret:Derived From IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH Session xt IPSec/IKE n Shared Encryption v2 tunnel Command Secret:Derived Key is on Session From terminatio IPSec/IKE ECDH n Shared Reboot Secret:Derived From IPSec/IKE DRAM:Plainte While Zeroizatio IPSec/IKE DH Authenticati xt IPSec/IKE n Shared on Key v2 tunnel Command Secret:Derived is on Session From terminatio IPSec/IKE ECDH © 2021-2025 Cisco Systems, Inc.

Page 62

Name Input - Output Storage Storage Zeroizatio Related SSPs Duration n n Shared Reboot Secret:Derived From SNMPv3 Password/Sec Flash:Encrypt While Zeroizatio SNMPv3 Shared ret Input via ed SNMPv3 n Encryption Secret TLS encrypted tunnel is Command Key:Derive To by GCM on SNMPv3 Password/Sec Authentication ret Input via Key:Derive To TLS encrypted by AES and HMAC Password/Sec ret Input via SSHv2 encrypted by GCM Password/Sec ret Input via SSHv2 encrypted by AES and HMAC SNMPv3 DRAM:Plainte While Zeroizatio SNMPv3 Shared Encryption xt SNMPv3 n Secret:Derived Key tunnel is Command From on Session terminatio n Reboot SNMPv3 DRAM:Plainte While Zeroizatio SNMPv3 Shared Authenticati xt SNMPv3 n Secret:Derived on Key tunnel is Command From on Session SNMPv3 terminatio Encryption n Key:Used With Reboot Table 19: SSP Table 2

9.5 Transitions
Page 63

As of February 5, 2024, the CMVP does not accept module submissions that implement DSA or RSA X9.31 in the approved mode, other than for signature verification which is approved for legacy use. This module does not implement DSA or RSA X9.31 for signature generation and therefore is unaffected by the current transition from 186-4 to 186-5. As detailed in section 2.7, the CAVP testing performed on the 186-4 algorithms is mathematically similar to the testing performed on the 186-5 algorithms and therefore this module claims compliance with 186-5. This means that no timeline exists in which any of the implemented algorithms will transition from approved to non-approved.”

10 Self-Tests
10.1 Pre-Operational Self-Tests

Algorithm or Test Test Properties Test Test Type Indicator Details Method RSA SigVer RSA SigVer 2048 KAT SW/FW Module is in RSA (FIPS186-4) bits with SHA2-512 Integrity normal state SigVer (A4446) Table 20: Pre-Operational Self-Tests The module performs the following self-tests, including the pre-operational self-tests and Conditional self-tests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type AES-CBC 256 bits KAT CAST Module is Encrypt Power Up Encrypt KAT in normal (A4446) state AES-CBC 256 bits KAT CAST Module is Decrypt Power Up Decrypt KAT in normal (A4446) state AES-GCM 256 bits KAT CAST Module is Authenticated Power Up Authenticated in normal Encrypt Encrypt KAT state (A4446) © 2021-2025 Cisco Systems, Inc.

Page 64

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type AES-GCM 256 bits KAT CAST Module is Authenticated Power Up Authenticated in normal Decrypt Decrypt KAT state (A4446) Counter AES-128 KAT CAST Module is Instantiate KAT Power Up DRBG in normal Instantiate state KAT (A4446) Counter AES-128 KAT CAST Module is Generate KAT Power Up DRBG in normal Generate state KAT (A4446) Counter AES-128 KAT CAST Module is Reseed KAT Power Up DRBG in normal Reseed KAT state (A4446) ECDSA P-256 KAT CAST Module is ECDSA Power Up SigGen curve with in normal SigGen KAT (FIPS186-4) SHA2-256 state KAT (A4446) ECDSA P-256 KAT CAST Module is ECDSA SigVer Power Up SigVer curve with in normal KAT (FIPS186-4) SHA2-256 state KAT (A4446) HMAC-SHA-1 SHA-1 KAT CAST Module is HMAC-SHA-1 Power Up KAT (A4446) in normal state HMAC-SHA2- SHA2-256 KAT CAST Module is HMAC-SHA2- Power Up

256 KAT in normal 256

(A4446) state HMAC-SHA2- SHA2-384 KAT CAST Module is HMAC-SHA2- Power Up

384 KAT in normal 384

(A4446) state HMAC-SHA2- SHA2-512 KAT CAST Module is HMAC-SHA2- Power Up

512 KAT in normal 512

(A4446) state KAS-ECC- P-256 KAT CAST Module is Primitive Z KAT Power Up SSC Sp800- Curve in normal 56Ar3 KAT state (A4446) KAS-FFC- MODP- KAT CAST Module is Primitive Z KAT Power Up SSC Sp800- 2048 in normal 56Ar3 KAT state (A4446) RSA SigGen 2048 bit KAT CAST Module is RSA SigGen Power Up (FIPS186-4) modulus in normal KAT KAT (A4446) with SHA2- state © 2021-2025 Cisco Systems, Inc.

Page 65

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type RSA SigVer 2048 bit KAT CAST Module is RSA SigVer Power Up (FIPS186-4) modulus in normal KAT KAT (A4446) with SHA2- state KDF IKEv2 N/A KAT CAST Module is N/A Power Up KAT (A4446) in normal state KDF SNMP N/A KAT CAST Module is N/A Power Up KAT (A4446) in normal state KDF SSH N/A KAT CAST Module is N/A Power Up KAT (A4446) in normal state TLS v1.2 KDF N/A KAT CAST Module is N/A Power Up RFC7627 in normal KAT (A4446) state SHA-1 KAT N/A KAT CAST Module is N/A Power Up (A4446) in normal state AES-CBC 128 bits KAT CAST Module is Encrypt KAT Power Up Encrypt KAT in normal (C1026) state AES-CBC 128 bits KAT CAST Module is Decrypt KAT Power Up Decrypt KAT in normal (C1026) state AES-GCM 128 bits KAT CAST Module is Encrypt KAT Power Up Authenticated in normal Encrypt KAT state (C1026) AES-GCM 128 bits KAT CAST Module is Decrypt KAT Power Up Authenticated in normal Decrypt KAT state (C1026) Hash DRBG SHA2-512 KAT CAST Module is Instantiate KAT Power Up Instantiate in normal KAT (C1026) state Hash DRBG SHA2-512 KAT CAST Module is Generate KAT Power Up Generate in normal KAT (C1026) state Hash DRBG SHA2-512 KAT CAST Module is Reseed KAT Power Up Reseed KAT in normal (C1026) state HMAC-SHA-1 SHA-1 KAT CAST Module is HMAC-SHA-1 Power Up KAT (C1026) in normal state HMAC-SHA2- SHA2-256 KAT CAST Module is HMAC-SHA2- Power Up

256 KAT in normal 256

(C1026) state © 2021-2025 Cisco Systems, Inc.

Page 66

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type HMAC-SHA2- SHA2-384 KAT CAST Module is HMAC-SHA2- Power Up

384 KAT in normal 384

(C1026) state HMAC-SHA2- SHA2-512 KAT CAST Module is HMAC-SHA2- Power Up

512 KAT in normal 512

(C1026) state SHA-1 KAT N/A KAT CAST Module is N/A Power Up (C1026) in normal state ECDSA Curve P- PCT PCT Module is ECDSA Performs all KeyGen 256 with in normal required (FIPS186-4) SHA2-256 state pair-wise PCT (A4446) consistency tests on the newly generated key pairs before the first operational use. RSA KeyGen 2048 bit PCT PCT Module is RSA Performs all (FIPS186-4) Modulus in normal required PCT (A4446) state pair-wise consistency tests on the newly generated key pairs before the first operational use. KAS-ECC- Curve P- PCT PCT Module is N/A Performs all SSC Sp800- 256 with in normal required 56Ar3 PCT SHA2-256 state pair-wise (A4446) consistency tests on the newly generated key pairs before the first operational use. KAS-FFC- MODP- PCT PCT Module is N/A Performs all SSC Sp800- 2048 in normal required state pair-wise © 2021-2025 Cisco Systems, Inc.

Page 67

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type 56Ar3 PCT consistency (A4446) tests on the newly generated key pairs before the first operational use. Firmware HMAC- KAT SW/FW Module is N/A When Load Test SHA2-512 Load in normal firmware has state been uploaded to the module Entropy 90B Repetition RCT CAST Module is Designed to Power Up Start-up Count Test in normal quickly detect Repetition state catastrophic Count Test failures that (RCT) cause the noise source to become "stuck" on a single output value for a long period of time Entropy 90B Adaptive APT CAST Module is Designed to Power Up Start-up Proportion in normal detect a large Adaptive Test state loss of entropy Proportion that might Test (APT) occur as a result of some physical failure or environmental change affecting the noise source Entropy 90B Repetition RCT CAST Module is Designed to Entropy data Continuous Count Test in normal quickly detect is generated Repetition state catastrophic from the Count Test failures that Entropy (RCT) cause the noise Source source to Continuous become "stuck" on a single output value for a long period of time © 2021-2025 Cisco Systems, Inc.

Page 68

Algorithm or Test Test Test Indicator Details Conditions Test Properties Method Type Entropy 90B Adaptive APT CAST Module is Designed to Entropy data Continuous Proportion in normal detect a large is generated Adaptive Test state loss of entropy from the Proportion that might Entropy Test (APT) occur as a Source result of some Continuous physical failure or environmental change affecting the noise source Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

Algorithm or Test Method Test Type Period Periodic Test Method RSA SigVer KAT SW/FW Integrity Recommend 60 Reboot (FIPS186-4) Days (A4446) Table 22: Pre-Operational Periodic Information Algorithm or Test Method Test Type Period Periodic Test Method AES-CBC KAT CAST Recommend 60 Reboot Encrypt KAT Days (A4446) AES-CBC KAT CAST Recommend 60 Reboot Decrypt KAT Days (A4446) AES-GCM KAT CAST Recommend 60 Reboot Authenticated Days Encrypt KAT (A4446) AES-GCM KAT CAST Recommend 60 Reboot Authenticated Days Decrypt KAT (A4446) Counter DRBG KAT CAST Recommend 60 Reboot Instantiate KAT Days (A4446) © 2021-2025 Cisco Systems, Inc.

Page 69

Algorithm or Test Method Test Type Period Periodic Test Method Counter DRBG KAT CAST Recommend 60 Reboot Generate KAT Days (A4446) Counter DRBG KAT CAST Recommend 60 Reboot Reseed KAT Days (A4446) ECDSA SigGen KAT CAST Recommend 60 Reboot (FIPS186-4) Days KAT (A4446) ECDSA SigVer KAT CAST Recommend 60 Reboot (FIPS186-4) Days KAT (A4446) HMAC-SHA-1 KAT CAST Recommend 60 Reboot KAT (A4446) Days HMAC-SHA2- KAT CAST Recommend 60 Reboot

256 KAT Days

(A4446) HMAC-SHA2- KAT CAST Recommend 60 Reboot

384 KAT Days

(A4446) HMAC-SHA2- KAT CAST Recommend 60 Reboot

512 KAT Days

(A4446) KAS-ECC-SSC KAT CAST Recommend 60 Reboot Sp800-56Ar3 Days KAT (A4446) KAS-FFC-SSC KAT CAST Recommend 60 Reboot Sp800-56Ar3 Days KAT (A4446) RSA SigGen KAT CAST Recommend 60 Reboot (FIPS186-4) Days KAT (A4446) RSA SigVer KAT CAST Recommend 60 Reboot (FIPS186-4) Days KAT (A4446) KDF IKEv2 KAT KAT CAST Recommend 60 Reboot (A4446) Days KDF SNMP KAT KAT CAST Recommend 60 Reboot (A4446) Days KDF SSH KAT KAT CAST Recommend 60 Reboot (A4446) Days TLS v1.2 KDF KAT CAST Recommend 60 Reboot RFC7627 KAT Days (A4446) SHA-1 KAT KAT CAST Recommend 60 Reboot (A4446) Days © 2021-2025 Cisco Systems, Inc.

Page 70

Algorithm or Test Method Test Type Period Periodic Test Method AES-CBC KAT CAST Recommend 60 Reboot Encrypt KAT Days (C1026) AES-CBC KAT CAST Recommend 60 Reboot Decrypt KAT Days (C1026) AES-GCM KAT CAST Recommend 60 Reboot Authenticated Days Encrypt KAT (C1026) AES-GCM KAT CAST Recommend 60 Reboot Authenticated Days Decrypt KAT (C1026) Hash DRBG KAT CAST Recommend 60 Reboot Instantiate KAT Days (C1026) Hash DRBG KAT CAST Recommend 60 Reboot Generate KAT Days (C1026) Hash DRBG KAT CAST Recommend 60 Reboot Reseed KAT Days (C1026) HMAC-SHA-1 KAT CAST Recommend 60 Reboot KAT (C1026) Days HMAC-SHA2- KAT CAST Recommend 60 Reboot

256 KAT Days

(C1026) HMAC-SHA2- KAT CAST Recommend 60 Reboot

384 KAT Days

(C1026) HMAC-SHA2- KAT CAST Recommend 60 Reboot

512 KAT Days

(C1026) SHA-1 KAT KAT CAST Recommend 60 Reboot (C1026) Days ECDSA KeyGen PCT PCT Recommend 60 Reboot (FIPS186-4) Days PCT (A4446) RSA KeyGen PCT PCT Recommend 60 Reboot (FIPS186-4) Days PCT (A4446) KAS-ECC-SSC PCT PCT Recommend 60 Reboot Sp800-56Ar3 Days PCT (A4446) KAS-FFC-SSC PCT PCT Recommend 60 Reboot Sp800-56Ar3 Days PCT (A4446) © 2021-2025 Cisco Systems, Inc.

Page 71

Algorithm or Test Method Test Type Period Periodic Test Method Firmware Load KAT SW/FW Load N/A N/A Test Entropy 90B RCT CAST N/A N/A Start-up Repetition Count Test (RCT) Entropy 90B APT CAST N/A N/A Start-up Adaptive Proportion Test (APT) Entropy 90B RCT CAST N/A N/A Continuous Repetition Count Test (RCT) Entropy 90B APT CAST N/A N/A Continuous Adaptive Proportion Test (APT) Table 23: Conditional Periodic Information

10.4 Error States

Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-test Reboot the System State put into an error state failure module Halt Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational firmware integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational firmware integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The validated module firmware was installed onto the respective test platforms listed in Table 2 above. The Crypto Officer must configure and enforce the following initialization steps: Step 1: The Crypto Officer must install opacity shields as described in section 7 above. © 2021-2025 Cisco Systems, Inc.

Page 72

Step 2: The Crypto Officer must apply tamper evidence labels as described in section 7 above. Step 3: The Crypto Officer must securely store any unused tamper evidence labels. Note: Each module has a Type A USB 2.0 port, but it is considered to be disabled once the Crypto Officer has applied the TEL #7. Step 4: Crypto officer shall perform zeroization operation if the module was previously used before the approved mode configuration. Step 5: The Crypto Officer shall configure the module to be managed by the Firepower Management Center (FMC), and follow the procedure below from the FMC: a) Choose Devices > Platform Settings and create or edit a Firepower policy. b) On the left click “UCAPL/CC Compliance”. c) Choose “CC” from the dropdown under “Enable UCAPL/CC Compliance”. d) Click “Save” to save the changes. e) Click “Deploy” and select “Deploy All”. Step 6: The module will automatically reboot, and will be placed in the approved mode once it is done rebooting. Step 7: Crypto Officer can verify the version installed and running > show version Step 8: Crypto Officer can verify the module is in approved mode: > show fips Step 9: Assign users a Privilege Level of basic. Step 10: Configure IP address for unit and all distant endpoints from the FMC. Step 11: Define RADIUS shared secret keys that are at least 8 characters long and secure traffic between the security module and the RADIUS server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS is configured, otherwise proceed. Step 12: Configure the security module so that any remote connections via Telnet are secured through IPSec. Step 13: Configure the security module so that only approved algorithms are used for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Step 14: Configure the security module so that error messages can only be viewed by Crypto Officer. Step 15: Enable HTTPS with TLS. HTTPS with TLS should always be used for Web-based management. Step 16: Ensure that installed digital certificates are signed using approved algorithms. Step 17: Save and reboot the module. © 2021-2025 Cisco Systems, Inc.

Page 73
11.2 Administrator Guidance

Specific Administrator guidance for using Multi-Instance Mode on Secure Firewall 4200 can be found here: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/threat-defense/usecase/multi-instance-sec-fw/multi-instance-sec-fw.html

11.3 Non-Administrator Guidance

Specific Non-Administrator guidance can be found in the Cisco Secure Firewall 4200 Datasheet: https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-4200-ds.html

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Cisco Systems, Inc.