All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Adaptive Security Appliance Virtual Cryptographic Module

Certificate#5114StandardFIPS 140-3Level1TypeFirmware-hybridEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc.
High review priority  ·  no TCB surface named  ·  last validated 7 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware-hybrid
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date12/18/2030
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy
VendorCisco Systems, Inc.

Approved Algorithms (25)

AlgorithmACVP Cert
AES-CBCA4595
AES-GCMA4595
Counter DRBGA4595
ECDSA KeyGen (FIPS186-4)A4595
ECDSA SigGen (FIPS186-4)A4595
ECDSA SigVer (FIPS186-4)A4595
HMAC-SHA-1A4595
HMAC-SHA2- 224A4595
HMAC-SHA2- 256A4595
HMAC-SHA2- 384A4595
HMAC-SHA2- 512A4595
KAS-ECC-SSC Sp800-56Ar3A4595
KAS-FFC-SSC Sp800-56Ar3A4595
KDF IKEv2 (CVL)A4595
KDF SNMP (CVL)A4595
KDF SSH (CVL)A4595
RSA KeyGen (FIPS186-4)A4595
RSA SigGen (FIPS186-4)A4595
RSA SigVer (FIPS186-4)A4595
SHA-1A4595
SHA2-224A4595
SHA2-256A4595
SHA2-384A4595
SHA2-512A4595
TLS v1.2 KDF RFC7627 (CVL)A4595

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Physical Security7
Non-Invasive SecurityN/A
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Adaptive Security Appliance Virtual Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>IPsec/IKEv2 Session Encrypt/Decrypt</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Adaptive Security Appliance Virtual Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>IPsec/IKEv2 Session Encrypt/Decrypt</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Cisco Systems, Inc. Cisco Adaptive Security Appliance Virtual Cryptographic Module Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
1General5
1.1Overview5
1.2Security Levels5
2Cryptographic Module Specification5
2.1Description5
2.2Tested and Vendor Affirmed Module Version and Identification6
2.3Excluded Components7
2.4Modes of Operation7
2.5Algorithms8
2.6Security Function Implementations10
2.7Algorithm Specific Information16
2.8RBG and Entropy17
2.9Key Generation18
2.10Key Establishment18
2.11Industry Protocols19
3Cryptographic Module Interfaces19
3.1Ports and Interfaces19
4Roles, Services, and Authentication20
4.1Authentication Methods20
4.2Roles20
4.3Approved Services20
4.4Non-Approved Services33
4.5External Software/Firmware Loaded33
4.6Bypass Actions and Status33
4.7Cryptographic Output Actions and Status33
4.8Additional Information33
5Software/Firmware Security33
5.1Integrity Techniques33
5.2Initiate on Demand34
6Operational Environment34
6.1Operational Environment Type and Requirements34
7Physical Security34
7.1Mechanisms and Actions Required34
8Non-Invasive Security34
9Sensitive Security Parameters Management35
9.1Storage Areas35
9.2SSP Input-Output Methods35
9.3SSP Zeroization Methods36
9.4SSPs36
9.5Transitions59
10Self-Tests59
10.1Pre-Operational Self-Tests59
10.2Conditional Self-Tests60
10.3Periodic Self-Test Information63
10.4Error States65
11Life-Cycle Assurance66
11.1Installation, Initialization, and Startup Procedures66
11.2Administrator Guidance68
11.3Non-Administrator Guidance68
12Mitigation of Other Attacks68
Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)7
Table 3: Tested Module Identification – Hybrid Disjoint Hardware7
Table 4: Tested Operational Environments - Software, Firmware, Hybrid7
Table 5: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid7
Table 6: Modes List and Description8
Table 7: Approved Algorithms9
Table 8: Vendor-Affirmed Algorithms10
Table 9: Security Function Implementations16
Table 10: Entropy Certificates17
Table 11: Entropy Sources17
Table 12: Ports and Interfaces19
Table 13: Roles20
Table 14: Approved Services33
Table 15: Mechanisms and Actions Required34
Table 16: Storage Areas35
Table 17: SSP Input-Output Methods36
Table 18: SSP Zeroization Methods36
Table 19: SSP Table 144
Table 20: SSP Table 259
Table 21: Pre-Operational Self-Tests60
Table 22: Conditional Self-Tests63
Table 23: Pre-Operational Periodic Information64
Table 24: Conditional Periodic Information65
Table 25: Error States65
Figure 1 Block Diagram6
Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical security1
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A
Overall LevelOverall Level1
1.1 Overview

Appliance Virtual Cryptographic Module (hereinafter referred to as ASAv or the Module), firmware version 9.20(3). The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 1 firmware hybrid The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels
2.1 Description

Purpose and Use: This module is a multi-chip standalone firmware hybrid cryptographic module deployed as the virtualized version of the Cisco Adaptive Security Appliance (ASA) with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FXOS throughout this document). The Module’s operational environment is non-modifiable. ASA delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security © 2021-2025 Cisco Systems, Inc.

Page 6

and secure unified communications, SSHv2, HTTPS/TLSv1.2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B. Module Type: Firmware-hybrid Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic module (red dash box) is a non-modifiable, multi-chip standalone firmware hybrid cryptographic module providing cryptographic support which takes data in and out from the host application via the API. The block diagram below shows the boundary of the Tested Operational Environment’s Physical Perimeter (TOEPP) being defined as the physical perimeter of the tested platform enclosure around which everything runs. The cryptographic boundary is the module (red dash box) and its interfaces with the operational environment. Processor Host Platform API Hypervisor API ASA API FOM Figure 1 Block Diagram The Block Diagram above comprises the following components

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 7
Module configuration
NameModelOperating SystemHardware PlatformHardware VersionFirmware VersionSoftware VersionProcessorPaa PaiHypervisorPackageIntegrity Test
asav9-20-3.zip9.20(3)asav9-20-3.zipRSA 2048 SigVer with SHA2-512
Intel Xeon Platinum 8160 (Skylake)Intel Xeon Platinum 8160 (Skylake)1.0N/AIntel Xeon Platinum 8160 (Skylake)
Linux 4 (FX-OS) on VMware ESXi 7.0Linux 4 (FX-OS) on VMware ESXi 7.0UCS C220 M5 SFF Server9.20(3)Intel Xeon Platinum 8160 (Skylake)YesVMware ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M7 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C225 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C480 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS-E1100D M6 SFF Server w/ESXi 7.0
Module configuration
NameModelOperating SystemHardware PlatformHardware VersionFirmware VersionSoftware VersionProcessorPaa PaiHypervisorPackageIntegrity Test
asav9-20-3.zip9.20(3)asav9-20-3.zipRSA 2048 SigVer with SHA2-512
Intel Xeon Platinum 8160 (Skylake)Intel Xeon Platinum 8160 (Skylake)1.0N/AIntel Xeon Platinum 8160 (Skylake)
Linux 4 (FX-OS) on VMware ESXi 7.0Linux 4 (FX-OS) on VMware ESXi 7.0UCS C220 M5 SFF Server9.20(3)Intel Xeon Platinum 8160 (Skylake)YesVMware ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M7 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C225 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C480 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS-E1100D M6 SFF Server w/ESXi 7.0
Module configuration
NameModelOperating SystemHardware PlatformHardware VersionFirmware VersionSoftware VersionProcessorPaa PaiHypervisorPackageIntegrity Test
asav9-20-3.zip9.20(3)asav9-20-3.zipRSA 2048 SigVer with SHA2-512
Intel Xeon Platinum 8160 (Skylake)Intel Xeon Platinum 8160 (Skylake)1.0N/AIntel Xeon Platinum 8160 (Skylake)
Linux 4 (FX-OS) on VMware ESXi 7.0Linux 4 (FX-OS) on VMware ESXi 7.0UCS C220 M5 SFF Server9.20(3)Intel Xeon Platinum 8160 (Skylake)YesVMware ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M7 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C225 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C480 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS-E1100D M6 SFF Server w/ESXi 7.0
Module configuration
NameModelOperating SystemHardware PlatformHardware VersionFirmware VersionSoftware VersionProcessorPaa PaiHypervisorPackageIntegrity Test
asav9-20-3.zip9.20(3)asav9-20-3.zipRSA 2048 SigVer with SHA2-512
Intel Xeon Platinum 8160 (Skylake)Intel Xeon Platinum 8160 (Skylake)1.0N/AIntel Xeon Platinum 8160 (Skylake)
Linux 4 (FX-OS) on VMware ESXi 7.0Linux 4 (FX-OS) on VMware ESXi 7.0UCS C220 M5 SFF Server9.20(3)Intel Xeon Platinum 8160 (Skylake)YesVMware ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C220 M7 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C225 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C240 M6 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS C480 M5 SFF Server w/ESXi 7.0
Linux 4 (FX-OS)Linux 4 (FX-OS)UCS-E1100D M6 SFF Server w/ESXi 7.0

Tested Module Identification

2.3 Excluded Components
2.4 Modes of Operation

Modes List and Description: © 2021-2025 Cisco Systems, Inc.

Page 8
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4595Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38A
AES-GCMA4595Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
Counter DRBGA4595Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4595Curve - P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA SigGen (FIPS186-4)A4595Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4595Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512FIPS 186-4
HMAC-SHA-1A4595Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A4595Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A4595Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A4595Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A4595Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4595Domain Parameter Generation Methods - P- 256, P-384, P-521 Scheme -SP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4595Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KDF IKEv2 (CVL)A4595Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1SP 800-135 Rev. 1
KDF SNMP (CVL)A4595Password Length - Password Length: 256, 64SP 800-135 Rev. 1
KDF SSH (CVL)A4595Cipher - AES-128, AES-192, AES-256SP 800-135 Rev. 1
RSA KeyGen (FIPS186-4)A4595Key Generation Mode - B.3.4 Modulo - 2048, 3072FIPS 186-4
RSA SigGen (FIPS186-4)A4595Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
RSA SigVer (FIPS186-4)A4595Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072FIPS 186-4
Safe Primes Key GenerationA4595Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp- 4096SP 800-56A Rev. 3
SHA-1A4595Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-224A4595Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-256A4595Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-384A4595Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
SHA2-512A4595Message Length - Message Length: 0-65536 Increment 8FIPS 180-4
TLS v1.2 KDF RFC7627 (CVL)A4595Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512SP 800-135 Rev. 1

Table 6: Modes List and Description The module has one Approved mode of operation and does not implement a Non-Approved following the steps in section 11 of this document, the module will only operate in the Approved mode of operation. The module doesn’t claim the implementation of a degraded mode

2.5 Algorithms

Approved Algorithms: HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2021-2025 Cisco Systems, Inc.

Page 9
Service
NameProperties
CKGKey Type:AsymmetricN/AThe Module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2

Table 7: Approved Algorithms Vendor-Affirmed Algorithms: N/A © 2021-2025 Cisco Systems, Inc.

Page 10
Service
NameDescriptionApproved FunctionsTypeProperties
KAS-FFC (SSHv2)Full KAS-FFC Key Agreement used for SSHv2 serviceKAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: MODP-2048, MODP-3072, MODP-4096 Safe Primes Key Generation: (A4595) KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: AsymmetricCKG KAS-FullCaveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KAS-ECC (SSHv2)Full KAS-ECC Key Agreement used for SSHv2 serviceKAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: AsymmetricCKG KAS-FullCaveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KAS-FFC (TLSv1.2)Full KAS-FFC Key Agreement used for TLSv1.2 serviceKAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: ffdhe2048, ffdhe3072, ffdhe4096 Safe Primes Key Generation: (A4595) TLS v1.2 KDF RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: AsymmetricCKG KAS-FullCaveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KAS-ECC (TLSv1.2)Full KAS-ECC Key Agreement used for TLSv1.2 serviceKAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 TLS v1.2 KDF RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: AsymmetricCKG KAS-FullCaveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KAS-FFC (IKEv2)Full KAS-FFC Key Agreement used for IKEv2 serviceKAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: MODP-2048, MODP-3072, MODP-4096 Safe Primes Key Generation: (A4595) KDF IKEv2: (A4595) Counter DRBG: (A4595) CKG: ()CKG KAS-FullCaveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KAS-ECC (IKEv2)Full KAS-ECC Key Agreement used for IKEv2 serviceKAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 KDF IKEv2: (A4595) Counter DRBG: (A4595) CKG: () Key Type: AsymmetricCKG KAS-FullCaveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL
KTS (TLSv1.2 with AES and HMAC)KTS via TLSv1.2 service by using AES and HMACAES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595)KTS-Unwrap KTS-WrapCaveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method
KTS (TLSv1.2 with AES-GCM)KTS via TLSv1.2 service by using AES- GCMAES-GCM: (A4595) Key Length: 128, 256KTS-Unwrap KTS-WrapCaveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:method: use of any approved authenticated symmetric encryption mode
KTS (SSHv2 with AES and HMAC)KTS via SSHv2 service by using AES and HMACAES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) SHA-1: (A4595) SHA2-256: (A4595)KTS-Unwrap KTS-WrapCaveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method
KTS (SSHv2 with AES-GCM)KTS via SSHv2 service by using AES-GCMAES-GCM: (A4595) Key Length: 128, 256KTS-Unwrap KTS-WrapCaveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:method: use of any approved authenticated symmetric encryption mode
RSA KeyGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA KeyGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bits Counter DRBG: (A4595) CKG: () Key Type: AsymmetricAsymKeyPair- KeyGen CKG
ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)ECDSA KeyGen for SSHv2, TLSv1.2, and IKEv2 servicesECDSA KeyGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 Counter DRBG: (A4595)AsymKeyPair- KeyGen CKG
RSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA SigGen for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bitsDigSig-SigGen
ECDSA SigGen (SSHv2, TLSv1.2, IKEv2)ECDSA SigGen for SSHv2, TLSv1.2, and IKEv2 servicesECDSA SigGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521DigSig-SigGen
RSA SigVer (SSHv2, TLSv1.2, IKEv2)RSA SigVer for SSHv2, TLSv1.2, and IKEv2 servicesRSA SigVer (FIPS186-4): (A4595) Modulus: 2048, 3072 bitsDigSig-SigVer
ECDSA SigVer (SSHv2, TLSv1.2, IKEv2)ECDSA SigVer for SSHv2, TLSv1.2, and IKEv2 servicesECDSA SigVer (FIPS186-4): (A4595) Curves: P-256, P-384, P-521DigSig-SigVer
SSHv2 Session Encrypt/DecryptSSHv2 session protection.AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256BC-Auth BC-UnAuthBit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC
SSHv2 Session AuthenticationSSHv2 Session Authentication.SHA-1: (A4595) SHA2-256: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595)MAC
SSHv2 Keying Materials DevelopmentSSHv2 session keying materials, used to derive SSHv2 session keys.KDF SSH: (A4595)KAS-135KDF
TLSv1.2 Session Encrypt/DecryptTLSv1.2 session protectionAES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256BC-Auth BC-UnAuthBit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC
TLSv1.2 Session AuthenticationTLSv1.2 session authentication.SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595)MAC
TLSv1.2 Keying Materials DevelopmentTLSv1.2 session keying materials, used to derive TLS session keys.TLS v1.2 KDF RFC7627: (A4595)KAS-135KDF
IPsec/IKEv2 Session Encrypt/DecryptIPsec/IKEv2 session protectionAES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256BC-Auth BC-UnAuthBit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC
IPsec/IKEv2 Session AuthenticationIPsec/IKEv2 session authentication.SHA2-256: (A4595) SHA2-384: (A4595) SHA2-512:MAC
IPsec/IKEv2 Keying Materials DevelopmentIPsec/IKEv2 session keying materials, used to derive IPsec/IKEv2 session keys.KDF IKEv2: (A4595)KAS-135KDF
SNMPv3 Session Encrypt/DecryptSNMPv3 session protection.AES-CBC: (A4595) Key Length: 128, 256BC-UnAuthBit-strength Caveat:Provides 128 or 256 bits of encryption strength
SNMPv3 Session AuthenticationSNMPv3 session authentication.SHA-1: (A4595) SHA2-224: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 224: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595)MAC
SNMPv3 Keying Materials DevelopmentSNMPv3 session keying materials, used to derive SNMPv3 session keys.KDF SNMP: (A4595)KAS-135KDF
DRBG FunctionUsed for DRBG generationCounter DRBG: (A4595)DRBG

Table 8: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations
Page 13

AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.

Page 16

Table 9: Security Function Implementations

2.7 Algorithm Specific Information
Page 17
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
Cisco Jitter Entropy SourceNon- Physical256 bitsIntel Xeon Platinum 8160 (Skylake)Full entropyA2810 (SHA3- 256)
CertVendor
NumberName
E3Cisco

3.3.1. The keys for the client and server negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key) are compared and the module aborts the session if the key values are identical. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.

2.8 RBG and Entropy

Table 10: Entropy Certificates NonPhysical Table 11: Entropy Sources A2810 (SHA3256) The module employs a Deterministic Random Bit Generator (DRBG) implementation based on SP800-90Arev1. This DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). © 2021-2025 Cisco Systems, Inc.

Page 18

The DRBG implemented is an AES-256 Counter DRBG, seeded by the entropy source described in the table above. The Counter DRBG utilizes the Derivation Function and employs prediction resistance. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy). Additionally, the DRBG is reseeded with a 256-bits long entropy input (corresponding to 256 bits of entropy).

2.9 Key Generation

The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800- 133r2. When random values are required, they are obtained from the SP 800-90Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2. The following methods are implemented:

2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation: KAS-FFC Shared Secret Computation:

7919 (TLS) and RFC 3526 (IKE). Note that the module only implements domain

parameter generation, key pair generation and verification, and shared secret computation.

Page 19
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputArguments for an API that provide the data to be used for processed by the module.
N/AN/AData OutputArguments output from an API call.
N/AN/AControl InputArguments for an API call used to control and configure module operation.
N/AN/AControl OutputN/A
N/AN/AStatus OutputReturn values, and/or log messages.
N/AN/APowerProvide the Power Supply to the module.

o o  MODP-3072 (ID = 15)  MODP-4096 (ID =

  1. TLS (RFC 7919):  ffdhe2048 (ID = 256)  ffdhe3072 (ID = 257)  ffdhe4096 (ID = 258) IKE (RFC 3526):  MODP-2048 (ID = 14)  MODP-3072 (ID = 15)  MODP-4096 (ID =
  2. KAS-ECC Shared Secret Computation: • The module provides SP800-56Arev3 compliant key establishment according to FIPS 140-3 IG D.F scenario 2 path (2) with KAS-ECC shared secret computation. The shared secret computation provides between 128 and 256 bits of encryption strength. The module also provides the following key transport mechanisms: • Key wrapping using AES-GCM with a security strength of 128 or 256 bits. • Key wrapping using AES-CBC with a security strength of 128 or 256 bits with HMACSHA-1, HMAC-SHA2-256 or HMAC-SHA2-384.
2.11 Industry Protocols

The module supports SSHv2, TLSv1.2, IPsec/IKEv2 and SNMPv3 industrial protocols. No parts of SSHv2, TLSv1.2, IPsec/IKEv2 or SNMPv3 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A N/A N/A N/A N/A N/A Table 12: Ports and Interfaces N/A The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides its logical interfaces via Application Programming Interface (API) calls. The logical interfaces provided by the module are mapped onto the FIPS 140-3 interfaces © 2021-2025 Cisco Systems, Inc.

Page 20
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods
Crypto OfficerCrypto OfficerRoleNone
Show StatusProvide Module's current statusCrypto OfficerNoneNoneAPI command to show status.Module's current status.
Show VersionProvide Module's name/ID and versioning informatio n.Crypto OfficerNoneNoneAPI command "show version"Module's name "ASAv Adaptive Security Virtual Appliance" and versioning information
Perform Self-TestsPerform Self-Tests (Pre- operationa l self-tests andCrypto OfficerNoneNoneAPI command s to conduct on- demandStatus of the self- tests results.
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods
Crypto OfficerCrypto OfficerRoleNone
Show StatusProvide Module's current statusCrypto OfficerNoneNoneAPI command to show status.Module's current status.
Show VersionProvide Module's name/ID and versioning informatio n.Crypto OfficerNoneNoneAPI command "show version"Module's name "ASAv Adaptive Security Virtual Appliance" and versioning information
Perform Self-TestsPerform Self-Tests (Pre- operationa l self-tests andCrypto OfficerNoneNoneAPI command s to conduct on- demandStatus of the self- tests results.
4 Roles, Services, and Authentication
4.2 Roles

Table 13: Roles The module supports Crypto Officer (CO) role. The module does not allow concurrent operators. The Crypto Officer is implicitly assumed based on the service requested.

4.3 Approved Services

The following tables detail the types of approved services available to each role in approved mode of operation, the types of access for each role and the Keys or SSPs they affect.

Page 21
Service
NameRole AccessCsps AccessedApproved FunctionsIndicatorInputOutput
Perform Zeroizatio nPerform Zeroizatio n.Crypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH RSA Private Key: Z - SSH RSA Public Key:NoneNoneAPI command s to conduct Zeroizatio n operation or Power down the tested platform.Status of the SSPs zeroization.

n al SelfTests) n. Z Z Z Z Z Z SelfTests. © 2021-2025 Cisco Systems, Inc. n

Page 22
Service
NameCsps AccessedDescriptiSecurity
onAccessonFunctions
onAccessonFunctions
onAccessonFunctions
Page 25
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Configure NetworkSets configurati on of the systems.Crypto OfficerNoneNoneAPI command s to configure the module.Status of the completion of network related configuratio n.
Configure Bypass capabilitySets the Bypass capabilityCrypto OfficerNoneNoneAPI command s to configure the Bypass capability.Status of the completion of Bypass capability configuratio n.
Configure SSHv2 FunctionConfigure SSHv2 FunctionCrypto Officer - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG InternalKTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)Global Indicator and SSHv2 configurati on success status message.API command s to configure SSHv2.Status of the completion of SSHv2 configuratio n.
DRBG FunctionState V value: G,W,E - DRBG Key: G,W,E - RADIUS Secret: W - TACACS+ Secret: WDRBG Function
Configure HTTPS over TLSv1.2 FunctionConfigure HTTPS over TLSv1.2 Function.Crypto Officer - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,EKTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG FunctionGlobal Indicator and HTTPS over TLSv1.2 configurati on success status message.API command s to configure HTTPS over TLSv1.2Status of the completion of HTTPS over TLSv1.2 configuratio n.
Configure IPsec/IKE v2 FunctionsConfigure IPsec/IKE v2 FunctionsCrypto Officer - IPsec/IKEv2 RSA Private Key: G,W,E - IPsec/IKEv2 RSA Public Key: G,W,EKTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AESGlobal Indicator with IPsec/IKE v2 configurati on success status message.API command s to configure IPsec/IKE v2.Status of the completion of IPsec/IKEv 2 secure tunnel configuratio n.
and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG Function- IPsec/IKEv2 ECDSA Private Key: G,W,E - IPsec/IKEv2 ECDSA Public Key: G,W,E - IPsec/IKEv2 Pre-Shared Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,Eand HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG Function
Configure SNMPv3 FunctionConfigure SNMPv3 FunctionCrypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticati on Key: G,W,EKTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) SNMPv3 Keying Materials DevelopmentGlobal Indicator and SNMPv3 configurati on success status message.API command s to configure SNMPv3.Status of the completion of SNMPv3 configuratio n.
Run SSHv2 FunctionExecute SSHv2 FunctionCrypto Officer - SSH DHKAS-FFC (SSHv2) KAS-ECCGlobal Indicator andAPI command s toStatus of SSHv2 secure

n. n. n. © 2021-2025 Cisco Systems, Inc. with AESGCM) with AESGCM) G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E

Page 26

n. with AESGCM) with AESGCM) n. with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E G,W,E

Page 27

with AESGCM) n. with AESGCM) with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,W,E G,W,E G,W,E W,E G,W,E

Page 28
Service
NameCsps AccessedIndicatorInputOutputDescriptiSecurity
onAccessonFunctions
Successfu l SSHv2 log message.Successfu l SSHv2 log message.execute SSHv2 service.tunnel establishme nt.(SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, IKEv2) SSHv2 Session Encrypt/Decr ypt SSHv2 Session Authenticatio n SSHv2 Keying Materials Development DRBG FunctionPrivate Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session

© 2021-2025 Cisco Systems, Inc. with AESGCM) n G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E G,W,E G,R,W G,W,E G,R,W

Page 29
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run HTTPS over TLSv1.2 FunctionExecute HTTPS over TLSv1.2 Function.Crypto Officer - TLS DH Private Key: G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLSKAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2,Global Indicator and Successfu l HTTPS over TLSv1.2 log message.API command to execute HTTPS over TLSv1.2 service.Status of HTTPS over TLSv1.2 establishme nt.
TLSv1.2, IKEv2) TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n TLSv1.2 Keying Materials Development DRBG FunctionECDH Shared Secret: G,W,E - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticati on Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,ETLSv1.2, IKEv2) TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n TLSv1.2 Keying Materials Development DRBG Function
Run IPsec/IKE v2 FunctionsExecute IPsec/IKE v2 FunctionsCrypto Officer - IPsec/IKEv2KAS-FFC (IKEv2) KAS-ECC (IKEv2)Global Indicator and SuccessfuAPI command to executeStatus of IPsec/IKEv 2 secure tunnel

with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W W,E

Page 31
Service
NameCsps AccessedIndicatorInputOutputDescriptiSecurity
onAccessonFunctions
l IPsec/IKE v2 log message.l IPsec/IKE v2 log message.IPsec/IKE v2establishme ntRSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, IKEv2) IPsec/IKEv2 Session Encrypt/Decr ypt IPsec/IKEv2 Session Authenticatio n IPsec/IKEv2 Keying Materials Development DRBG FunctionDH Private Key: G,W,E - IPsec/IKEv2 DH Public Key: G,R,W - IPsec/IKEv2 Peer DH Public Key: W,E - IPsec/IKEv2 DH Shared Secret: G,W,E - IPsec/IKEv2 ECDH Private Key: G,W,E - IPsec/IKEv2 ECDH Public Key: G,R,W - IPsec/IKEv2 Peer ECDH Public Key: W,E - IPsec/IKEv2 ECDH Shared Secret: G,W,E - IPsec/IKEv2 RSA Private Key: G,W,E - IPsec/IKEv2 RSA Public Key: G,W,E - IPsec/IKEv2 ECDSA Private Key:
Page 32
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Run SNMPv3 FunctionsExecute SNMPv3 Function.Crypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 AuthenticatiSNMPv3 Session Encrypt/Decr ypt SNMPv3 Session Authenticatio n SNMPv3 Keying Materials DevelopmentGlobal Indicator and Successfu l SNMPv3 log message.API command to execute SNMPv3 service.Status of SNMPv3 service.
Page 33
Service
NameCsps AccessedDescriptiSecurity
onAccessonFunctions
4.4 Non-Approved Services
4.5 External Software/Firmware Loaded
4.6 Bypass Actions and Status

The module implements alternating Bypass service. Traffic output from the module’s data output interface can be cryptographically protected via IPSec/IKE VPN, or passed as plaintext (Bypass state), depending on the VPN tunnel establishment on the dedicated data output interface. The operator shall assume Crypto Officer role so as to configure IPSec/IKE VPN capability. If no IPSec/IKE VPN was configured, after running two independent internal actions, Module would enter the Bypass state. Before the module executes the Bypass service (sending out plaintext traffic via the data output interface), the module would conduct two independent internal actions to prevent the inadvertent bypass of plaintext data due to a single error. The Crypto Officer can use commands “show access-list” and “show crypto ipsec sa” to verify the module’s Bypass status. In Bypass tests fail, the module would enter an error state, and drop the traffic.

4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.

4.8 Additional Information

The module supports unauthenticated service. The unauthenticated operator can trigger the self-test service by power-cycling the module.

5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the library is protected by RSA 2048 SigVer with SHA2-512 (RSA and SHA2-512 Cert. #A4595) © 2021-2025 Cisco Systems, Inc.

Page 34
MechanismInspectionInspection
FrequencyGuidance
Production grade componentsN/AN/A

signature calculated at build time. At crypto module library initialization, the signature is recalculated and compared to the hardcoded build-time generated signature value. If at load time the signature does not match, the crypto module library exits with error. If failure occurs during self-test, all crypto functionality is disabled.

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Non-Modifiable The module is a firmware hybrid module, which is operated in a non-modifiable operational environment per FIPS 140-3 level 1 specifications. The module’s firmware version running on each tested platform is 9.20(3). The module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevent unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators.

7 Physical Security
7.1 Mechanisms and Actions Required

N/A Table 15: Mechanisms and Actions Required The module is running on the multi-chip standalone production grade platform to meet physical security requirements from FIPS 140-3 level

  1. The module’s Tested Operational Environment’s Physical Perimeter (TOEPP) is drawn at the casing of the tested platforms in Table
  2. The module’s tested platforms consist of production-grade components.
8 Non-Invasive Security

N/A for this module. © 2021-2025 Cisco Systems, Inc.

Page 35
Sensitive security parameter
NameTypeDescription
DRAMDynamicVolatile memory provided by the ESXi host for the module temporary.
FlashStaticNon-Volatile memory provided by the ESXi host for the module to retain memory across power-cycles.
Service
NameApproved FunctionsTypeFromTo
Peer Public Key InputPlaintextExternal (Outside of the Module's Boundary)ModuleAutomatedElectronic
Module Public Key OutputPlaintextModuleExternal (Outside of the Module's Boundary)AutomatedElectronic
Secret Input via SSHv2 encrypted by GCMKTS (SSHv2 with AES- GCM)EncryptedExternal (Outside of the Module's Boundary)ModuleAutomatedElectronic
Public key Output via SSHv2 encrypted by GCMKTS (SSHv2 with AES- GCM)EncryptedModuleExternal (Outside of the Module's Boundary)AutomatedElectronic
Secret Input via SSHv2 encrypted by AES and HMACKTS (SSHv2 with AES and HMAC)EncryptedExternal (Outside of the Module's Boundary)ModuleAutomatedElectronic
Public key Output via SSHv2 encrypted by AES and HMACKTS (SSHv2 with AES and HMAC)EncryptedModuleExternal (Outside of the Module's Boundary)AutomatedElectronic
Secret Input via TLS encrypted by GCMKTS (TLSv1.2 with AES- GCM)EncryptedExternal (Outside of the Module's Boundary)ModuleAutomatedElectronic
Public key Output via TLS encrypted by GCMKTS (TLSv1.2 with AES- GCM)EncryptedModuleExternal (Outside of the Module's Boundary)ManualElectronic
Secret Input via TLS encrypted by AES and HMACKTS (TLSv1.2 with AES and HMAC)EncryptedExternal (Outside of the Module's Boundary)ModuleAutomatedElectronic
Public key Output via TLS encrypted by AES and HMACKTS (TLSv1.2 with AES- GCM)EncryptedModuleExternal (Outside of the Module's Boundary)AutomatedElectronic
9 Sensitive Security Parameters Management
9.1 Storage Areas
9.2 SSP Input-Output Methods

with AESGCM) with AESGCM) © 2021-2025 Cisco Systems, Inc.

Page 36
Sensitive security parameter
NameTypeDescriptionStrengthZeroizationUse`configure factory- default`
Session termination will automatically zeroize all session based temporary SSPsZeroization upon session terminationSession TerminationTerminate session
Reboot to zeroize all temporary SSPs stored in volatile memoryZeroization upon rebooting the moduleRebootReboot
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG384 bits - at least 256 bitsDRBG Function
Sensitive security parameter
NameTypeDescriptionStrengthZeroizationUse`configure factory- default`
Session termination will automatically zeroize all session based temporary SSPsZeroization upon session terminationSession TerminationTerminate session
Reboot to zeroize all temporary SSPs stored in volatile memoryZeroization upon rebooting the moduleRebootReboot
DRBG Entropy InputEntropy Input - CSPUsed to seed the DRBG384 bits - at least 256 bitsDRBG Function

with AESGCM) with AESGCM) with AESGCM) Table 17: SSP Input-Output Methods

9.3 SSP Zeroization Methods

factorydefault` Table 18: SSP Zeroization Methods n © 2021-2025 Cisco Systems, Inc.

Page 37
Sensitive security parameter
NameTypeDescriptionStrengthUse
DRBG SeedDRBG Seed - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
DRBG Internal State V valueDRBG Internal State V value - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
DRBG KeyDRBG Key - CSPUsed in DRBG Generation256 bits - 256 bitsDRBG Function
RADIUS SecretAuthenticati on Data - CSPRADIUS Server Authenticati on16 Characte rs - 128 bits
TACACS+ SecretAuthenticati on Data - CSPTACACS+ Authenticati on16 Characte rs - 128 bits
SSH DH Private KeyPrivate Key - CSPUsed to derive the SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (SSHv2)KAS- FFC (SSHv2)
SSH DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (SSHv2)
SSH Peer DH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (SSHv2)
SSH DH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH SessionMODP- 2048, MODP- 3072, MODP- 4096 -SSHv2 Keying Materials DevelopmentKAS-FFC (SSHv2)
Authenticati on KeysAuthenticati on Keys112 to 152 bits
SSH ECDH Private KeyPrivate Key - CSPUsed to derive the SSH ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (SSHv2)KAS- ECC (SSHv2)
SSH ECDH Public KeyPublic Key - PSPUsed to derive the SSH ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (SSHv2)
SSH Peer ECDH Public KeyPublic Key - PSPUsed to derive SSH DH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (SSHv2)
SSH ECDH Shared SecretShared Secret - CSPUsed to derive SSH Session Encryption Keys, SSH Session Authenticati on KeysCurves: P-256, P-384, P-521 - 128 to 256 bitsSSHv2 Keying Materials DevelopmentKAS-ECC (SSHv2)
SSH RSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onModulus 2048 and 3072 bits - 112 or 128 bitsRSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH RSA Public KeyPublic Key - PSPUsed for SSH session authenticati onModulus 2048 and 3072 bits - 112 or 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH ECDSA Private KeyPrivate Key - CSPUsed for SSH session authenticati onCurves: P-256, P-384, P-521 - 128 to 256 bitsECDSA SigGen (SSHv2, TLSv1.2, IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH ECDSA Public KeyPublic Key - PSPUsed for SSH session authenticati onCurves: P-256, P-384, P-521 - 128 to 256 bitsECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)
SSH Session Encryption KeySymmetric Key - CSPUsed for SSH session confidentiali ty protection128, 256 bits - 112 to 256 bitsSSHv2 Session Encrypt/Decr yptSSHv2 Keying Materials Developm ent
SSH Session Authenticati on KeySession Key - CSPUsed for SSH Session integrity protectionAt least 160 bits - 112 to 256 bitsSSHv2 Session Authenticatio nSSHv2 Keying Materials Developm ent
TLS DH Private KeyPrivate Key - CSPUsed to Derive TLS DH Shared Secretffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bitsKAS-FFC (TLSv1.2)KAS- FFC (TLSv1.2 )
TLS DH Public KeyPublic Key - PSPUsed to Derive TLS DH Shared Secretffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bitsKAS-FFC (TLSv1.2)
TLS Peer DH Public KeyPublic Key - PSPUsed to derive TLS DH Shared Secretffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bitsKAS-FFC (TLSv1.2)
TLS DH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Sessionffdhe204 8, ffdhe307 2, ffdhe409 6 - 112TLSv1.2 Keying Materials DevelopmentKAS-FFC (TLSv1.2)
Authenticati on KeyAuthenticati on Keyto 152 bits
TLS ECDH Private KeyPrivate Key - CSPUsed to Derive TLS ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (TLSv1.2)KAS- ECC (TLSv1.2 )
TLS ECDH Public KeyPublic Key - PSPUsed to Derive TLS ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (TLSv1.2)
TLS Peer ECDH Public KeyPublic Key - PSPUsed to derive TLS ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (TLSv1.2)
TLS ECDH Shared SecretShared Secret - CSPUsed to Derive TLS Session Encryption Key and TLS Session Authenticati on KeyCurves: P-256, P-384, P-521 - 128 to 256 bitsTLSv1.2 Keying Materials DevelopmentKAS-ECC (TLSv1.2)
TLS RSA Private KeyPrivate Key - CSPUsed to support CO HTTPS interfacesModulus 2048 and 3072 bits - 112 or 128 bitsRSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS RSA Public KeyPublic Key - PSPUsed to support CO HTTPS interfacesModulus 2048 and 3072 bits - 112 or 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS ECDSA Private KeyPrivate Key - CSPUsed to support CO HTTPS interfacesCurves: P-256, P-384, P-521 - 128 to 256 bitsECDSA SigGen (SSHv2, TLSv1.2, IKEv2)ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS ECDSA Public KeyPublic Key - PSPUsed to support CO HTTPS interfacesCurves: P-256, P-384, P-521 - 128 to 256 bitsECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)
TLS Master SecretMaster Secret - CSPUsed to protect HTTPS Session384 bits - 384 bitsTLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio nTLSv1.2 Keying Materials Developm ent
TLS Session Encryption KeySymmetric Key - CSPUsed to protect HTTPS Session128, 256 bits - 112 to 256 bitsTLSv1.2 Session Encrypt/Decr yptTLSv1.2 Keying Materials Developm ent
TLS Session Authenticati on KeyMessage Authenticati on Key - CSPUsed to authenticat e HTTPS Session160, 256, 384 bits - 112 to 256 bitsTLSv1.2 Session Authenticatio nTLSv1.2 Keying Materials Developm ent
IPsec/IKEv2 DH Private KeyPrivate Key - CSPUsed to derive IPsec/IKEv 2 DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (IKEv2)KAS- FFC (IKEv2)
IPsec/IKEv2 DH Public KeyPublic Key - PSPUsed to derive IPsec/IKEv 2 DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (IKEv2)
IPsec/IKEv2 Peer DH Public KeyPublic Key - PSPUsed to derive IPsec/IKEv 2 DH Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsKAS-FFC (IKEv2)
IPsec/IKEv2 DH Shared SecretShared Secret - CSPUsed to derive IPsec/IKEv 2 Session Shared SecretMODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bitsIPsec/IKEv2 Keying Materials DevelopmentKAS-FFC (IKEv2)
IPsec/IKEv2 ECDH Private KeyPrivate key - CSPUsed to derive IPsec/IKEv 2 ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (IKEv2)KAS- ECC (IKEv2)
IPsec/IKEv2 ECDH Public KeyPublic Key - PSPUsed to derive IPsec/IKEv 2 ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (IKEv2)
IPsec/IKEv2 Peer ECDH Public KeyPublic Key - PSPUsed to derive IPsec/IKEv 2 ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsKAS-ECC (IKEv2)
IPsec/IKEv2 ECDH Shared SecretShared Secret - CSPUsed to derive IPsec/IKEv 2 ECDH Shared SecretCurves: P-256, P-384, P-521 - 128 to 256 bitsIPsec/IKEv2 Keying Materials DevelopmentKAS-ECC (IKEv2)
IPsec/IKEv2 RSA Private KeyPrivate Key - CSPUsed for IPsec/IKEv 2 authenticati onModulus 2048 and 3072 bits - 112 or 128 bitsRSA SigGen (SSHv2, TLSv1.2, IKEv2)RSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPsec/IKEv2 RSA Public KeyPublic Key - PSPUsed for IPsec/IKEv 2 authenticati onModulus 2048 and 3072 bits - 112 or 128 bitsRSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPsec/IKEv2 ECDSA Private KeyPrivate Key - CSPUsed for IPsec/IKEv 2Curves: P-256, P-384, P-521 -ECDSA SigGen (SSHv2,ECDSA KeyGen (SSHv2,
authenticati onauthenticati on128 to 256 bitsTLSv1.2, IKEv2)TLSv1.2, IKEv2)
IPsec/IKEv2 ECDSA Public KeyPublic Key - PSPUsed for IPsec/IKEv 2 authenticati onCurves: P-256, P-384, P-521 - 128 to 256 bitsECDSA KeyGen (SSHv2, TLSv1.2, IKEv2)
IPsec/IKEv2 Pre-Shared KeyShared Secret - CSPUsed for IPsec/IKEv 2 authenticati on16-32 characte rs - 128 to 256 bits
SKEYSEEDKeying Material - CSPKeying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key160 bits - 112 to 256 bitsIPsec/IKEv2 Session Encrypt/Decr ypt IPsec/IKEv2 Session Authenticatio nIPsec/IKEv 2 Keying Materials Developm ent
IPsec/IKEv2 Session Encryption KeySymmetric Key - CSPUsed to secure IPsec/IKEv 2 session confidentiali ty128, 256 bits - 112 to 256 bitsIPsec/IKEv2 Session Encrypt/Decr yptIPsec/IKEv 2 Keying Materials Developm ent
IPsec/IKEv2 Authenticati on KeyMessage Authenticati on Key - CSPUsed to secure IPsec/IKEv 2 session authenticati onat least 160 bits - 112 to 256 bitsIPsec/IKEv2 Session Authenticatio nIPsec/IKEv 2 Keying Materials Developm ent
SNMPv3 Authenticati on/ Privacy PasswordAuthenticati on Password - CSPUsed for SNMPv3 user authenticati on8-32 characte rs - 64 to 256 bits
SNMPv3 Encryption KeySymmetric Key - CSPUsed for SNMPv3 confidentiali ty128 bits - 128 bitsSNMPv3 Session Encrypt/Decr yptSNMPv3 Keying Materials Developm ent

n MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP4096 © 2021-2025 Cisco Systems, Inc. KASFFC

Page 38

n KASECC © 2021-2025 Cisco Systems, Inc.

Page 39

n n 8, 2, 8, 2, 8, 2, 8, 2, © 2021-2025 Cisco Systems, Inc. KASFFC )

Page 40

n KASECC ) © 2021-2025 Cisco Systems, Inc.

Page 41

n MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, © 2021-2025 Cisco Systems, Inc. KASFFC n n

Page 42

n MODP2048, MODP3072, © 2021-2025 Cisco Systems, Inc. KASECC

Page 44
Sensitive security parameter
NameTypeDescriptionStrengthGenerationUseType - Category
SNMPv3 Authenticati on KeyAuthenticati on Key - CSPUsed for SNMPv3 authenticati onAt least 112 bits - At least 112 bitsSNMPv3 Keying Materials Developm entSNMPv3 Session Authenticatio n
DRBG Entropy InputDRAM:Plaintex tZeroization Command RebootDRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used WithUntil Reboot
DRBG SeedDRAM:Plaintex tZeroization Command RebootDRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used WithUntil Reboot
DRBG Internal State V valueDRAM:Plaintex tZeroization Command RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used WithUntil Reboot
DRBG KeyDRAM:Plaintex tZeroization Command RebootDRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used WithUntil Reboot
RADIUS SecretFlash:Encrypte dSecret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES andZeroization Command

n Table 19: SSP Table 1 t n t t t d © 2021-2025 Cisco Systems, Inc. n

Page 45
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
TACACS+ SecretFlash:Encrypte dZeroization CommandSecret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC
SSH DH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH DH Public Key:Paired With SSH Peer DH Public Key:Used With
SSH DH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootModule Public Key OutputWhile SSH session is activeSSH DH Private Key:Paired With
SSH Peer DH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile SSH session is activeSSH DH Private Key:Used With
SSH DH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH DH Private Key:Derived From SSH Peer DH Public Key:Derived From
SSH ECDH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With
SSH ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootModule Public Key OutputWhile SSH session is activeSSH ECDH Private Key:Paired With
SSH Peer ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile SSH session is activeSSH ECDH Private Key:Used With
SSH ECDH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH ECDH Private Key:Derived From SSH Peer ECDH Public Key:Derived From
SSH RSA Private KeyFlash:PlaintextZeroization CommandSSH RSA Public Key:Paired With
SSH RSA Public KeyFlash:PlaintextZeroization CommandModule Public Key OutputSSH RSA Private Key:Paired With
Page 48
Sensitive security parameter
NameStorageZeroizationOutputRelated SSPs
SSH ECDSA Private KeyFlash:PlaintextZeroization CommandSSH ECDSA Public Key:Paired With
SSH ECDSA Public KeyFlash:PlaintextZeroization CommandModule Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLSSSH ECDSA Private Key:Paired With
Page 49
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
SSH Session Encryption KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH Session Authentication Key:Used With
SSH Session Authentication KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SSH session is activeSSH Session Encryption Key:Used With
TLS DH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS DH Public Key:Paired With TLS Peer DH Public Key:Used With
TLS DH Public KeyDRAM:Plaintex tZeroization Command Session TerminatioModule Public Key OutputWhile TLS session is activeTLS DH Private Key:Paired With
TLS Peer DH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile TLS session is activeTLS DH Private Key:Used With
TLS DH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS DH Private Key:Derived From TLS Peer DH Public Key:Derived From
TLS ECDH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With
TLS ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootModule Public Key OutputWhile TLS session is activeTLS ECDH Private Key:Paired With
TLS Peer ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile TLS session is activeTLS ECDH Private Key:Used With
TLS ECDH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From
TLS RSA Private KeyFlash:PlaintextZeroization CommandTLS RSA Public Key:Paired With
TLS RSA Public KeyFlash:PlaintextZeroization CommandModule Public Key Output Secret Input via SSHv2 encrypteTLS RSA Private Key:Paired With
Page 52
Sensitive security parameter
NameStorageZeroizationRelated SSPsVia TLS encrypte d by AES and HMAC
TLS ECDSA Private KeyFlash:PlaintextZeroization CommandTLS ECDSA Public Key:Paired With
TLS ECDSA Public KeyFlash:PlaintextZeroization CommandTLS ECDSA Private Key:Paired WithModule Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Public key
Page 53
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
TLS Master SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS DH Shared Secret:Derived From TLS ECDH Shared Secret:Derived From
TLS Session Encryption KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS Session Authentication Key:Used With TLS Master Secret:Derived From
TLS Session Authentication KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile TLS session is activeTLS Session Encryption Key:Used With TLS Master Secret:Derived From
IPsec/IKEv2 DH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 DH Public Key:Paired With IPsec/IKEv2 Peer DH Public Key:Used With
IPsec/IKEv2 DH Public KeyDRAM:Plaintex tZeroization Command Session TerminatioModule Public Key OutputWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 DH Private Key:Paired With
IPsec/IKEv2 Peer DH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 DH Private Key:Used With
IPsec/IKEv2 DH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeSKEYSEED:Used With
IPsec/IKEv2 ECDH Private KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 ECDH Public Key:Paired With IPsec/IKEv2 Peer ECDH Public Key:Used With
IPsec/IKEv2 ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootModule Public Key OutputWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 ECDH Private Key:Paired With
IPsec/IKEv2 Peer ECDH Public KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootPeer Public Key InputWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 ECDH Private Key:Used With
IPsec/IKEv2 ECDH Shared SecretDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 ECDH Private Key:Derived From IPsec/IKEv2 Peer ECDH Public Key:Derived From SKEYSEED:Used With
IPsec/IKEv2 RSA Private KeyFlash:PlaintextZeroization CommandIPsec/IKEv2 RSA Public Key:Paired With
IPsec/IKEv2 RSA Public KeyFlash:PlaintextZeroization CommandModule Public Key Output SecretIPsec/IKEv2 RSA Private Key:Paired With
Page 56
Sensitive security parameter
NameStorageZeroizationOutputRelated SSPs
IPsec/IKEv2 ECDSA Private KeyFlash:PlaintextZeroization CommandIPsec/IKEv2 ECDSA Public Key:Paired With
IPsec/IKEv2 ECDSA Public KeyFlash:PlaintextZeroization CommandModule Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypteIPsec/IKEv2 ECDSA Private Key:Paired With
IPsec/IKEv2 Pre-Shared KeyFlash:PlaintextZeroization CommandSecret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AESSKEYSEED:Derive d to
Page 58
Sensitive security parameter
NameStorageZeroizationRelated SSPsAnd HMAC
SKEYSEEDDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeIPsec/IKEv2 DH Shared Secret:Derived From IPsec/IKEv2 ECDH Shared Secret:Derived From IPsec/IKEv2 Pre- Shared Secret:Derived From
IPsec/IKEv2 Session Encryption KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeSKEYSEED:Derive d From
IPsec/IKEv2 Authentication KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile IPsec/IKEv 2 tunnel is activeSKEYSEED:Derive d From
SNMPv3 Authentication / Privacy PasswordFlash:PlaintextZeroization CommandSNMPv3 Encryption Key:Derived to SNMPv3 Authentication Key:Derived toSecret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS
SNMPv3 Encryption KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SNMPv3 session is activeSNMPv3 Shared Secret:Derived From SNMPv3 Authentication Key:Used With
SNMPv3 Authentication KeyDRAM:Plaintex tZeroization Command Session Terminatio n RebootWhile SNMPv3 session is activeSNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used With
Page 59
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTest PropertiesIndicator
RSA SigVer (FIPS186-4) (A4595)RSA SigVer (FIPS186-4) (A4595)KATSW/FW IntegrityRSA SigVerRSA 2048 SigVer with SHA2-512Module is in normal state
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassN/AN/AModule is in normal state
9.5 Transitions
10 Self-Tests
10.1 Pre-Operational Self-Tests
Page 60
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicat orCondition s
AES-CBC encrypt KAT (A4595)AES-CBC encrypt KAT (A4595)KATCASTEncrypt256 bitsModule is in normal statePower up
AES-CBC decrypt KAT (A4595)AES-CBC decrypt KAT (A4595)KATCASTDecrypt256 bitsModule is in normal statePower up
AES-GCM authenticated encrypt KAT (A4595)AES-GCM authenticated encrypt KAT (A4595)KATCASTAuthenticat ed Encrypt256 bitsModule is in normal statePower up
AES-GCM authenticated decrypt KAT (A4595)AES-GCM authenticated decrypt KAT (A4595)KATCASTAuthenticat ed Decrypt256 bitsModule is in normal statePower up
Counter DRBG Instantiate/Generate/Res eed KAT (A4595)Counter DRBG Instantiate/Generate/Res eed KAT (A4595)KATCASTInstantiate, Generate, and Reseed KATsAES-128Module is in normal statePower up
ECDSA SigGen (FIPS186-4) KAT (A4595)ECDSA SigGen (FIPS186-4) KAT (A4595)KATCASTECDSA SigGen KATCurve P- 256 with SHA2- 256Module is in normal statePower up
ECDSA SigVer (FIPS186-4) KAT (A4595)ECDSA SigVer (FIPS186-4) KAT (A4595)KATCASTECDSA SigVer KATCurve P- 256 with SHA2- 256Module is in normal statePower up
Entropy Source RCT Start-up Health TestsEntropy Source RCT Start-up Health TestsRCTCASTN/ARepetitio n Count Test (RCT)Module is in normal statePower up
Entropy Source APT Start-up Health TestsEntropy Source APT Start-up Health TestsAPTCASTN/AAdaptive Proportio n Test (APT)Module is in normal statePower up
Entropy Source RCT Continuous Health TestsEntropy Source RCT Continuous Health TestsRCTCASTN/ARepetitio n Count Test (RCT)Module is in normal statePerformed continuous ly as entropy source is active
Entropy Source APT Continuous Health TestsEntropy Source APT Continuous Health TestsAPTCASTN/AAdaptive Proportio n Test (APT)Module is in normal statePerformed continuous ly as entropy source is active
HMAC-SHA-1 KAT (A4595)HMAC-SHA-1 KAT (A4595)KATCASTN/ASHA-1Module is in normal statePower up
HMAC-SHA2-224 KAT (A4595)HMAC-SHA2-224 KAT (A4595)KATCASTN/ASHA2- 224Module is in normal statePower up
HMAC-SHA2-256 KAT (A4595)HMAC-SHA2-256 KAT (A4595)KATCASTN/ASHA2- 256Module is in normal statePower up
HMAC-SHA2-384 KAT (A4595)HMAC-SHA2-384 KAT (A4595)KATCASTN/ASHA2- 384Module is in normal statePower up
HMAC-SHA2-512 KAT (A4595)HMAC-SHA2-512 KAT (A4595)KATCASTN/ASHA2- 512Module is in normal statePower up
KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTPrimitive Z KATCurve P- 256Module is in normal statePower up
KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTPrimitive Z KATMODP- 2048Module is inPower up
KDF IKEv2 KAT (A4595)KDF IKEv2 KAT (A4595)KATCASTN/AN/AModule is in normal statePower up
KDF SNMP KAT (A4595)KDF SNMP KAT (A4595)KATCASTN/AN/AModule is in normal statePower up
KDF SSH KAT (A4595)KDF SSH KAT (A4595)KATCASTN/AN/AModule is in normal statePower up
RSA SigGen (FIPS186- 4) KAT (A4595)RSA SigGen (FIPS186- 4) KAT (A4595)KATCASTRSA SigGen KAT2048 bit modulus with SHA2- 256Module is in normal statePower up
RSA SigVer (FIPS186-4) KAT (A4595)RSA SigVer (FIPS186-4) KAT (A4595)KATCASTRSA SigVer KAT2048 bit modulus with SHA2- 256Module is in normal statePower up
TLS v1.2 KDF RFC7627 KAT (A4595)TLS v1.2 KDF RFC7627 KAT (A4595)KATCASTN/AN/AModule is in normal statePower up
ECDSA KeyGen (FIPS186-4) PCT (A4595)ECDSA KeyGen (FIPS186-4) PCT (A4595)PCTPCTECDSACurve P- 256 with SHA2- 256Module is in normal statePerforms all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use.
KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595)KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595)PCTPCTN/ACurve P- 256 with SHA2- 256Module is in normal statePerforms all required pair-wise consistenc y tests on
KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595)KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595)PCTPCTN/AMODP- 2048Module is in normal statePerforms all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use.
RSA KeyGen (FIPS186- 4) PCT (A4595)RSA KeyGen (FIPS186- 4) PCT (A4595)PCTPCTRSA2048 bit modulusModule is in normal statePerforms all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use.
Conditional BypassConditional BypassN/ABypas sN/AN/AModule is in normal statePerforms conditional bypass test before first operationa l use of bypass service

Table 21: Pre-Operational Self-Tests The module performs the following self-tests, including Pre-operational and Conditional selftests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). The self-test success or failure results are an output of the return value of the library load API call, which is functioning as the self-test status indicator. If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests

d s SHA2256 SHA2256 © 2021-2025 Cisco Systems, Inc.

Page 61

d s N/A N/A N/A N/A N/A SHA2224 N/A SHA2256 N/A SHA2384 N/A SHA2512 N/A Curve P256 MODP2048 © 2021-2025 Cisco Systems, Inc.

Page 62

d N/A N/A N/A SHA2256 SHA2256 N/A SHA2256 SHA2256 © 2021-2025 Cisco Systems, Inc. s N/A N/A N/A N/A N/A

Page 63

d MODP2048 N/A N/A N/A s N/A Table 22: Conditional Self-Tests

10.3 Periodic Self-Test Information
Page 64
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
RSA SigVer (FIPS186-4) (A4595)RSA SigVer (FIPS186-4) (A4595)KATSW/FW IntegrityRecommend 60 DaysReboot
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassRecommend 60 DaysReboot
AES-CBC encrypt KAT (A4595)AES-CBC encrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-CBC decrypt KAT (A4595)AES-CBC decrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-GCM authenticated encrypt KAT (A4595)AES-GCM authenticated encrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-GCM authenticated decrypt KAT (A4595)AES-GCM authenticated decrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate/Generate/Reseed KAT (A4595)Counter DRBG Instantiate/Generate/Reseed KAT (A4595)KATCASTRecommend 60 DaysReboot
ECDSA SigGen (FIPS186-4) KAT (A4595)ECDSA SigGen (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
ECDSA SigVer (FIPS186-4) KAT (A4595)ECDSA SigVer (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
Entropy Source RCT Start- up Health TestsEntropy Source RCT Start- up Health TestsRCTCASTRecommend 60 DaysReboot
Entropy Source APT Start- up Health TestsEntropy Source APT Start- up Health TestsAPTCASTRecommend 60 DaysReboot
Entropy Source RCT Continuous Health TestsEntropy Source RCT Continuous Health TestsRCTCASTN/AN/A
Entropy Source APT Continuous Health TestsEntropy Source APT Continuous Health TestsAPTCASTN/AN/A
HMAC-SHA-1 KAT (A4595)HMAC-SHA-1 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-224 KAT (A4595)HMAC-SHA2-224 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-256 KAT (A4595)HMAC-SHA2-256 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-384 KAT (A4595)HMAC-SHA2-384 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-512 KAT (A4595)HMAC-SHA2-512 KAT (A4595)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTRecommend 60 DaysReboot
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
RSA SigVer (FIPS186-4) (A4595)RSA SigVer (FIPS186-4) (A4595)KATSW/FW IntegrityRecommend 60 DaysReboot
Pre-Operational Bypass TestPre-Operational Bypass TestN/ABypassRecommend 60 DaysReboot
AES-CBC encrypt KAT (A4595)AES-CBC encrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-CBC decrypt KAT (A4595)AES-CBC decrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-GCM authenticated encrypt KAT (A4595)AES-GCM authenticated encrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
AES-GCM authenticated decrypt KAT (A4595)AES-GCM authenticated decrypt KAT (A4595)KATCASTRecommend 60 DaysReboot
Counter DRBG Instantiate/Generate/Reseed KAT (A4595)Counter DRBG Instantiate/Generate/Reseed KAT (A4595)KATCASTRecommend 60 DaysReboot
ECDSA SigGen (FIPS186-4) KAT (A4595)ECDSA SigGen (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
ECDSA SigVer (FIPS186-4) KAT (A4595)ECDSA SigVer (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
Entropy Source RCT Start- up Health TestsEntropy Source RCT Start- up Health TestsRCTCASTRecommend 60 DaysReboot
Entropy Source APT Start- up Health TestsEntropy Source APT Start- up Health TestsAPTCASTRecommend 60 DaysReboot
Entropy Source RCT Continuous Health TestsEntropy Source RCT Continuous Health TestsRCTCASTN/AN/A
Entropy Source APT Continuous Health TestsEntropy Source APT Continuous Health TestsAPTCASTN/AN/A
HMAC-SHA-1 KAT (A4595)HMAC-SHA-1 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-224 KAT (A4595)HMAC-SHA2-224 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-256 KAT (A4595)HMAC-SHA2-256 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-384 KAT (A4595)HMAC-SHA2-384 KAT (A4595)KATCASTRecommend 60 DaysReboot
HMAC-SHA2-512 KAT (A4595)HMAC-SHA2-512 KAT (A4595)KATCASTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595)KATCASTRecommend 60 DaysReboot
KDF IKEv2 KAT (A4595)KDF IKEv2 KAT (A4595)KATCASTRecommend 60 DaysReboot
KDF SNMP KAT (A4595)KDF SNMP KAT (A4595)KATCASTRecommend 60 DaysReboot
KDF SSH KAT (A4595)KDF SSH KAT (A4595)KATCASTRecommend 60 DaysReboot
RSA SigGen (FIPS186-4) KAT (A4595)RSA SigGen (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
RSA SigVer (FIPS186-4) KAT (A4595)RSA SigVer (FIPS186-4) KAT (A4595)KATCASTRecommend 60 DaysReboot
TLS v1.2 KDF RFC7627 KAT (A4595)TLS v1.2 KDF RFC7627 KAT (A4595)KATCASTRecommend 60 DaysReboot
ECDSA KeyGen (FIPS186- 4) PCT (A4595)ECDSA KeyGen (FIPS186- 4) PCT (A4595)PCTPCTRecommend 60 DaysReboot
KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595)KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595)PCTPCTRecommend 60 DaysReboot
KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595)KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595)PCTPCTRecommend 60 DaysReboot
RSA KeyGen (FIPS186-4) PCT (A4595)RSA KeyGen (FIPS186-4) PCT (A4595)PCTPCTRecommend 60 DaysReboot
Conditional BypassConditional BypassN/ABypassRecommend 60 DaysReboot

N/A Table 23: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc. N/A N/A N/A N/A

Page 65
Service
NameDescriptionRole AccessIndicator
Error StateIf self-test tests fail, the module is put into an error state.Self-test failureSystem haltReboot the module

N/A Table 24: Conditional Periodic Information The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.4 Error States

Table 25: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational integrity test and the conditional CASTs. © 2021-2025 Cisco Systems, Inc.

Page 66
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module meets all the Level 1 requirements for FIPS 140-3. Operating this module without maintaining the following settings will remove the module from the approved mode of operation. Any firmware that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation. The Crypto Officer must configure and enforce the following initialization steps: Step 1: Crypto Officer performs the following configurations: ciscoasa# configure terminal Note, the Crypto Officer needs to connect the platform to cisco.com to obtain the license for ASA from Cisco. ciscoasa(config)# license smart register idtoken [token data] ciscoasa(config)#license smart ciscoasa(config-smart-lic)# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED -ORciscoasa(config-smart-lic)# show license summary Smart Licensing is ENABLED Registration: Step 2. Crypto officer shall perform zeroization operation if the module was previously used before the approved mode configuration. configure factory-default Step 3: Enable approved mode of operation by using the following command. ciscoasa(config)# fips enable Note: Startup operational mode will not take effect until you save configuration and reboot the device. Rebooting the device will force new self-test Step 4: Crypto Officer can verify the version installed and running the following command. ciscoasa(config)# show version Step 5: Crypto Officer will need to issue the following commands to configure module. ciscoasa> en ciscoasa# conf t ciscoasa(config)# © 2021-2025 Cisco Systems, Inc.

Page 67

Step 6: Configure IP address for unit and all distant endpoints. Step 7: Define RADIUS and TACACS+ shared secret keys that are at least 16 characters long and secure traffic between the security module and the RADIUS/ TACACS+ server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS/TACAS+ is configured, otherwise skip over and proceed to next step. Step 8: Configure the security module so that any remote connections via Telnet are secured through IPSec connection by using the following commands crypto map interface access-list protocol esp encryption aes protocol esp integrity sha-256 Note: If the destined IP address is not within access-list, after running two internal independent actions defined in section 4.6 above, the module would enter the Bypass state. Step 9: Configure the security services by using the algorithms from section 2.5 Approved Algorithms table in this document for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Note the module will reject any configuration with algorithms not listed in Approved Algorithm Table after the module is operated in approved mode. Here is an example of configuring the approved algorithms for the security services: SSH: ssh cipher encryption custom aes128-gcm@openssh.com ssh cipher integrity custom hmac-sha2-256 ssh key-exchange group ecdh-sha2-nistp256 TLSv1.2: ssl cipher tlsv1.2 ecdhe-rsa-aes128-sha SNMPv3: snmp-server user <SNMP username> <group name> v3 auth sha <auth password> priv aes 128 <priv password> IKEv2: crypto ikev2 policy <policy number> encryption aes integrity sha256 group 14 IPsec: crypto ipsec ikev2 ipsec-proposal <name your proposal> protocol esp encryption aes protocol esp integrity sha-256 Step 10: Disable the TFTP server by following the commands: © 2021-2025 Cisco Systems, Inc.

Page 68

policy-map global_policy class inspection_default no inspect tftp Step 11: Disable HTTP for performing system management in approved mode of operation by using the command: no http server enable HTTPS with TLSv1.2 should always be used for Web-based management. Step 12: Save the configuration. write memory Step 13: Reboot the module. reload Step 14: Check the Module’s name, version and approved service status by using the following commands: Output the modules name/version: show version Output the modules approved mode of operation status: show fips

11.2 Administrator Guidance

No specific administrator guidance.

11.3 Non-Administrator Guidance

No specific non-administrator guidance.

12 Mitigation of Other Attacks

N/A for this module. © 2021-2025 Cisco Systems, Inc.