| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware-hybrid |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 12/18/2030 |
| Caveat | When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy |
| Vendor | Cisco Systems, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4595 |
| AES-GCM | A4595 |
| Counter DRBG | A4595 |
| ECDSA KeyGen (FIPS186-4) | A4595 |
| ECDSA SigGen (FIPS186-4) | A4595 |
| ECDSA SigVer (FIPS186-4) | A4595 |
| HMAC-SHA-1 | A4595 |
| HMAC-SHA2- 224 | A4595 |
| HMAC-SHA2- 256 | A4595 |
| HMAC-SHA2- 384 | A4595 |
| HMAC-SHA2- 512 | A4595 |
| KAS-ECC-SSC Sp800-56Ar3 | A4595 |
| KAS-FFC-SSC Sp800-56Ar3 | A4595 |
| KDF IKEv2 (CVL) | A4595 |
| KDF SNMP (CVL) | A4595 |
| KDF SSH (CVL) | A4595 |
| RSA KeyGen (FIPS186-4) | A4595 |
| RSA SigGen (FIPS186-4) | A4595 |
| RSA SigVer (FIPS186-4) | A4595 |
| SHA-1 | A4595 |
| SHA2-224 | A4595 |
| SHA2-256 | A4595 |
| SHA2-384 | A4595 |
| SHA2-512 | A4595 |
| TLS v1.2 KDF RFC7627 (CVL) | A4595 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Physical Security | 7 |
| Non-Invasive Security | N/A |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Cisco Adaptive Security Appliance Virtual Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>IPsec/IKEv2 Session Encrypt/Decrypt</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cisco Adaptive Security Appliance Virtual Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>IPsec/IKEv2 Session Encrypt/Decrypt</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Cisco Systems, Inc. Cisco Adaptive Security Appliance Virtual Cryptographic Module Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2025 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 5 |
| 2.1 | Description | 5 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 6 |
| 2.3 | Excluded Components | 7 |
| 2.4 | Modes of Operation | 7 |
| 2.5 | Algorithms | 8 |
| 2.6 | Security Function Implementations | 10 |
| 2.7 | Algorithm Specific Information | 16 |
| 2.8 | RBG and Entropy | 17 |
| 2.9 | Key Generation | 18 |
| 2.10 | Key Establishment | 18 |
| 2.11 | Industry Protocols | 19 |
| 3 | Cryptographic Module Interfaces | 19 |
| 3.1 | Ports and Interfaces | 19 |
| 4 | Roles, Services, and Authentication | 20 |
| 4.1 | Authentication Methods | 20 |
| 4.2 | Roles | 20 |
| 4.3 | Approved Services | 20 |
| 4.4 | Non-Approved Services | 33 |
| 4.5 | External Software/Firmware Loaded | 33 |
| 4.6 | Bypass Actions and Status | 33 |
| 4.7 | Cryptographic Output Actions and Status | 33 |
| 4.8 | Additional Information | 33 |
| 5 | Software/Firmware Security | 33 |
| 5.1 | Integrity Techniques | 33 |
| 5.2 | Initiate on Demand | 34 |
| 6 | Operational Environment | 34 |
| 6.1 | Operational Environment Type and Requirements | 34 |
| 7 | Physical Security | 34 |
| 7.1 | Mechanisms and Actions Required | 34 |
| 8 | Non-Invasive Security | 34 |
| 9 | Sensitive Security Parameters Management | 35 |
| 9.1 | Storage Areas | 35 |
| 9.2 | SSP Input-Output Methods | 35 |
| 9.3 | SSP Zeroization Methods | 36 |
| 9.4 | SSPs | 36 |
| 9.5 | Transitions | 59 |
| 10 | Self-Tests | 59 |
| 10.1 | Pre-Operational Self-Tests | 59 |
| 10.2 | Conditional Self-Tests | 60 |
| 10.3 | Periodic Self-Test Information | 63 |
| 10.4 | Error States | 65 |
| 11 | Life-Cycle Assurance | 66 |
| 11.1 | Installation, Initialization, and Startup Procedures | 66 |
| 11.2 | Administrator Guidance | 68 |
| 11.3 | Non-Administrator Guidance | 68 |
| 12 | Mitigation of Other Attacks | 68 |
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 7 |
| Table 3: Tested Module Identification – Hybrid Disjoint Hardware | 7 |
| Table 4: Tested Operational Environments - Software, Firmware, Hybrid | 7 |
| Table 5: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid | 7 |
| Table 6: Modes List and Description | 8 |
| Table 7: Approved Algorithms | 9 |
| Table 8: Vendor-Affirmed Algorithms | 10 |
| Table 9: Security Function Implementations | 16 |
| Table 10: Entropy Certificates | 17 |
| Table 11: Entropy Sources | 17 |
| Table 12: Ports and Interfaces | 19 |
| Table 13: Roles | 20 |
| Table 14: Approved Services | 33 |
| Table 15: Mechanisms and Actions Required | 34 |
| Table 16: Storage Areas | 35 |
| Table 17: SSP Input-Output Methods | 36 |
| Table 18: SSP Zeroization Methods | 36 |
| Table 19: SSP Table 1 | 44 |
| Table 20: SSP Table 2 | 59 |
| Table 21: Pre-Operational Self-Tests | 60 |
| Table 22: Conditional Self-Tests | 63 |
| Table 23: Pre-Operational Periodic Information | 64 |
| Table 24: Conditional Periodic Information | 65 |
| Table 25: Error States | 65 |
| Figure 1 Block Diagram | 6 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 1 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
Appliance Virtual Cryptographic Module (hereinafter referred to as ASAv or the Module), firmware version 9.20(3). The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 1 firmware hybrid The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic indicates the actual security levels for each area of the cryptographic module.
Purpose and Use: This module is a multi-chip standalone firmware hybrid cryptographic module deployed as the virtualized version of the Cisco Adaptive Security Appliance (ASA) with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FXOS throughout this document). The Module’s operational environment is non-modifiable. ASA delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security © 2021-2025 Cisco Systems, Inc.
and secure unified communications, SSHv2, HTTPS/TLSv1.2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B. Module Type: Firmware-hybrid Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic module (red dash box) is a non-modifiable, multi-chip standalone firmware hybrid cryptographic module providing cryptographic support which takes data in and out from the host application via the API. The block diagram below shows the boundary of the Tested Operational Environment’s Physical Perimeter (TOEPP) being defined as the physical perimeter of the tested platform enclosure around which everything runs. The cryptographic boundary is the module (red dash box) and its interfaces with the operational environment. Processor Host Platform API Hypervisor API ASA API FOM Figure 1 Block Diagram The Block Diagram above comprises the following components
Tested Module Identification
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| asav9-20-3.zip | 9.20(3) | asav9-20-3.zip | RSA 2048 SigVer with SHA2-512 | ||||||||
| Intel Xeon Platinum 8160 (Skylake) | Intel Xeon Platinum 8160 (Skylake) | 1.0 | N/A | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX-OS) on VMware ESXi 7.0 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | 9.20(3) | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| asav9-20-3.zip | 9.20(3) | asav9-20-3.zip | RSA 2048 SigVer with SHA2-512 | ||||||||
| Intel Xeon Platinum 8160 (Skylake) | Intel Xeon Platinum 8160 (Skylake) | 1.0 | N/A | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX-OS) on VMware ESXi 7.0 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | 9.20(3) | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| asav9-20-3.zip | 9.20(3) | asav9-20-3.zip | RSA 2048 SigVer with SHA2-512 | ||||||||
| Intel Xeon Platinum 8160 (Skylake) | Intel Xeon Platinum 8160 (Skylake) | 1.0 | N/A | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX-OS) on VMware ESXi 7.0 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | 9.20(3) | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| asav9-20-3.zip | 9.20(3) | asav9-20-3.zip | RSA 2048 SigVer with SHA2-512 | ||||||||
| Intel Xeon Platinum 8160 (Skylake) | Intel Xeon Platinum 8160 (Skylake) | 1.0 | N/A | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX-OS) on VMware ESXi 7.0 | Linux 4 (FX-OS) on VMware ESXi 7.0 | UCS C220 M5 SFF Server | 9.20(3) | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
Tested Module Identification
Modes List and Description: © 2021-2025 Cisco Systems, Inc.
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4595 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38A |
| AES-GCM | A4595 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 256 | SP 800-38D |
| Counter DRBG | A4595 | Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512 | FIPS 186-4 |
| HMAC-SHA-1 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods - P- 256, P-384, P-521 Scheme - | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDF IKEv2 (CVL) | A4595 | Diffie-Hellman Shared Secret Length - Diffie- Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 | SP 800-135 Rev. 1 |
| KDF SNMP (CVL) | A4595 | Password Length - Password Length: 256, 64 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A4595 | Cipher - AES-128, AES-192, AES-256 | SP 800-135 Rev. 1 |
| RSA KeyGen (FIPS186-4) | A4595 | Key Generation Mode - B.3.4 Modulo - 2048, 3072 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A4595 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4595 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072 | FIPS 186-4 |
| Safe Primes Key Generation | A4595 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp- 4096 | SP 800-56A Rev. 3 |
| SHA-1 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| TLS v1.2 KDF RFC7627 (CVL) | A4595 | Hash Algorithm - SHA2-256, SHA2-384, SHA2- 512 | SP 800-135 Rev. 1 |
Table 6: Modes List and Description The module has one Approved mode of operation and does not implement a Non-Approved following the steps in section 11 of this document, the module will only operate in the Approved mode of operation. The module doesn’t claim the implementation of a degraded mode
Approved Algorithms: HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2512 © 2021-2025 Cisco Systems, Inc.
| Name | Properties | ||
|---|---|---|---|
| CKG | Key Type:Asymmetric | N/A | The Module performs Cryptographic Key Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2 |
Table 7: Approved Algorithms Vendor-Affirmed Algorithms: N/A © 2021-2025 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| KAS-FFC (SSHv2) | Full KAS-FFC Key Agreement used for SSHv2 service | KAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: MODP-2048, MODP-3072, MODP-4096 Safe Primes Key Generation: (A4595) KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-ECC (SSHv2) | Full KAS-ECC Key Agreement used for SSHv2 service | KAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-FFC (TLSv1.2) | Full KAS-FFC Key Agreement used for TLSv1.2 service | KAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: ffdhe2048, ffdhe3072, ffdhe4096 Safe Primes Key Generation: (A4595) TLS v1.2 KDF RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-ECC (TLSv1.2) | Full KAS-ECC Key Agreement used for TLSv1.2 service | KAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 TLS v1.2 KDF RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-FFC (IKEv2) | Full KAS-FFC Key Agreement used for IKEv2 service | KAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: MODP-2048, MODP-3072, MODP-4096 Safe Primes Key Generation: (A4595) KDF IKEv2: (A4595) Counter DRBG: (A4595) CKG: () | CKG KAS-Full | Caveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-ECC (IKEv2) | Full KAS-ECC Key Agreement used for IKEv2 service | KAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 KDF IKEv2: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KTS (TLSv1.2 with AES and HMAC) | KTS via TLSv1.2 service by using AES and HMAC | AES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) | KTS-Unwrap KTS-Wrap | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method |
| KTS (TLSv1.2 with AES-GCM) | KTS via TLSv1.2 service by using AES- GCM | AES-GCM: (A4595) Key Length: 128, 256 | KTS-Unwrap KTS-Wrap | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:method: use of any approved authenticated symmetric encryption mode |
| KTS (SSHv2 with AES and HMAC) | KTS via SSHv2 service by using AES and HMAC | AES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) SHA-1: (A4595) SHA2-256: (A4595) | KTS-Unwrap KTS-Wrap | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method |
| KTS (SSHv2 with AES-GCM) | KTS via SSHv2 service by using AES-GCM | AES-GCM: (A4595) Key Length: 128, 256 | KTS-Unwrap KTS-Wrap | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:method: use of any approved authenticated symmetric encryption mode |
| RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen for SSHv2, TLSv1.2, and IKEv2 services | RSA KeyGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bits Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | AsymKeyPair- KeyGen CKG | |
| ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ECDSA KeyGen for SSHv2, TLSv1.2, and IKEv2 services | ECDSA KeyGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 Counter DRBG: (A4595) | AsymKeyPair- KeyGen CKG | |
| RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA SigGen for SSHv2, TLSv1.2, and IKEv2 services | RSA SigGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bits | DigSig-SigGen | |
| ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) | ECDSA SigGen for SSHv2, TLSv1.2, and IKEv2 services | ECDSA SigGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 | DigSig-SigGen | |
| RSA SigVer (SSHv2, TLSv1.2, IKEv2) | RSA SigVer for SSHv2, TLSv1.2, and IKEv2 services | RSA SigVer (FIPS186-4): (A4595) Modulus: 2048, 3072 bits | DigSig-SigVer | |
| ECDSA SigVer (SSHv2, TLSv1.2, IKEv2) | ECDSA SigVer for SSHv2, TLSv1.2, and IKEv2 services | ECDSA SigVer (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 | DigSig-SigVer | |
| SSHv2 Session Encrypt/Decrypt | SSHv2 session protection. | AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 | BC-Auth BC-UnAuth | Bit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC |
| SSHv2 Session Authentication | SSHv2 Session Authentication. | SHA-1: (A4595) SHA2-256: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) | MAC | |
| SSHv2 Keying Materials Development | SSHv2 session keying materials, used to derive SSHv2 session keys. | KDF SSH: (A4595) | KAS-135KDF | |
| TLSv1.2 Session Encrypt/Decrypt | TLSv1.2 session protection | AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 | BC-Auth BC-UnAuth | Bit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC |
| TLSv1.2 Session Authentication | TLSv1.2 session authentication. | SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) | MAC | |
| TLSv1.2 Keying Materials Development | TLSv1.2 session keying materials, used to derive TLS session keys. | TLS v1.2 KDF RFC7627: (A4595) | KAS-135KDF | |
| IPsec/IKEv2 Session Encrypt/Decrypt | IPsec/IKEv2 session protection | AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 | BC-Auth BC-UnAuth | Bit-strength Caveat:Provides between 112 and 152 bits of encryption strength when keys derived by KAS-FFC; Provides between 128 and 256 bits of encryption strength when keys derived by KAS-ECC |
| IPsec/IKEv2 Session Authentication | IPsec/IKEv2 session authentication. | SHA2-256: (A4595) SHA2-384: (A4595) SHA2-512: | MAC | |
| IPsec/IKEv2 Keying Materials Development | IPsec/IKEv2 session keying materials, used to derive IPsec/IKEv2 session keys. | KDF IKEv2: (A4595) | KAS-135KDF | |
| SNMPv3 Session Encrypt/Decrypt | SNMPv3 session protection. | AES-CBC: (A4595) Key Length: 128, 256 | BC-UnAuth | Bit-strength Caveat:Provides 128 or 256 bits of encryption strength |
| SNMPv3 Session Authentication | SNMPv3 session authentication. | SHA-1: (A4595) SHA2-224: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 224: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) | MAC | |
| SNMPv3 Keying Materials Development | SNMPv3 session keying materials, used to derive SNMPv3 session keys. | KDF SNMP: (A4595) | KAS-135KDF | |
| DRBG Function | Used for DRBG generation | Counter DRBG: (A4595) | DRBG |
Table 8: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
AsymKeyPairKeyGen © 2021-2025 Cisco Systems, Inc.
Table 9: Security Function Implementations
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Cisco Jitter Entropy Source | Non- Physical | 256 bits | Intel Xeon Platinum 8160 (Skylake) | Full entropy | A2810 (SHA3- 256) |
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E3 | Cisco |
3.3.1. The keys for the client and server negotiated in the TLSv1.2 handshake process (client_write_key and server_write_key) are compared and the module aborts the session if the key values are identical. The operations of one of the two parties involved in the TLS key establishment scheme were performed entirely within the cryptographic boundary of the module being validated. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key. In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.
Table 10: Entropy Certificates NonPhysical Table 11: Entropy Sources A2810 (SHA3256) The module employs a Deterministic Random Bit Generator (DRBG) implementation based on SP800-90Arev1. This DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). © 2021-2025 Cisco Systems, Inc.
The DRBG implemented is an AES-256 Counter DRBG, seeded by the entropy source described in the table above. The Counter DRBG utilizes the Derivation Function and employs prediction resistance. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy). Additionally, the DRBG is reseeded with a 256-bits long entropy input (corresponding to 256 bits of entropy).
The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800- 133r2. When random values are required, they are obtained from the SP 800-90Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2. The following methods are implemented:
The module provides the following key/SSP establishment services in the approved mode of operation: KAS-FFC Shared Secret Computation:
parameter generation, key pair generation and verification, and shared secret computation.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | Arguments for an API that provide the data to be used for processed by the module. |
| N/A | N/A | Data Output | Arguments output from an API call. |
| N/A | N/A | Control Input | Arguments for an API call used to control and configure module operation. |
| N/A | N/A | Control Output | N/A |
| N/A | N/A | Status Output | Return values, and/or log messages. |
| N/A | N/A | Power | Provide the Power Supply to the module. |
o o MODP-3072 (ID = 15) MODP-4096 (ID =
The module supports SSHv2, TLSv1.2, IPsec/IKEv2 and SNMPv3 industrial protocols. No parts of SSHv2, TLSv1.2, IPsec/IKEv2 or SNMPv3 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.
N/A N/A N/A N/A N/A N/A Table 12: Ports and Interfaces N/A The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides its logical interfaces via Application Programming Interface (API) calls. The logical interfaces provided by the module are mapped onto the FIPS 140-3 interfaces © 2021-2025 Cisco Systems, Inc.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Show Status | Provide Module's current status | Crypto Officer | None | None | API command to show status. | Module's current status. | |||
| Show Version | Provide Module's name/ID and versioning informatio n. | Crypto Officer | None | None | API command "show version" | Module's name "ASAv Adaptive Security Virtual Appliance" and versioning information | |||
| Perform Self-Tests | Perform Self-Tests (Pre- operationa l self-tests and | Crypto Officer | None | None | API command s to conduct on- demand | Status of the self- tests results. |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | Authentication Methods |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Show Status | Provide Module's current status | Crypto Officer | None | None | API command to show status. | Module's current status. | |||
| Show Version | Provide Module's name/ID and versioning informatio n. | Crypto Officer | None | None | API command "show version" | Module's name "ASAv Adaptive Security Virtual Appliance" and versioning information | |||
| Perform Self-Tests | Perform Self-Tests (Pre- operationa l self-tests and | Crypto Officer | None | None | API command s to conduct on- demand | Status of the self- tests results. |
Table 13: Roles The module supports Crypto Officer (CO) role. The module does not allow concurrent operators. The Crypto Officer is implicitly assumed based on the service requested.
The following tables detail the types of approved services available to each role in approved mode of operation, the types of access for each role and the Keys or SSPs they affect.
| Name | Role Access | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Perform Zeroizatio n | Perform Zeroizatio n. | Crypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH RSA Private Key: Z - SSH RSA Public Key: | None | None | API command s to conduct Zeroizatio n operation or Power down the tested platform. | Status of the SSPs zeroization. |
n al SelfTests) n. Z Z Z Z Z Z SelfTests. © 2021-2025 Cisco Systems, Inc. n
| Name | Csps Accessed | Descripti | Security |
|---|---|---|---|
| on | Access | on | Functions |
| on | Access | on | Functions |
| on | Access | on | Functions |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configure Network | Sets configurati on of the systems. | Crypto Officer | None | None | API command s to configure the module. | Status of the completion of network related configuratio n. |
| Configure Bypass capability | Sets the Bypass capability | Crypto Officer | None | None | API command s to configure the Bypass capability. | Status of the completion of Bypass capability configuratio n. |
| Configure SSHv2 Function | Configure SSHv2 Function | Crypto Officer - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | Global Indicator and SSHv2 configurati on success status message. | API command s to configure SSHv2. | Status of the completion of SSHv2 configuratio n. |
| DRBG Function | State V value: G,W,E - DRBG Key: G,W,E - RADIUS Secret: W - TACACS+ Secret: W | DRBG Function | ||||
| Configure HTTPS over TLSv1.2 Function | Configure HTTPS over TLSv1.2 Function. | Crypto Officer - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG Function | Global Indicator and HTTPS over TLSv1.2 configurati on success status message. | API command s to configure HTTPS over TLSv1.2 | Status of the completion of HTTPS over TLSv1.2 configuratio n. |
| Configure IPsec/IKE v2 Functions | Configure IPsec/IKE v2 Functions | Crypto Officer - IPsec/IKEv2 RSA Private Key: G,W,E - IPsec/IKEv2 RSA Public Key: G,W,E | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES | Global Indicator with IPsec/IKE v2 configurati on success status message. | API command s to configure IPsec/IKE v2. | Status of the completion of IPsec/IKEv 2 secure tunnel configuratio n. |
| and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG Function | - IPsec/IKEv2 ECDSA Private Key: G,W,E - IPsec/IKEv2 ECDSA Public Key: G,W,E - IPsec/IKEv2 Pre-Shared Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2, IKEv2) ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) DRBG Function | ||||
| Configure SNMPv3 Function | Configure SNMPv3 Function | Crypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticati on Key: G,W,E | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) SNMPv3 Keying Materials Development | Global Indicator and SNMPv3 configurati on success status message. | API command s to configure SNMPv3. | Status of the completion of SNMPv3 configuratio n. |
| Run SSHv2 Function | Execute SSHv2 Function | Crypto Officer - SSH DH | KAS-FFC (SSHv2) KAS-ECC | Global Indicator and | API command s to | Status of SSHv2 secure |
n. n. n. © 2021-2025 Cisco Systems, Inc. with AESGCM) with AESGCM) G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E
n. with AESGCM) with AESGCM) n. with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E G,W,E
with AESGCM) n. with AESGCM) with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,W,E G,W,E G,W,E W,E G,W,E
| Name | Csps Accessed | Indicator | Input | Output | Descripti | Security | ||
|---|---|---|---|---|---|---|---|---|
| on | Access | on | Functions | |||||
| Successfu l SSHv2 log message. | Successfu l SSHv2 log message. | execute SSHv2 service. | tunnel establishme nt. | (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, IKEv2) SSHv2 Session Encrypt/Decr ypt SSHv2 Session Authenticatio n SSHv2 Keying Materials Development DRBG Function | Private Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer ECDH Public Key: W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session |
© 2021-2025 Cisco Systems, Inc. with AESGCM) n G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E G,W,E G,R,W G,W,E G,R,W
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Run HTTPS over TLSv1.2 Function | Execute HTTPS over TLSv1.2 Function. | Crypto Officer - TLS DH Private Key: G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLS | KAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2, | Global Indicator and Successfu l HTTPS over TLSv1.2 log message. | API command to execute HTTPS over TLSv1.2 service. | Status of HTTPS over TLSv1.2 establishme nt. |
| TLSv1.2, IKEv2) TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n TLSv1.2 Keying Materials Development DRBG Function | ECDH Shared Secret: G,W,E - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticati on Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | TLSv1.2, IKEv2) TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n TLSv1.2 Keying Materials Development DRBG Function | ||||
| Run IPsec/IKE v2 Functions | Execute IPsec/IKE v2 Functions | Crypto Officer - IPsec/IKEv2 | KAS-FFC (IKEv2) KAS-ECC (IKEv2) | Global Indicator and Successfu | API command to execute | Status of IPsec/IKEv 2 secure tunnel |
with AESGCM) © 2021-2025 Cisco Systems, Inc. G,W,E G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W W,E
| Name | Csps Accessed | Indicator | Input | Output | Descripti | Security | ||
|---|---|---|---|---|---|---|---|---|
| on | Access | on | Functions | |||||
| l IPsec/IKE v2 log message. | l IPsec/IKE v2 log message. | IPsec/IKE v2 | establishme nt | RSA SigGen (SSHv2, TLSv1.2, IKEv2) ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) RSA SigVer (SSHv2, TLSv1.2, IKEv2) ECDSA SigVer (SSHv2, TLSv1.2, IKEv2) IPsec/IKEv2 Session Encrypt/Decr ypt IPsec/IKEv2 Session Authenticatio n IPsec/IKEv2 Keying Materials Development DRBG Function | DH Private Key: G,W,E - IPsec/IKEv2 DH Public Key: G,R,W - IPsec/IKEv2 Peer DH Public Key: W,E - IPsec/IKEv2 DH Shared Secret: G,W,E - IPsec/IKEv2 ECDH Private Key: G,W,E - IPsec/IKEv2 ECDH Public Key: G,R,W - IPsec/IKEv2 Peer ECDH Public Key: W,E - IPsec/IKEv2 ECDH Shared Secret: G,W,E - IPsec/IKEv2 RSA Private Key: G,W,E - IPsec/IKEv2 RSA Public Key: G,W,E - IPsec/IKEv2 ECDSA Private Key: |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Run SNMPv3 Functions | Execute SNMPv3 Function. | Crypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticati | SNMPv3 Session Encrypt/Decr ypt SNMPv3 Session Authenticatio n SNMPv3 Keying Materials Development | Global Indicator and Successfu l SNMPv3 log message. | API command to execute SNMPv3 service. | Status of SNMPv3 service. |
| Name | Csps Accessed | Descripti | Security |
|---|---|---|---|
| on | Access | on | Functions |
The module implements alternating Bypass service. Traffic output from the module’s data output interface can be cryptographically protected via IPSec/IKE VPN, or passed as plaintext (Bypass state), depending on the VPN tunnel establishment on the dedicated data output interface. The operator shall assume Crypto Officer role so as to configure IPSec/IKE VPN capability. If no IPSec/IKE VPN was configured, after running two independent internal actions, Module would enter the Bypass state. Before the module executes the Bypass service (sending out plaintext traffic via the data output interface), the module would conduct two independent internal actions to prevent the inadvertent bypass of plaintext data due to a single error. The Crypto Officer can use commands “show access-list” and “show crypto ipsec sa” to verify the module’s Bypass status. In Bypass tests fail, the module would enter an error state, and drop the traffic.
The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error.
The module supports unauthenticated service. The unauthenticated operator can trigger the self-test service by power-cycling the module.
The module is provided in the form of binary executable code. To ensure firmware security, the library is protected by RSA 2048 SigVer with SHA2-512 (RSA and SHA2-512 Cert. #A4595) © 2021-2025 Cisco Systems, Inc.
| Mechanism | Inspection | Inspection | ||
|---|---|---|---|---|
| Frequency | Guidance | |||
| Production grade components | N/A | N/A |
signature calculated at build time. At crypto module library initialization, the signature is recalculated and compared to the hardcoded build-time generated signature value. If at load time the signature does not match, the crypto module library exits with error. If failure occurs during self-test, all crypto functionality is disabled.
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the integrity test on-demand.
Type of Operational Environment: Non-Modifiable The module is a firmware hybrid module, which is operated in a non-modifiable operational environment per FIPS 140-3 level 1 specifications. The module’s firmware version running on each tested platform is 9.20(3). The module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevent unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators.
N/A Table 15: Mechanisms and Actions Required The module is running on the multi-chip standalone production grade platform to meet physical security requirements from FIPS 140-3 level
N/A for this module. © 2021-2025 Cisco Systems, Inc.
| Name | Type | Description |
|---|---|---|
| DRAM | Dynamic | Volatile memory provided by the ESXi host for the module temporary. |
| Flash | Static | Non-Volatile memory provided by the ESXi host for the module to retain memory across power-cycles. |
| Name | Approved Functions | Type | From | To | ||
|---|---|---|---|---|---|---|
| Peer Public Key Input | Plaintext | External (Outside of the Module's Boundary) | Module | Automated | Electronic | |
| Module Public Key Output | Plaintext | Module | External (Outside of the Module's Boundary) | Automated | Electronic | |
| Secret Input via SSHv2 encrypted by GCM | KTS (SSHv2 with AES- GCM) | Encrypted | External (Outside of the Module's Boundary) | Module | Automated | Electronic |
| Public key Output via SSHv2 encrypted by GCM | KTS (SSHv2 with AES- GCM) | Encrypted | Module | External (Outside of the Module's Boundary) | Automated | Electronic |
| Secret Input via SSHv2 encrypted by AES and HMAC | KTS (SSHv2 with AES and HMAC) | Encrypted | External (Outside of the Module's Boundary) | Module | Automated | Electronic |
| Public key Output via SSHv2 encrypted by AES and HMAC | KTS (SSHv2 with AES and HMAC) | Encrypted | Module | External (Outside of the Module's Boundary) | Automated | Electronic |
| Secret Input via TLS encrypted by GCM | KTS (TLSv1.2 with AES- GCM) | Encrypted | External (Outside of the Module's Boundary) | Module | Automated | Electronic |
| Public key Output via TLS encrypted by GCM | KTS (TLSv1.2 with AES- GCM) | Encrypted | Module | External (Outside of the Module's Boundary) | Manual | Electronic |
| Secret Input via TLS encrypted by AES and HMAC | KTS (TLSv1.2 with AES and HMAC) | Encrypted | External (Outside of the Module's Boundary) | Module | Automated | Electronic |
| Public key Output via TLS encrypted by AES and HMAC | KTS (TLSv1.2 with AES- GCM) | Encrypted | Module | External (Outside of the Module's Boundary) | Automated | Electronic |
with AESGCM) with AESGCM) © 2021-2025 Cisco Systems, Inc.
| Name | Type | Description | Strength | Zeroization | Use | `configure factory- default` |
|---|---|---|---|---|---|---|
| Session termination will automatically zeroize all session based temporary SSPs | Zeroization upon session termination | Session Termination | Terminate session | |||
| Reboot to zeroize all temporary SSPs stored in volatile memory | Zeroization upon rebooting the module | Reboot | Reboot | |||
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 384 bits - at least 256 bits | DRBG Function |
| Name | Type | Description | Strength | Zeroization | Use | `configure factory- default` |
|---|---|---|---|---|---|---|
| Session termination will automatically zeroize all session based temporary SSPs | Zeroization upon session termination | Session Termination | Terminate session | |||
| Reboot to zeroize all temporary SSPs stored in volatile memory | Zeroization upon rebooting the module | Reboot | Reboot | |||
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 384 bits - at least 256 bits | DRBG Function |
with AESGCM) with AESGCM) with AESGCM) Table 17: SSP Input-Output Methods
factorydefault` Table 18: SSP Zeroization Methods n © 2021-2025 Cisco Systems, Inc.
| Name | Type | Description | Strength | Use | ||
|---|---|---|---|---|---|---|
| DRBG Seed | DRBG Seed - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||
| DRBG Internal State V value | DRBG Internal State V value - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||
| DRBG Key | DRBG Key - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||
| RADIUS Secret | Authenticati on Data - CSP | RADIUS Server Authenticati on | 16 Characte rs - 128 bits | |||
| TACACS+ Secret | Authenticati on Data - CSP | TACACS+ Authenticati on | 16 Characte rs - 128 bits | |||
| SSH DH Private Key | Private Key - CSP | Used to derive the SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | KAS- FFC (SSHv2) | |
| SSH DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | ||
| SSH Peer DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | ||
| SSH DH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session | MODP- 2048, MODP- 3072, MODP- 4096 - | SSHv2 Keying Materials Development | KAS-FFC (SSHv2) | |
| Authenticati on Keys | Authenticati on Keys | 112 to 152 bits | ||||
| SSH ECDH Private Key | Private Key - CSP | Used to derive the SSH ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | KAS- ECC (SSHv2) | |
| SSH ECDH Public Key | Public Key - PSP | Used to derive the SSH ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | ||
| SSH Peer ECDH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | ||
| SSH ECDH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | Curves: P-256, P-384, P-521 - 128 to 256 bits | SSHv2 Keying Materials Development | KAS-ECC (SSHv2) | |
| SSH RSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| SSH RSA Public Key | Public Key - PSP | Used for SSH session authenticati on | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| SSH ECDSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| SSH ECDSA Public Key | Public Key - PSP | Used for SSH session authenticati on | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| SSH Session Encryption Key | Symmetric Key - CSP | Used for SSH session confidentiali ty protection | 128, 256 bits - 112 to 256 bits | SSHv2 Session Encrypt/Decr ypt | SSHv2 Keying Materials Developm ent | |
| SSH Session Authenticati on Key | Session Key - CSP | Used for SSH Session integrity protection | At least 160 bits - 112 to 256 bits | SSHv2 Session Authenticatio n | SSHv2 Keying Materials Developm ent | |
| TLS DH Private Key | Private Key - CSP | Used to Derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS-FFC (TLSv1.2) | KAS- FFC (TLSv1.2 ) | |
| TLS DH Public Key | Public Key - PSP | Used to Derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS-FFC (TLSv1.2) | ||
| TLS Peer DH Public Key | Public Key - PSP | Used to derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS-FFC (TLSv1.2) | ||
| TLS DH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and TLS Session | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 | TLSv1.2 Keying Materials Development | KAS-FFC (TLSv1.2) | |
| Authenticati on Key | Authenticati on Key | to 152 bits | ||||
| TLS ECDH Private Key | Private Key - CSP | Used to Derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | KAS- ECC (TLSv1.2 ) | |
| TLS ECDH Public Key | Public Key - PSP | Used to Derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | ||
| TLS Peer ECDH Public Key | Public Key - PSP | Used to derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | ||
| TLS ECDH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and TLS Session Authenticati on Key | Curves: P-256, P-384, P-521 - 128 to 256 bits | TLSv1.2 Keying Materials Development | KAS-ECC (TLSv1.2) | |
| TLS RSA Private Key | Private Key - CSP | Used to support CO HTTPS interfaces | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| TLS RSA Public Key | Public Key - PSP | Used to support CO HTTPS interfaces | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| TLS ECDSA Private Key | Private Key - CSP | Used to support CO HTTPS interfaces | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA SigGen (SSHv2, TLSv1.2, IKEv2) | ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| TLS ECDSA Public Key | Public Key - PSP | Used to support CO HTTPS interfaces | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| TLS Master Secret | Master Secret - CSP | Used to protect HTTPS Session | 384 bits - 384 bits | TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n | TLSv1.2 Keying Materials Developm ent | |
| TLS Session Encryption Key | Symmetric Key - CSP | Used to protect HTTPS Session | 128, 256 bits - 112 to 256 bits | TLSv1.2 Session Encrypt/Decr ypt | TLSv1.2 Keying Materials Developm ent | |
| TLS Session Authenticati on Key | Message Authenticati on Key - CSP | Used to authenticat e HTTPS Session | 160, 256, 384 bits - 112 to 256 bits | TLSv1.2 Session Authenticatio n | TLSv1.2 Keying Materials Developm ent | |
| IPsec/IKEv2 DH Private Key | Private Key - CSP | Used to derive IPsec/IKEv 2 DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (IKEv2) | KAS- FFC (IKEv2) | |
| IPsec/IKEv2 DH Public Key | Public Key - PSP | Used to derive IPsec/IKEv 2 DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (IKEv2) | ||
| IPsec/IKEv2 Peer DH Public Key | Public Key - PSP | Used to derive IPsec/IKEv 2 DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (IKEv2) | ||
| IPsec/IKEv2 DH Shared Secret | Shared Secret - CSP | Used to derive IPsec/IKEv 2 Session Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | IPsec/IKEv2 Keying Materials Development | KAS-FFC (IKEv2) | |
| IPsec/IKEv2 ECDH Private Key | Private key - CSP | Used to derive IPsec/IKEv 2 ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (IKEv2) | KAS- ECC (IKEv2) | |
| IPsec/IKEv2 ECDH Public Key | Public Key - PSP | Used to derive IPsec/IKEv 2 ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (IKEv2) | ||
| IPsec/IKEv2 Peer ECDH Public Key | Public Key - PSP | Used to derive IPsec/IKEv 2 ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (IKEv2) | ||
| IPsec/IKEv2 ECDH Shared Secret | Shared Secret - CSP | Used to derive IPsec/IKEv 2 ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | IPsec/IKEv2 Keying Materials Development | KAS-ECC (IKEv2) | |
| IPsec/IKEv2 RSA Private Key | Private Key - CSP | Used for IPsec/IKEv 2 authenticati on | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA SigGen (SSHv2, TLSv1.2, IKEv2) | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | |
| IPsec/IKEv2 RSA Public Key | Public Key - PSP | Used for IPsec/IKEv 2 authenticati on | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| IPsec/IKEv2 ECDSA Private Key | Private Key - CSP | Used for IPsec/IKEv 2 | Curves: P-256, P-384, P-521 - | ECDSA SigGen (SSHv2, | ECDSA KeyGen (SSHv2, | |
| authenticati on | authenticati on | 128 to 256 bits | TLSv1.2, IKEv2) | TLSv1.2, IKEv2) | ||
| IPsec/IKEv2 ECDSA Public Key | Public Key - PSP | Used for IPsec/IKEv 2 authenticati on | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2, IKEv2) | ||
| IPsec/IKEv2 Pre-Shared Key | Shared Secret - CSP | Used for IPsec/IKEv 2 authenticati on | 16-32 characte rs - 128 to 256 bits | |||
| SKEYSEED | Keying Material - CSP | Keying material used to derive the IPSec/IKE Session Encryption Key and IPSec/IKE Authenticati on Key | 160 bits - 112 to 256 bits | IPsec/IKEv2 Session Encrypt/Decr ypt IPsec/IKEv2 Session Authenticatio n | IPsec/IKEv 2 Keying Materials Developm ent | |
| IPsec/IKEv2 Session Encryption Key | Symmetric Key - CSP | Used to secure IPsec/IKEv 2 session confidentiali ty | 128, 256 bits - 112 to 256 bits | IPsec/IKEv2 Session Encrypt/Decr ypt | IPsec/IKEv 2 Keying Materials Developm ent | |
| IPsec/IKEv2 Authenticati on Key | Message Authenticati on Key - CSP | Used to secure IPsec/IKEv 2 session authenticati on | at least 160 bits - 112 to 256 bits | IPsec/IKEv2 Session Authenticatio n | IPsec/IKEv 2 Keying Materials Developm ent | |
| SNMPv3 Authenticati on/ Privacy Password | Authenticati on Password - CSP | Used for SNMPv3 user authenticati on | 8-32 characte rs - 64 to 256 bits | |||
| SNMPv3 Encryption Key | Symmetric Key - CSP | Used for SNMPv3 confidentiali ty | 128 bits - 128 bits | SNMPv3 Session Encrypt/Decr ypt | SNMPv3 Keying Materials Developm ent |
n MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, MODP4096 © 2021-2025 Cisco Systems, Inc. KASFFC
n KASECC © 2021-2025 Cisco Systems, Inc.
n n 8, 2, 8, 2, 8, 2, 8, 2, © 2021-2025 Cisco Systems, Inc. KASFFC )
n KASECC ) © 2021-2025 Cisco Systems, Inc.
n MODP2048, MODP3072, MODP2048, MODP3072, MODP2048, MODP3072, © 2021-2025 Cisco Systems, Inc. KASFFC n n
n MODP2048, MODP3072, © 2021-2025 Cisco Systems, Inc. KASECC
| Name | Type | Description | Strength | Generation | Use | Type - Category |
|---|---|---|---|---|---|---|
| SNMPv3 Authenticati on Key | Authenticati on Key - CSP | Used for SNMPv3 authenticati on | At least 112 bits - At least 112 bits | SNMPv3 Keying Materials Developm ent | SNMPv3 Session Authenticatio n | |
| DRBG Entropy Input | DRAM:Plaintex t | Zeroization Command Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | Until Reboot | ||
| DRBG Seed | DRAM:Plaintex t | Zeroization Command Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | Until Reboot | ||
| DRBG Internal State V value | DRAM:Plaintex t | Zeroization Command Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With | Until Reboot | ||
| DRBG Key | DRAM:Plaintex t | Zeroization Command Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With | Until Reboot | ||
| RADIUS Secret | Flash:Encrypte d | Secret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and | Zeroization Command |
n Table 19: SSP Table 1 t n t t t d © 2021-2025 Cisco Systems, Inc. n
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| TACACS+ Secret | Flash:Encrypte d | Zeroization Command | Secret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC | ||
| SSH DH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH DH Public Key:Paired With SSH Peer DH Public Key:Used With | |
| SSH DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Module Public Key Output | While SSH session is active | SSH DH Private Key:Paired With |
| SSH Peer DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While SSH session is active | SSH DH Private Key:Used With |
| SSH DH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH DH Private Key:Derived From SSH Peer DH Public Key:Derived From | |
| SSH ECDH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With | |
| SSH ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Module Public Key Output | While SSH session is active | SSH ECDH Private Key:Paired With |
| SSH Peer ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While SSH session is active | SSH ECDH Private Key:Used With |
| SSH ECDH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH ECDH Private Key:Derived From SSH Peer ECDH Public Key:Derived From | |
| SSH RSA Private Key | Flash:Plaintext | Zeroization Command | SSH RSA Public Key:Paired With | ||
| SSH RSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output | SSH RSA Private Key:Paired With |
| Name | Storage | Zeroization | Output | Related SSPs |
|---|---|---|---|---|
| SSH ECDSA Private Key | Flash:Plaintext | Zeroization Command | SSH ECDSA Public Key:Paired With | |
| SSH ECDSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLS | SSH ECDSA Private Key:Paired With |
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| SSH Session Encryption Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH Session Authentication Key:Used With | |
| SSH Session Authentication Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SSH session is active | SSH Session Encryption Key:Used With | |
| TLS DH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS DH Public Key:Paired With TLS Peer DH Public Key:Used With | |
| TLS DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio | Module Public Key Output | While TLS session is active | TLS DH Private Key:Paired With |
| TLS Peer DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While TLS session is active | TLS DH Private Key:Used With |
| TLS DH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS DH Private Key:Derived From TLS Peer DH Public Key:Derived From | |
| TLS ECDH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With | |
| TLS ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Module Public Key Output | While TLS session is active | TLS ECDH Private Key:Paired With |
| TLS Peer ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While TLS session is active | TLS ECDH Private Key:Used With |
| TLS ECDH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From | |
| TLS RSA Private Key | Flash:Plaintext | Zeroization Command | TLS RSA Public Key:Paired With | ||
| TLS RSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output Secret Input via SSHv2 encrypte | TLS RSA Private Key:Paired With |
| Name | Storage | Zeroization | Related SSPs | Via TLS encrypte d by AES and HMAC |
|---|---|---|---|---|
| TLS ECDSA Private Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Public Key:Paired With | |
| TLS ECDSA Public Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Private Key:Paired With | Module Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Public key |
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| TLS Master Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS DH Shared Secret:Derived From TLS ECDH Shared Secret:Derived From | |
| TLS Session Encryption Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS Session Authentication Key:Used With TLS Master Secret:Derived From | |
| TLS Session Authentication Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While TLS session is active | TLS Session Encryption Key:Used With TLS Master Secret:Derived From | |
| IPsec/IKEv2 DH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 DH Public Key:Paired With IPsec/IKEv2 Peer DH Public Key:Used With | |
| IPsec/IKEv2 DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio | Module Public Key Output | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 DH Private Key:Paired With |
| IPsec/IKEv2 Peer DH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 DH Private Key:Used With |
| IPsec/IKEv2 DH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | SKEYSEED:Used With | |
| IPsec/IKEv2 ECDH Private Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 ECDH Public Key:Paired With IPsec/IKEv2 Peer ECDH Public Key:Used With | |
| IPsec/IKEv2 ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Module Public Key Output | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 ECDH Private Key:Paired With |
| IPsec/IKEv2 Peer ECDH Public Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | Peer Public Key Input | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 ECDH Private Key:Used With |
| IPsec/IKEv2 ECDH Shared Secret | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 ECDH Private Key:Derived From IPsec/IKEv2 Peer ECDH Public Key:Derived From SKEYSEED:Used With | |
| IPsec/IKEv2 RSA Private Key | Flash:Plaintext | Zeroization Command | IPsec/IKEv2 RSA Public Key:Paired With | ||
| IPsec/IKEv2 RSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output Secret | IPsec/IKEv2 RSA Private Key:Paired With |
| Name | Storage | Zeroization | Output | Related SSPs |
|---|---|---|---|---|
| IPsec/IKEv2 ECDSA Private Key | Flash:Plaintext | Zeroization Command | IPsec/IKEv2 ECDSA Public Key:Paired With | |
| IPsec/IKEv2 ECDSA Public Key | Flash:Plaintext | Zeroization Command | Module Public Key Output Secret Input via SSHv2 encrypte d by GCM Public key Output via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Public key Output via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte | IPsec/IKEv2 ECDSA Private Key:Paired With |
| IPsec/IKEv2 Pre-Shared Key | Flash:Plaintext | Zeroization Command | Secret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AES | SKEYSEED:Derive d to |
| Name | Storage | Zeroization | Related SSPs | And HMAC | |
|---|---|---|---|---|---|
| SKEYSEED | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | IPsec/IKEv2 DH Shared Secret:Derived From IPsec/IKEv2 ECDH Shared Secret:Derived From IPsec/IKEv2 Pre- Shared Secret:Derived From | |
| IPsec/IKEv2 Session Encryption Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | SKEYSEED:Derive d From | |
| IPsec/IKEv2 Authentication Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While IPsec/IKEv 2 tunnel is active | SKEYSEED:Derive d From | |
| SNMPv3 Authentication / Privacy Password | Flash:Plaintext | Zeroization Command | SNMPv3 Encryption Key:Derived to SNMPv3 Authentication Key:Derived to | Secret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC Secret Input via TLS encrypte d by GCM Secret Input via TLS | |
| SNMPv3 Encryption Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SNMPv3 session is active | SNMPv3 Shared Secret:Derived From SNMPv3 Authentication Key:Used With | |
| SNMPv3 Authentication Key | DRAM:Plaintex t | Zeroization Command Session Terminatio n Reboot | While SNMPv3 session is active | SNMPv3 Shared Secret:Derived From SNMPv3 Encryption Key:Used With |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator |
|---|---|---|---|---|---|---|
| RSA SigVer (FIPS186-4) (A4595) | RSA SigVer (FIPS186-4) (A4595) | KAT | SW/FW Integrity | RSA SigVer | RSA 2048 SigVer with SHA2-512 | Module is in normal state |
| Pre-Operational Bypass Test | Pre-Operational Bypass Test | N/A | Bypass | N/A | N/A | Module is in normal state |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicat or | Condition s | |
|---|---|---|---|---|---|---|---|
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Encrypt | 256 bits | Module is in normal state | Power up |
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Decrypt | 256 bits | Module is in normal state | Power up |
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Authenticat ed Encrypt | 256 bits | Module is in normal state | Power up |
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Authenticat ed Decrypt | 256 bits | Module is in normal state | Power up |
| Counter DRBG Instantiate/Generate/Res eed KAT (A4595) | Counter DRBG Instantiate/Generate/Res eed KAT (A4595) | KAT | CAST | Instantiate, Generate, and Reseed KATs | AES-128 | Module is in normal state | Power up |
| ECDSA SigGen (FIPS186-4) KAT (A4595) | ECDSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | ECDSA SigGen KAT | Curve P- 256 with SHA2- 256 | Module is in normal state | Power up |
| ECDSA SigVer (FIPS186-4) KAT (A4595) | ECDSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | ECDSA SigVer KAT | Curve P- 256 with SHA2- 256 | Module is in normal state | Power up |
| Entropy Source RCT Start-up Health Tests | Entropy Source RCT Start-up Health Tests | RCT | CAST | N/A | Repetitio n Count Test (RCT) | Module is in normal state | Power up |
| Entropy Source APT Start-up Health Tests | Entropy Source APT Start-up Health Tests | APT | CAST | N/A | Adaptive Proportio n Test (APT) | Module is in normal state | Power up |
| Entropy Source RCT Continuous Health Tests | Entropy Source RCT Continuous Health Tests | RCT | CAST | N/A | Repetitio n Count Test (RCT) | Module is in normal state | Performed continuous ly as entropy source is active |
| Entropy Source APT Continuous Health Tests | Entropy Source APT Continuous Health Tests | APT | CAST | N/A | Adaptive Proportio n Test (APT) | Module is in normal state | Performed continuous ly as entropy source is active |
| HMAC-SHA-1 KAT (A4595) | HMAC-SHA-1 KAT (A4595) | KAT | CAST | N/A | SHA-1 | Module is in normal state | Power up |
| HMAC-SHA2-224 KAT (A4595) | HMAC-SHA2-224 KAT (A4595) | KAT | CAST | N/A | SHA2- 224 | Module is in normal state | Power up |
| HMAC-SHA2-256 KAT (A4595) | HMAC-SHA2-256 KAT (A4595) | KAT | CAST | N/A | SHA2- 256 | Module is in normal state | Power up |
| HMAC-SHA2-384 KAT (A4595) | HMAC-SHA2-384 KAT (A4595) | KAT | CAST | N/A | SHA2- 384 | Module is in normal state | Power up |
| HMAC-SHA2-512 KAT (A4595) | HMAC-SHA2-512 KAT (A4595) | KAT | CAST | N/A | SHA2- 512 | Module is in normal state | Power up |
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Primitive Z KAT | Curve P- 256 | Module is in normal state | Power up |
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Primitive Z KAT | MODP- 2048 | Module is in | Power up |
| KDF IKEv2 KAT (A4595) | KDF IKEv2 KAT (A4595) | KAT | CAST | N/A | N/A | Module is in normal state | Power up |
| KDF SNMP KAT (A4595) | KDF SNMP KAT (A4595) | KAT | CAST | N/A | N/A | Module is in normal state | Power up |
| KDF SSH KAT (A4595) | KDF SSH KAT (A4595) | KAT | CAST | N/A | N/A | Module is in normal state | Power up |
| RSA SigGen (FIPS186- 4) KAT (A4595) | RSA SigGen (FIPS186- 4) KAT (A4595) | KAT | CAST | RSA SigGen KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power up |
| RSA SigVer (FIPS186-4) KAT (A4595) | RSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | RSA SigVer KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power up |
| TLS v1.2 KDF RFC7627 KAT (A4595) | TLS v1.2 KDF RFC7627 KAT (A4595) | KAT | CAST | N/A | N/A | Module is in normal state | Power up |
| ECDSA KeyGen (FIPS186-4) PCT (A4595) | ECDSA KeyGen (FIPS186-4) PCT (A4595) | PCT | PCT | ECDSA | Curve P- 256 with SHA2- 256 | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use. |
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | N/A | Curve P- 256 with SHA2- 256 | Module is in normal state | Performs all required pair-wise consistenc y tests on |
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | N/A | MODP- 2048 | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use. |
| RSA KeyGen (FIPS186- 4) PCT (A4595) | RSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | RSA | 2048 bit modulus | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operationa l use. |
| Conditional Bypass | Conditional Bypass | N/A | Bypas s | N/A | N/A | Module is in normal state | Performs conditional bypass test before first operationa l use of bypass service |
Table 21: Pre-Operational Self-Tests The module performs the following self-tests, including Pre-operational and Conditional selftests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). The self-test success or failure results are an output of the return value of the library load API call, which is functioning as the self-test status indicator. If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.
d s SHA2256 SHA2256 © 2021-2025 Cisco Systems, Inc.
d s N/A N/A N/A N/A N/A SHA2224 N/A SHA2256 N/A SHA2384 N/A SHA2512 N/A Curve P256 MODP2048 © 2021-2025 Cisco Systems, Inc.
d N/A N/A N/A SHA2256 SHA2256 N/A SHA2256 SHA2256 © 2021-2025 Cisco Systems, Inc. s N/A N/A N/A N/A N/A
d MODP2048 N/A N/A N/A s N/A Table 22: Conditional Self-Tests
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| RSA SigVer (FIPS186-4) (A4595) | RSA SigVer (FIPS186-4) (A4595) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot |
| Pre-Operational Bypass Test | Pre-Operational Bypass Test | N/A | Bypass | Recommend 60 Days | Reboot |
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| ECDSA SigGen (FIPS186-4) KAT (A4595) | ECDSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| ECDSA SigVer (FIPS186-4) KAT (A4595) | ECDSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Entropy Source RCT Start- up Health Tests | Entropy Source RCT Start- up Health Tests | RCT | CAST | Recommend 60 Days | Reboot |
| Entropy Source APT Start- up Health Tests | Entropy Source APT Start- up Health Tests | APT | CAST | Recommend 60 Days | Reboot |
| Entropy Source RCT Continuous Health Tests | Entropy Source RCT Continuous Health Tests | RCT | CAST | N/A | N/A |
| Entropy Source APT Continuous Health Tests | Entropy Source APT Continuous Health Tests | APT | CAST | N/A | N/A |
| HMAC-SHA-1 KAT (A4595) | HMAC-SHA-1 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-224 KAT (A4595) | HMAC-SHA2-224 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-256 KAT (A4595) | HMAC-SHA2-256 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-384 KAT (A4595) | HMAC-SHA2-384 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-512 KAT (A4595) | HMAC-SHA2-512 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method |
|---|---|---|---|---|---|
| RSA SigVer (FIPS186-4) (A4595) | RSA SigVer (FIPS186-4) (A4595) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot |
| Pre-Operational Bypass Test | Pre-Operational Bypass Test | N/A | Bypass | Recommend 60 Days | Reboot |
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| ECDSA SigGen (FIPS186-4) KAT (A4595) | ECDSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| ECDSA SigVer (FIPS186-4) KAT (A4595) | ECDSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Entropy Source RCT Start- up Health Tests | Entropy Source RCT Start- up Health Tests | RCT | CAST | Recommend 60 Days | Reboot |
| Entropy Source APT Start- up Health Tests | Entropy Source APT Start- up Health Tests | APT | CAST | Recommend 60 Days | Reboot |
| Entropy Source RCT Continuous Health Tests | Entropy Source RCT Continuous Health Tests | RCT | CAST | N/A | N/A |
| Entropy Source APT Continuous Health Tests | Entropy Source APT Continuous Health Tests | APT | CAST | N/A | N/A |
| HMAC-SHA-1 KAT (A4595) | HMAC-SHA-1 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-224 KAT (A4595) | HMAC-SHA2-224 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-256 KAT (A4595) | HMAC-SHA2-256 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-384 KAT (A4595) | HMAC-SHA2-384 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| HMAC-SHA2-512 KAT (A4595) | HMAC-SHA2-512 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KDF IKEv2 KAT (A4595) | KDF IKEv2 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KDF SNMP KAT (A4595) | KDF SNMP KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| KDF SSH KAT (A4595) | KDF SSH KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| RSA SigGen (FIPS186-4) KAT (A4595) | RSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| RSA SigVer (FIPS186-4) KAT (A4595) | RSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| TLS v1.2 KDF RFC7627 KAT (A4595) | TLS v1.2 KDF RFC7627 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| ECDSA KeyGen (FIPS186- 4) PCT (A4595) | ECDSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot |
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot |
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot |
| RSA KeyGen (FIPS186-4) PCT (A4595) | RSA KeyGen (FIPS186-4) PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot |
| Conditional Bypass | Conditional Bypass | N/A | Bypass | Recommend 60 Days | Reboot |
N/A Table 23: Pre-Operational Periodic Information © 2021-2025 Cisco Systems, Inc. N/A N/A N/A N/A
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | If self-test tests fail, the module is put into an error state. | Self-test failure | System halt | Reboot the module |
N/A Table 24: Conditional Periodic Information The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.
Table 25: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational integrity test and the conditional CASTs. © 2021-2025 Cisco Systems, Inc.
The module meets all the Level 1 requirements for FIPS 140-3. Operating this module without maintaining the following settings will remove the module from the approved mode of operation. Any firmware that is not shown on the module certificate, is out of scope of this validation and requires a separate FIPS 140-3 validation. The Crypto Officer must configure and enforce the following initialization steps: Step 1: Crypto Officer performs the following configurations: ciscoasa# configure terminal Note, the Crypto Officer needs to connect the platform to cisco.com to obtain the license for ASA from Cisco. ciscoasa(config)# license smart register idtoken [token data] ciscoasa(config)#license smart ciscoasa(config-smart-lic)# show license all Smart Licensing Status ====================== Smart Licensing is ENABLED -ORciscoasa(config-smart-lic)# show license summary Smart Licensing is ENABLED Registration: Step 2. Crypto officer shall perform zeroization operation if the module was previously used before the approved mode configuration. configure factory-default Step 3: Enable approved mode of operation by using the following command. ciscoasa(config)# fips enable Note: Startup operational mode will not take effect until you save configuration and reboot the device. Rebooting the device will force new self-test Step 4: Crypto Officer can verify the version installed and running the following command. ciscoasa(config)# show version Step 5: Crypto Officer will need to issue the following commands to configure module. ciscoasa> en ciscoasa# conf t ciscoasa(config)# © 2021-2025 Cisco Systems, Inc.
Step 6: Configure IP address for unit and all distant endpoints. Step 7: Define RADIUS and TACACS+ shared secret keys that are at least 16 characters long and secure traffic between the security module and the RADIUS/ TACACS+ server via secure (IPSec, TLS) tunnel. Note: Perform this step only if RADIUS/TACAS+ is configured, otherwise skip over and proceed to next step. Step 8: Configure the security module so that any remote connections via Telnet are secured through IPSec connection by using the following commands crypto map interface access-list protocol esp encryption aes protocol esp integrity sha-256 Note: If the destined IP address is not within access-list, after running two internal independent actions defined in section 4.6 above, the module would enter the Bypass state. Step 9: Configure the security services by using the algorithms from section 2.5 Approved Algorithms table in this document for all security connections (SSHv2, TLSv1.2, SNMPv3 and IPSec/IKEv2). Note the module will reject any configuration with algorithms not listed in Approved Algorithm Table after the module is operated in approved mode. Here is an example of configuring the approved algorithms for the security services: SSH: ssh cipher encryption custom aes128-gcm@openssh.com ssh cipher integrity custom hmac-sha2-256 ssh key-exchange group ecdh-sha2-nistp256 TLSv1.2: ssl cipher tlsv1.2 ecdhe-rsa-aes128-sha SNMPv3: snmp-server user <SNMP username> <group name> v3 auth sha <auth password> priv aes 128 <priv password> IKEv2: crypto ikev2 policy <policy number> encryption aes integrity sha256 group 14 IPsec: crypto ipsec ikev2 ipsec-proposal <name your proposal> protocol esp encryption aes protocol esp integrity sha-256 Step 10: Disable the TFTP server by following the commands: © 2021-2025 Cisco Systems, Inc.
policy-map global_policy class inspection_default no inspect tftp Step 11: Disable HTTP for performing system management in approved mode of operation by using the command: no http server enable HTTPS with TLSv1.2 should always be used for Web-based management. Step 12: Save the configuration. write memory Step 13: Reboot the module. reload Step 14: Check the Module’s name, version and approved service status by using the following commands: Output the modules name/version: show version Output the modules approved mode of operation status: show fips
No specific administrator guidance.
No specific non-administrator guidance.
N/A for this module. © 2021-2025 Cisco Systems, Inc.