All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cisco Firepower Threat Defense Virtual Cryptographic Module

Certificate#5137StandardFIPS 140-3Level1TypeFirmware-hybridEmbodimentMulti-Chip Stand AloneStatusActiveVendorCisco Systems, Inc
High review priority  ·  no TCB surface named  ·  last validated 6 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeFirmware-hybrid
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date1/14/2031
CaveatWhen installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy
VendorCisco Systems, Inc

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cisco Firepower Threat Defense Virtual Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cisco Firepower Threat Defense Virtual Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Cisco Systems, Inc Cisco Firepower Threat Defense Virtual Cryptographic Module Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 2
Table of Contents
#SectionPage
Page 3

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets)7
Table 3: Tested Module Identification – Hybrid Disjoint Hardware7
Table 4: Tested Operational Environments - Software, Firmware, Hybrid7
Table 5: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid7
Table 6: Modes List and Description8
Table 7: Approved Algorithms9
Table 8: Vendor-Affirmed Algorithms9
Table 9: Security Function Implementations16
Table 10: Entropy Certificates17
Table 11: Entropy Sources17
Table 12: Ports and Interfaces19
Table 13: Roles19
Table 14: Approved Services32
Table 15: Storage Areas34
Table 16: SSP Input-Output Methods34
Table 17: SSP Zeroization Methods35
Table 18: SSP Table 142
Table 19: SSP Table 250
Table 20: Pre-Operational Self-Tests51
Table 21: Conditional Self-Tests55
Table 22: Pre-Operational Periodic Information55
Table 23: Conditional Periodic Information56
Table 24: Error States56
Figure 1 Block Diagram6
Page 5
1 General
1.1 Overview

Defense Virtual Cryptographic Module (hereinafter referred to as FTDv or the Module), firmware version 7.4.2 The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 1 firmware hybrid cryptographic module. The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operational environment; physical security; non-invasive security; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. The following table indicates the actual security levels for each area of the cryptographic module.

1.2 Security Levels

Section Title Security Level

1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security 1
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1
12 Mitigation of other attacks N/A

Overall Level 1 Table 1: Security Levels

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: This module is a multi-chip standalone firmware hybrid cryptographic module deployed as the virtualized version of the Cisco Firepower Threat Defense (FTD) which houses ASA and Firepower solutions with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-OS throughout this document). The Module’s operational environment is non-modifiable. FTD delivers enterprise-class firewall for businesses, improving security at the Internet edge, high performance and throughput for demanding enterprise data centers. This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 6

next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications, SSHv2, HTTPS/TLSv1.2, IPsec/IKEv2, SNMPv3 and Cryptographic Cipher Suite B. Module Type: Firmware-hybrid Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The cryptographic module (red dash box) is a non-modifiable, multi-chip standalone firmware hybrid cryptographic module providing cryptographic support which takes data in and out from the host application via the API. The block diagram below shows the boundary of the Tested Operational Environment’s Physical Perimeter (TOEPP) being defined as the physical perimeter of the tested platform enclosure around which everything runs. The cryptographic boundary is the module (red dash box) and its interfaces with the operational environment. Processor API Host Platform Hypervisor API FTD FOM API Figure 1 Block Diagram The Block Diagram above comprises the following components

2.2 Tested and Vendor Affirmed Module Version and Identification

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 7

Tested Module Identification

2.3 Excluded Components

N/A for this module. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 8
2.4 Modes of Operation

Modes List and Description: Mode Description Type Status Indicator Name Approved The module is always in the approved Approved Approved mode mode of operation after initial operations indicator: "FIPS is are performed. currently enabled." Table 6: Modes List and Description The module has one Approved mode of operation and does not implement a Non-Approved mode of operation. Once the module is configured in the Approved mode of operation by following the steps in section 11 of this document, the module will only operate in the Approved mode of operation. The module doesn’t claim the implementation of a degraded mode operation.

2.5 Algorithms

Approved Algorithms: Algorithm CAVP Properties Reference Cert AES-CBC A4595 Key Length - 128, 256 SP 800-38A AES-GCM A4595 Key Length - 128, 256 SP 800-38D Counter DRBG A4595 Prediction Resistance - Yes SP 800-90A Mode - AES-256 Rev. 1 Derivation Function Enabled - Yes ECDSA KeyGen A4595 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) ECDSA SigGen A4595 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) ECDSA SigVer A4595 Curve - P-256, P-384, P-521 FIPS 186-4 (FIPS186-4) Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 HMAC-SHA-1 A4595 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-224 A4595 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-256 A4595 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-384 A4595 Key Length - Key Length: 8-524288 Increment FIPS 198-1 HMAC-SHA2-512 A4595 Key Length - Key Length: 8-524288 Increment FIPS 198-1 KAS-ECC-SSC A4595 Domain Parameter Generation Methods - P- SP 800-56A Sp800-56Ar3 256, P-384, P-521 Rev. 3 © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 9

Algorithm CAVP Properties Reference Cert KAS-FFC-SSC A4595 Domain Parameter Generation Methods - SP 800-56A Sp800-56Ar3 ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, Rev. 3 modp-3072, modp-4096 KDF IKEv2 (CVL) A4595 Diffie-Hellman Shared Secret Length - Diffie- SP 800-135 Hellman Shared Secret Length: 2048 Rev. 1 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 KDF SNMP A4595 Password Length - Password Length: 256, 64 SP 800-135 (CVL) Rev. 1 KDF SSH (CVL) A4595 Cipher - AES-128, AES-192, AES-256 SP 800-135 Rev. 1 RSA KeyGen A4595 Modulo - 2048, 3072 FIPS 186-4 (FIPS186-4) RSA SigGen A4595 Modulo - 2048, 3072 FIPS 186-4 (FIPS186-4) RSA SigVer A4595 Modulo - 2048, 3072 FIPS 186-4 (FIPS186-4) Safe Primes Key A4595 Safe Prime Groups - ffdhe2048, ffdhe3072, SP 800-56A Generation ffdhe4096, modp-2048, modp-3072, modp- Rev. 3 4096 SHA-1 A4595 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-224 A4595 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-256 A4595 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-384 A4595 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 SHA2-512 A4595 Message Length - Message Length: 0-65536 FIPS 180-4 Increment 8 TLS v1.2 KDF A4595 Hash Algorithm - SHA2-256, SHA2-384, SP 800-135 RFC7627 (CVL) SHA2-512 Rev. 1 Table 7: Approved Algorithms Vendor-Affirmed Algorithms: Name Properties Implementation Reference CKG Key N/A The Module performs Cryptographic Key Type:Asymmetric Generation (CKG) for asymmetric keys as detailed by example 1 in section 4 and section 5 of SP800-133r2 Table 8: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 10

N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.

2.6 Security Function Implementations

Name Type Description Properties Algorithms KAS-FFC CKG Full KAS-FFC Caveat:Key KAS-FFC-SSC (SSHv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for SSHv2 methodology (A4595) service provides between Domain

112 and 152 bits Parameter

of security Generation: strength IG : IG MODP-2048, D.F Path 2, MODP-3072, Scenario 2, Split MODP-4096 Key Confirmation Safe Primes : No Key Key Generation: Derivation : IG (A4595) 2.4.B SP 800- KDF SSH: 135rev1 CVL (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric KAS-ECC CKG Full KAS-ECC Caveat:Key KAS-ECC-SSC (SSHv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for SSHv2 methodology (A4595) service provides between Curves: P-256,

128 and 256 bits P-384, P-521

of security KDF SSH: strength IG : IG (A4595) D.F Scenario 2, Counter DRBG: Path 2, Split Key (A4595) Confirmation : No CKG: () Key Derivation : Key Type: IG 2.4.B SP 800- Asymmetric 135rev1 CVL KAS-FFC CKG Full KAS-FFC Caveat:Key KAS-FFC-SSC (TLSv1.2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for methodology (A4595) TLSv1.2 service provides between Domain © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 11

Name Type Description Properties Algorithms

112 and 152 bits Parameter

of security Generation: strength IG : IG ffdhe2048, D.F Path 2, ffdhe3072, Scenario 2, Split ffdhe4096 Key Confirmation Safe Primes : No Key Key Generation: Derivation : IG (A4595) 2.4.B SP 800- TLS v1.2 KDF 135rev1 CVL RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric KAS-ECC CKG Full KAS-ECC Caveat:Key KAS-ECC-SSC (TLSv1.2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for methodology (A4595) TLSv1.2 service provides between Curves: P-256,

128 and 256 bits P-384, P-521

of security TLS v1.2 KDF strength IG : IG RFC7627: D.F Scenario 2, (A4595) Path 2, Split Key Counter DRBG: Confirmation : No (A4595) Key Derivation : CKG: () IG 2.4.B SP 800- Key Type: 135rev1 CVL Asymmetric KAS-FFC CKG Full KAS-FFC Caveat:Key KAS-FFC-SSC (IKEv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for IKEv2 methodology (A4595) service provides between Domain

112 and 152 bits Parameter

of security Generation: strength IG : IG MODP-2048, D.F Path 2, MODP-3072, Scenario 2, Split MODP-4096 Key Confirmation Safe Primes : No Key Key Generation: Derivation : IG (A4595) 2.4.B SP 800- KDF IKEv2: 135rev1 CVL (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 12

Name Type Description Properties Algorithms KAS-ECC CKG Full KAS-ECC Caveat:Key KAS-ECC-SSC (IKEv2) KAS-Full Key Agreement establishment Sp800-56Ar3: used for IKEv2 methodology (A4595) service provides between Curves: P-256,

128 and 256 bits P-384, P-521

of security KDF IKEv2: strength IG : IG (A4595) D.F Scenario 2, Counter DRBG: Path 2, Split Key (A4595) Confirmation : No CKG: () Key Derivation : Key Type: IG 2.4.B SP 800- Asymmetric 135rev1 CVL KTS (SSHv2 KTS-Unwrap KTS via SSHv2 Caveat: Key AES-CBC: with AES and KTS-Wrap service by using establishment (A4595) HMAC) AES and HMAC methodology Key Length: provides 128 or 128, 256

256 bits of HMAC-SHA-1:

security strength (A4595) Standard:SP 800- HMAC-SHA238F 256: (A4595) IG HMAC-SHA2D.G:"combination" 384: (A4595) method: use any SHA-1: (A4595) approved SHA2-256: symmetric (A4595) encryption mode SHA2-384: together with an (A4595) approved authentication method KTS (SSHv2 KTS-Unwrap KTS via SSHv2 Caveat:Key AES-GCM: with AES-GCM) KTS-Wrap service by using establishment (A4595) AES-GCM methodology Key Length: provides 128 or 128, 256

256 bits of

security strength Standard:SP 80038F IG D.G:method: use of any approved authenticated symmetric encryption mode KTS (TLSv1.2 KTS-Unwrap KTS via Caveat: Key AES-CBC: with AES and KTS-Wrap TLSv1.2 service establishment (A4595) HMAC) by using AES methodology Key Length: and HMAC provides 128 or 128, 256 © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 13

Name Type Description Properties Algorithms

256 bits of HMAC-SHA-1:

security strength (A4595) Standard:SP 800- HMAC-SHA238F 256: (A4595) IG D.G: HMAC-SHA2"combination" 384: (A4595) method: use any SHA-1: (A4595) approved SHA2-256: symmetric (A4595) encryption mode SHA2-384: together with an (A4595) approved authentication method KTS (TLSv1.2 KTS-Unwrap KTS via Caveat: Key AES-GCM: with AES-GCM) KTS-Wrap TLSv1.2 service establishment (A4595) by using AES- methodology Key Length: GCM provides 128 or 128, 256

256 bits of

security strength Standard:SP 80038F IG D.G: method: use of any approved authenticated symmetric encryption mode RSA KeyGen AsymKeyPair- RSA KeyGen RSA KeyGen (SSHv2, KeyGen for IKEv2, (FIPS186-4): TLSv1.2, IKEv2) CKG SSHv2 and (A4595) TLSv1.2 Modulus: 2048, services 3072 bits Counter DRBG: (A4595) CKG: () Key Type: Asymmetric RSA SigGen DigSig-SigGen RSA SigGen for RSA SigGen (SSHv2, IKEv2, SSHv2 (FIPS186-4): TLSv1.2, IKEv2) and TLSv1.2 (A4595) services Modulus: 2048,

3072 bits

RSA SigVer DigSig-SigVer RSA SigVer for RSA SigVer (SSHv2, IKEv2, SSHv2 (FIPS186-4): TLSv1.2, IKEv2) and TLSv1.2 (A4595) services Modulus: 2048,

3072 bits

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 14

Name Type Description Properties Algorithms ECDSA KeyGen AsymKeyPair- ECDSA KeyGen ECDSA KeyGen (SSHv2, KeyGen for IKEv2, (FIPS186-4): TLSv1.2, IKEv2) CKG SSHv2 and (A4595) TLSv1.2 Curves: P-256, services P-384, P-521 Counter DRBG: (A4595) CKG: () Key Type: Asymmetric ECDSA SigGen DigSig-SigGen ECDSA SigGen ECDSA SigGen (SSHv2, for IKEv2, (FIPS186-4): TLSv1.2, IKEv2) SSHv2 and (A4595) TLSv1.2 Curves: P-256, services P-384, P-521 ECDSA SigVer DigSig-SigVer ECDSA SigVer ECDSA SigVer (SSHv2, for IKEv2, (FIPS186-4): TLSv1.2, IKEv2) SSHv2 and (A4595) TLSv1.2 Curves: P-256, services P-384, P-521 SSHv2 Session BC-Auth SSHv2 session AES-CBC: Encrypt/Decrypt BC-UnAuth protection. (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 SSHv2 Session MAC SSHv2 Session SHA-1: (A4595) Authentication Authentication. SHA2-256: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2256: (A4595) SSHv2 Keying KAS-135KDF SSHv2 session KDF SSH: Materials keying (A4595) Development materials, used to derive SSHv2 session keys. TLSv1.2 BC-Auth TLSv1.2 AES-CBC: Session BC-UnAuth session (A4595) Encrypt/Decrypt protection. Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 15

Name Type Description Properties Algorithms TLSv1.2 MAC TLSv1.2 SHA-1: (A4595) Session session SHA2-256: Authentication authentication. (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2256: (A4595) HMAC-SHA2384: (A4595) TLSv1.2 Keying KAS-135KDF TLSv1.2 TLS v1.2 KDF Materials session keying RFC7627: Development materials, used (A4595) to derive TLS session keys. IPsec/IKEv2 BC-Auth IPsec/IKEv2 AES-CBC: Session BC-UnAuth session (A4595) Encrypt/Decrypt protection. Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 IPsec/IKEv2 MAC IPsec/IKEv2 SHA2-256: Session session (A4595) Authentication authentication. SHA2-384: (A4595) SHA2-512: (A4595) HMAC-SHA2256: (A4595) HMAC-SHA2384: (A4595) HMAC-SHA2512: (A4595) IPsec/IKEv2 KAS-135KDF IPsec/IKEv2 KDF IKEv2: Keying session keying (A4595) Materials materials, used Development to derive IPsec/IKEv2 session keys. SNMPv3 BC-UnAuth SNMPv3 AES-CBC: Session session (A4595) Encrypt/Decrypt protection. Key Length: 128, 256 SNMPv3 MAC SNMPv3 SHA-1: (A4595) Session session SHA2-224: Authentication authentication. (A4595) © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 16

Name Type Description Properties Algorithms SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2224: (A4595) HMAC-SHA2256: (A4595) HMAC-SHA2384: (A4595) SNMPv3 Keying KAS-135KDF SNMPv3 KDF SNMP: Materials session keying (A4595) Development materials, used to derive SNMPv3 session keys. DRBG Function DRBG Used for DRBG Counter DRBG: generation (A4595) Table 9: Security Function Implementations

2.7 Algorithm Specific Information
Page 17
4 DSA or RSA X9.31 for Signature Generation or Signature Verification.
2.8 RBG and Entropy

Cert Vendor Number Name E3 Cisco Table 10: Entropy Certificates Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample Cisco Jitter Non- Intel Xeon Platinum 256 bits Full A2810 (SHA3Entropy Source Physical 8160 (Skylake) entropy 256) Table 11: Entropy Sources The module employs a Deterministic Random Bit Generator (DRBG) implementation based on SP800-90Arev1. This DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). The DRBG implemented is an AES-256 Counter DRBG, seeded by the entropy source described in the table above. The Counter DRBG utilizes the Derivation Function and employs prediction resistance. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy). Additionally, the DRBG is reseeded with a 256-bits long entropy input (corresponding to 256 bits of entropy).

2.9 Key Generation

The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800- 133r2. When random values are required, they are obtained from the SP 800-90Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2. The following methods are implemented:

Page 18
2.10 Key Establishment

The module provides the following key/SSP establishment services in the approved mode of operation: KAS-FFC Shared Secret Computation:

7919 (TLS) and RFC 3526 (IKE). Note that the module only implements domain

parameter generation, key pair generation and verification, and shared secret computation.

Page 19
2.11 Industry Protocols

The module supports SSHv2, TLSv1.2, IPsec/IKEv2 and SNMPv3 industrial protocols. No parts of SSHv2, TLSv1.2, IPsec/IKEv2 or SNMPv3 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Physical Logical Data That Passes Port Interface(s) N/A Data Input Arguments for an API that provide the data to be used for processed by the module. N/A Data Output Arguments output from an API call. N/A Control Input Arguments for an API call used to control and configure module operation. N/A Control N/A Output N/A Status Output Return values, and/or log messages. N/A Power Provide the Power Supply to the module. Table 12: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides its logical interfaces via Application Programming Interface (API) calls. The logical interfaces provided by the module are mapped onto the FIPS 140-3 interfaces (data input, data output, control input, control output and status output) as follows.

4 Roles, Services, and Authentication
4.1 Authentication Methods
4.2 Roles

Name Type Operator Type Authentication Methods Crypto Officer Role Crypto Officer None Table 13: Roles The module supports Crypto Officer (CO) role. The module does not allow concurrent operators. The Crypto Officer is implicitly assumed based on the service requested. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 20
4.3 Approved Services

The following tables detail the types of approved services available to each role in approved mode of operation, the types of access for each role and the Keys or SSPs they affect.

Page 21

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: Z - SSH Peer ECDH Public Key: Z - SSH ECDH Shared Secret: Z - SSH RSA Private Key: Z - SSH RSA Public Key: Z - SSH ECDSA Private Key: Z - SSH ECDSA Public Key: Z - SSH Session Encryption Key: Z - SSH Session Authenticati © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 22

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access on Key: Z - TLS DH Private Key: Z - TLS DH Public Key: Z - TLS Peer DH Public Key: Z - TLS DH Shared Secret: Z - TLS ECDH Private Key: Z - TLS ECDH Public Key: Z - TLS Peer ECDH Public Key: Z - TLS ECDH Shared Secret: Z - TLS RSA Private Key: Z - TLS RSA Public Key: Z - TLS ECDSA Private Key: Z - TLS ECDSA Public Key: Z - TLS Master Secret: Z - TLS Session © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 23

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Encryption Key: Z - TLS Session Authenticati on Key: Z IPsec/IKEv2 DH Private Key: Z IPsec/IKEv2 DH Public Key: Z IPsec/IKEv2 Peer DH Public Key: Z IPsec/IKEv2 DH Shared Secret: Z IPsec/IKEv2 ECDH Private Key: Z IPsec/IKEv2 ECDH Public Key: Z IPsec/IKEv2 Peer ECDH Public Key: Z IPsec/IKEv2 ECDH Shared Secret: Z IPsec/IKEv2 RSA Private Key: Z © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 24

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access IPsec/IKEv2 RSA Public Key: Z IPsec/IKEv2 ECDSA Private Key: Z IPsec/IKEv2 ECDSA Public Key: Z IPsec/IKEv2 Pre-Shared Key: Z SKEYSEED :Z IPsec/IKEv2 Session Encryption Key: Z IPsec/IKEv2 Authenticati on Key: Z - SNMPv3 Authenticati on/ Privacy Password: Z - SNMPv3 Encryption Key: Z - SNMPv3 Authenticati on Key: Z Configure Sets None API Status of None Crypto Network configurati command the Officer on of the s to completion systems. configure of network the related module. configuratio n. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 25

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access Configure Configure Global API Status of KTS (SSHv2 Crypto SSHv2 SSHv2 Indicator command the with AES Officer Function Function and s to completion and HMAC) - SSH RSA SSHv2 configure of SSHv2 KTS (SSHv2 Private Key: configurati SSHv2. configuratio with AES- G,W,E on n. GCM) - SSH RSA success RSA Public Key: status KeyGen G,R,W message. (SSHv2, - SSH TLSv1.2, ECDSA IKEv2) Private Key: ECDSA G,W,E KeyGen - SSH (SSHv2, ECDSA TLSv1.2, Public Key: IKEv2) G,R,W DRBG - DRBG Function Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Configure Configure Global API Status of KTS Crypto HTTPS HTTPS Indicator command the (TLSv1.2 Officer over over and s to completion with AES - TLS RSA TLSv1.2 TLSv1.2 HTTPS configure of HTTPS and HMAC) Private Key: Function Function. over HTTPS over KTS G,W,E TLSv1.2 over TLSv1.2 (TLSv1.2 - TLS RSA configurati TLSv1.2 configuratio with AES- Public Key: on n. GCM) G,R,W success RSA - TLS status KeyGen ECDSA message. (SSHv2, Private Key: TLSv1.2, G,W,E IKEv2) - TLS ECDSA ECDSA KeyGen Public Key: (SSHv2, G,R,W TLSv1.2, - DRBG IKEv2) Entropy © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 26

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access DRBG Input: Function G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Configure Configure Global API Status of KTS Crypto IPsec/IKE IPsec/IKE Indicator command the (TLSv1.2 Officer v2 v2 with s to completion with AES Functions Functions IPsec/IKE configure of and HMAC) IPsec/IKEv2 v2 IPsec/IKE IPsec/IKEv KTS RSA Private configurati v2. 2 secure (TLSv1.2 Key: G,W,E on tunnel with AES- success configuratio GCM) IPsec/IKEv2 status n. RSA RSA Public message. KeyGen Key: G,W,E (SSHv2, TLSv1.2, IPsec/IKEv2 IKEv2) ECDSA ECDSA Private Key: KeyGen G,W,E (SSHv2, TLSv1.2, IPsec/IKEv2 IKEv2) ECDSA DRBG Public Key: Function G,W,E IPsec/IKEv2 Pre-Shared Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 27

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access - DRBG Key: G,W,E Configure Configure Global API Status of KTS Crypto SNMPv3 SNMPv3 Indicator command the (TLSv1.2 Officer Function Function and s to completion with AES - SNMPv3 SNMPv3 configure of SNMPv3 and HMAC) Authenticati configurati SNMPv3. configuratio KTS on/ Privacy on n. (TLSv1.2 Password: success with AES- W,E status GCM) - SNMPv3 message. SNMPv3 Encryption Keying Key: G,W,E Materials - SNMPv3 Development Authenticati on Key: G,W,E Run Execute Global API Status of KAS-FFC Crypto SSHv2 SSHv2 Indicator command SSHv2 (SSHv2) Officer Function Function and s to secure KAS-ECC - SSH DH Successfu execute tunnel (SSHv2) Private Key: l SSHv2 SSHv2 establishme KTS (SSHv2 G,W,E log service. nt. with AES - SSH DH message. and HMAC) Public Key: KTS (SSHv2 G,R,W with AES- - SSH Peer GCM) DH Public RSA SigGen Key: W,E (SSHv2, - SSH DH TLSv1.2, Shared IKEv2) Secret: RSA SigVer G,W,E (SSHv2, - SSH TLSv1.2, ECDH IKEv2) Private Key: ECDSA G,W,E SigGen - SSH (SSHv2, ECDH TLSv1.2, Public Key: IKEv2) G,R,W ECDSA - SSH Peer SigVer ECDH (SSHv2, Public Key: TLSv1.2, W,E IKEv2) - SSH SSHv2 ECDH Session Shared Encrypt/Decr Secret: ypt G,W,E © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 28

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access SSHv2 - SSH RSA Session Private Key: Authenticatio G,W,E n - SSH RSA SSHv2 Public Key: Keying G,R,W Materials - SSH Development ECDSA DRBG Private Key: Function G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session Authenticati on Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Run Execute Global API Status of KAS-FFC Crypto HTTPS HTTPS Indicator command HTTPS (TLSv1.2) Officer over over and to execute over KAS-ECC - TLS DH TLSv1.2 TLSv1.2 Successfu HTTPS TLSv1.2 (TLSv1.2) Private Key: Function Function. l HTTPS over establishme KTS G,W,E over TLSv1.2 nt. (TLSv1.2 - TLS DH TLSv1.2 service. with AES Public Key: log and HMAC) G,R,W message. KTS - TLS Peer (TLSv1.2 DH Public with AES- Key: W,E © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 29

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access GCM) - TLS DH RSA SigGen Shared (SSHv2, Secret: TLSv1.2, G,W,E IKEv2) - TLS RSA SigVer ECDH (SSHv2, Private Key: TLSv1.2, G,W,E IKEv2) - TLS ECDSA ECDH SigGen Public Key: (SSHv2, G,R,W TLSv1.2, - TLS Peer IKEv2) ECDH ECDSA Public Key: SigVer W,E (SSHv2, - TLS TLSv1.2, ECDH IKEv2) Shared TLSv1.2 Secret: Session G,W,E Encrypt/Decr - TLS RSA ypt Private Key: TLSv1.2 G,W,E Session - TLS RSA Authenticatio Public Key: n G,R,W TLSv1.2 - TLS Keying ECDSA Materials Private Key: Development G,W,E DRBG - TLS Function ECDSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session Authenticati on Key: G,W,E © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 30

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Run Execute Global API Status of KAS-FFC Crypto IPsec/IKE IPsec/IKE Indicator command IPsec/IKEv (IKEv2) Officer v2 v2 and to execute 2 secure KAS-ECC Functions Functions Successfu IPsec/IKE tunnel (IKEv2) IPsec/IKEv2 l v2 establishme RSA SigGen DH Private IPsec/IKE nt (SSHv2, Key: G,W,E v2 log TLSv1.2, message. IKEv2) IPsec/IKEv2 RSA SigVer DH Public (SSHv2, Key: G,R,W TLSv1.2, IKEv2) IPsec/IKEv2 ECDSA Peer DH SigGen Public Key: (SSHv2, W,E TLSv1.2, IKEv2) IPsec/IKEv2 ECDSA DH Shared SigVer Secret: (SSHv2, G,W,E TLSv1.2, IKEv2) IPsec/IKEv2 IPsec/IKEv2 ECDH Session Private Key: Encrypt/Decr G,W,E ypt IPsec/IKEv2 IPsec/IKEv2 Session ECDH Authenticatio Public Key: n G,R,W IPsec/IKEv2 Keying IPsec/IKEv2 Materials Peer ECDH Development Public Key: © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 31

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access DRBG W,E Function IPsec/IKEv2 ECDH Shared Secret: G,W,E IPsec/IKEv2 RSA Private Key: G,W,E IPsec/IKEv2 RSA Public Key: G,W,E IPsec/IKEv2 ECDSA Private Key: G,W,E IPsec/IKEv2 ECDSA Public Key: G,W,E IPsec/IKEv2 Pre-Shared Key: G,W,E SKEYSEED : G,W,E IPsec/IKEv2 Session Encryption Key: G,W,E IPsec/IKEv2 Authenticati on Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 32

Name Descripti Indicator Inputs Outputs Security SSP on Functions Access G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E Run Execute Global API Status of SNMPv3 Crypto SNMPv3 SNMPv3 Indicator command SNMPv3 Session Officer Functions Function. and to execute service. Encrypt/Decr - SNMPv3 Successfu SNMPv3 ypt Authenticati l SNMPv3 service. SNMPv3 on/ Privacy log Session Password: message. Authenticatio W,E n - SNMPv3 SNMPv3 Encryption Keying Key: G,W,E Materials - SNMPv3 Development Authenticati on Key: G,W,E Table 14: Approved Services

4.4 Non-Approved Services
4.5 External Software/Firmware Loaded
4.6 Bypass Actions and Status
4.7 Cryptographic Output Actions and Status

The module implements Self-initiated cryptographic output capability without external operator request. The Crypto Officer shall configure self-initiated cryptographic output capability. Prior to executing the self-initiated cryptographic output capability, the module conducts two independent internal actions to activate the capability to prevent the inadvertent output due to a single error. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 33
5 Software/Firmware Security
5.1 Integrity Techniques

The module is provided in the form of binary executable code. To ensure firmware security, the library is protected by RSA 2048 SigVer with SHA-512 (RSA and SHA-512 Cert. #A4595) signature calculated at build time. At crypto module library initialization, the signature is recalculated and compared to the hardcoded build-time generated signature value. If at load time the signature does not match, the crypto module library exits with error. If failure occurs during self-test, all crypto functionality is disabled.

5.2 Initiate on Demand

Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the integrity test on-demand.

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Non-Modifiable The module is a firmware hybrid module, which is operated in a non-modifiable operational environment per FIPS 140-3 level 1 specifications. The module’s firmware version running on each tested platform 7.4.2. The module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevent unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators.

7 Physical Security

The module is running on the multi-chip standalone production grade platform to meet physical security requirements from FIPS 140-3 level

  1. The module’s Tested Operational Environment’s Physical Perimeter (TOEPP) is drawn at the casing of the tested platforms in Table
  2. The module’s tested platforms consist of production-grade components.
8 Non-Invasive Security

N/A for this module. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 34
9 Sensitive Security Parameters Management
9.1 Storage Areas

Storage Description Persistence Area Type Name DRAM Volatile memory provided by the ESXi host for the module Dynamic temporary. Flash Non-Volatile memory provided by the ESXi host for the module to Static retain memory across power-cycles. Table 15: Storage Areas

9.2 SSP Input-Output Methods

Name From To Format Distribution Entry SFI or Type Type Type Algorithm Peer Public External TOEPP Plaintext Automated Electronic Key Input (Outside of the TOEPP) Module TOEPP External Plaintext Automated Electronic Public Key (Outside Output of the TOEPP) Secret Input External TOEPP Encrypted Automated Electronic KTS (SSHv2 via SSHv2 (Outside with AESencrypted by of the GCM) GCM TOEPP) Secret Input External TOEPP Encrypted Automated Electronic KTS (SSHv2 via SSHv2 (Outside with AES encrypted by of the and HMAC) AES and TOEPP) HMAC Secret Input External TOEPP Encrypted Automated Electronic KTS via TLS (Outside (TLSv1.2 encrypted by of the with AESGCM TOEPP) GCM) Secret Input External TOEPP Encrypted Automated Electronic KTS via TLS (Outside (TLSv1.2 encrypted by of the with AES AES and TOEPP) and HMAC) HMAC Table 16: SSP Input-Output Methods

9.3 SSP Zeroization Methods

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 35

Zeroization Description Rationale Operator Initiation Method Zeroization CO issues The zeroization command will Delete the virtual Command zeroization service erase all SSPs stored in the machine from the DRAM and Flash of the module. VMware ESXi host. Session Zeroization upon Session termination will Terminate session Termination session automatically zeroize all session termination based temporary SSPs Reboot Zeroization upon Reboot to zeroize all temporary Reboot rebooting the SSPs stored in volatile memory module Table 17: SSP Zeroization Methods

9.4 SSPs

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h DRBG Used to 384 bits Entropy DRBG Entropy seed the - at least Input - CSP Function Input DRBG 256 bits DRBG Seed Used in 256 bits DRBG DRBG DRBG - 256 Seed - CSP Function Generation bits DRBG Used in 256 bits DRBG DRBG Internal DRBG - 256 Internal Function State V Generation bits State V value value - CSP DRBG Key Used in 256 bits DRBG Key DRBG DRBG - 256 - CSP Function Generation bits SSH DH Used to MODP- Private Key KAS- KAS-FFC Private Key derive the 2048, - CSP FFC (SSHv2) SSH DH MODP- (SSHv2) Shared 3072, Secret MODP-

4096 -
112 to
152 bits

SSH DH Used to MODP- Public Key - KAS-FFC Public Key derive SSH 2048, PSP (SSHv2) DH Shared MODPSecret 3072, MODP-

4096 -
112 to
152 bits

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 36

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h SSH Peer Used to MODP- Public Key - KAS-FFC DH Public derive SSH 2048, PSP (SSHv2) Key DH Shared MODPSecret 3072, MODP-

4096 -
112 to
152 bits

SSH DH Used to MODP- Shared KAS-FFC KAS-FFC Shared derive SSH 2048, Secret - (SSHv2) (SSHv2) Secret Session MODP- CSP Encryption 3072, Keys, SSH MODPSession 4096 Authenticati 112 to on Keys 152 bits SSH ECDH Used to Curves: Private Key KAS- KAS-ECC Private Key derive the P-256, - CSP ECC (SSHv2) SSH ECDH P-384, (SSHv2) Shared P-521 Secret 128 to

256 bits

SSH ECDH Used to Curves: Public Key - KAS-ECC Public Key derive the P-256, PSP (SSHv2) SSH ECDH P-384, Shared P-521 Secret 128 to

256 bits

SSH Peer Used to Curves: Public Key - KAS-ECC ECDH derive SSH P-256, PSP (SSHv2) Public Key DH Shared P-384, Secret P-521 -

128 to
256 bits

SSH ECDH Used to Curves: Shared KAS-ECC KAS-ECC Shared derive SSH P-256, Secret - (SSHv2) (SSHv2) Secret Session P-384, CSP Encryption P-521 Keys, SSH 128 to Session 256 bits Authenticati on Keys SSH RSA Used for Modulus Private Key RSA RSA SigGen Private Key SSH 2048 - CSP KeyGen (SSHv2, session and (SSHv2, TLSv1.2, authenticati 3072 TLSv1.2, IKEv2) on bits - IKEv2) © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 37

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h

112 to
128 bits

SSH RSA Used for Modulus Public Key - RSA Public Key SSH 2048 PSP KeyGen session and (SSHv2, authenticati 3072 TLSv1.2, on bits - IKEv2)

112 to
128 bits

SSH Used for Curves: Private Key ECDSA ECDSA ECDSA SSH P-256, - CSP KeyGen SigGen Private Key session P-384, (SSHv2, (SSHv2, authenticati P-521 - TLSv1.2, TLSv1.2, on 128 to IKEv2) IKEv2)

256 bits

SSH Used for Curves: Public Key - ECDSA ECDSA SSH P-256, PSP KeyGen Public Key session P-384, (SSHv2, authenticati P-521 - TLSv1.2, on 128 to IKEv2)

256 bits

SSH Used for 128, 256 Symmetric SSHv2 SSHv2 Session SSH bits - Key - CSP Keying Session Encryption session 128, 256 Materials Encrypt/Decr Key confidentiali bits Developm ypt ty ent protection SSH Used for At least Session SSHv2 SSHv2 Session SSH 160 bits Key - CSP Keying Session Authenticati Session - At least Materials Authenticatio on Key integrity 160 bits Developm n protection ent TLS DH Used to ffdhe204 Private Key KAS- KAS-FFC Private Key Derive TLS 8, - CSP FFC (TLSv1.2) DH Shared ffdhe307 (TLSv1.2 Secret 2, ) ffdhe409

6 - 112

to 152 bits TLS DH Used to ffdhe204 Public Key - KAS-FFC Public Key Derive TLS 8, PSP (TLSv1.2) DH Shared ffdhe307 Secret 2, ffdhe409

6 - 112

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 38

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h to 152 bits TLS Peer Used to ffdhe204 Public Key - KAS-FFC DH Public derive TLS 8, PSP (TLSv1.2) Key DH Shared ffdhe307 Secret 2, ffdhe409

6 - 112

to 152 bits TLS DH Used to ffdhe204 Shared KAS-FFC KAS-FFC Shared Derive TLS 8, Secret - (TLSv1.2) (TLSv1.2) Secret Session ffdhe307 CSP Encryption 2, Key and ffdhe409 TLS 6 - 112 Session to 152 Authenticati bits on Key TLS ECDH Used to Curves: Private Key KAS- KAS-ECC Private Key Derive TLS P-256, - CSP ECC (TLSv1.2) ECDH P-384, (TLSv1.2 Shared P-521 - ) Secret 128 to

256 bits

TLS ECDH Used to Curves: Public Key - KAS-ECC Public Key Derive TLS P-256, PSP (TLSv1.2) ECDH P-384, Shared P-521 Secret 128 to

256 bits

TLS Peer Used to Curves: Public Key - KAS-ECC ECDH derive TLS P-256, PSP (TLSv1.2) Public Key ECDH P-384, Shared P-521 Secret 128 to

256 bits

TLS ECDH Used to Curves: Shared KAS-ECC KAS-ECC Shared Derive TLS P-256, Secret - (TLSv1.2) (TLSv1.2) Secret Session P-384, CSP Encryption P-521 Key and 128 to TLS 256 bits Session Authenticati on Key © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 39

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h TLS RSA Used to Modulus Private Key RSA RSA SigGen Private Key support CO 2048 - CSP KeyGen (SSHv2, HTTPS and (SSHv2, TLSv1.2, interfaces 3072 TLSv1.2, IKEv2) bits - IKEv2)

112 to
128 bits

TLS RSA Used to Modulus Public Key - RSA Public Key support CO 2048 PSP KeyGen HTTPS and (SSHv2, interfaces 3072 TLSv1.2, bits - IKEv2)

112 to
128 bits

TLS ECDSA Used to Curves: Private Key ECDSA ECDSA Private Key support CO P-256, - CSP KeyGen SigGen HTTPS P-384, (SSHv2, (SSHv2, interfaces P-521 - TLSv1.2, TLSv1.2,

128 to IKEv2) IKEv2)
256 bits

TLS ECDSA Used to Curves: Public Key - ECDSA Public Key support CO P-256, PSP KeyGen HTTPS P-384, (SSHv2, interfaces P-521 - TLSv1.2,

128 to IKEv2)
256 bits

TLS Master Used to 384 bits Master TLSv1.2 TLSv1.2 Secret protect - 384 Secret - Keying Session HTTPS bits CSP Materials Encrypt/Decr Session Developm ypt ent TLSv1.2 Session Authenticatio n TLS Used to 128, 256 Symmetric TLSv1.2 TLSv1.2 Session protect bits - Key - CSP Keying Session Encryption HTTPS 128, 256 Materials Encrypt/Decr Key Session bits Developm ypt ent TLS Used to 160, Message TLSv1.2 TLSv1.2 Session authenticat 256, 384 Authenticati Keying Session Authenticati e HTTPS bits - on Key - Materials Authenticatio on Key Session 160, CSP Developm n 256, 384 ent bits © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 40

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h IPsec/IKEv2 Used to MODP- Private Key KAS- KAS-FFC DH Private derive 2048, - CSP FFC (IKEv2) Key IPsec/IKEv MODP- (IKEv2)

2 DH 3072,
112 to
152 bits

IPsec/IKEv2 Used to MODP- Public Key - KAS-FFC DH Public derive 2048, PSP (IKEv2) Key IPsec/IKEv MODP-

2 DH 3072,
112 to
152 bits

IPsec/IKEv2 Used to MODP- Public Key - KAS-FFC Peer DH derive 2048, PSP (IKEv2) Public Key IPsec/IKEv MODP-

2 DH 3072,
112 to
152 bits

IPsec/IKEv2 Used to MODP- Shared KAS-FFC KAS-FFC DH Shared derive 2048, Secret - (IKEv2) (IKEv2) Secret IPsec/IKEv MODP- CSP

2 Session 3072,
112 to
152 bits

IPsec/IKEv2 Used to Curves: Private key KAS- KAS-ECC ECDH derive P-256, - CSP ECC (IKEv2) Private Key IPsec/IKEv P-384, (IKEv2)

2 ECDH P-521 -

Shared 128 to Secret 256 bits IPsec/IKEv2 Used to Curves: Public Key - KAS-ECC ECDH derive P-256, PSP (IKEv2) Public Key IPsec/IKEv P-384,

2 ECDH P-521 -

Shared 128 to Secret 256 bits IPsec/IKEv2 Used to Curves: Public Key - KAS-ECC Peer ECDH derive P-256, PSP (IKEv2) Public Key IPsec/IKEv P-384, © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 41

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h

2 ECDH P-521 -

Shared 128 to Secret 256 bits IPsec/IKEv2 Used to Curves: Shared KAS-ECC KAS-ECC ECDH derive P-256, Secret - (IKEv2) (IKEv2) Shared IPsec/IKEv P-384, CSP Secret 2 ECDH P-521 Shared 128 to Secret 256 bits IPsec/IKEv2 Used for Modulus Private Key RSA RSA SigGen RSA Private IPsec/IKEv 2048 - CSP KeyGen (SSHv2, Key 2 and (SSHv2, TLSv1.2, authenticati 3072 TLSv1.2, IKEv2) on bits - IKEv2)

112 to
128 bits

IPsec/IKEv2 Used for Modulus Public Key RSA RSA Public IPsec/IKEv 2048 - PSP KeyGen Key 2 and (SSHv2, authenticati 3072 TLSv1.2, on bits - IKEv2)

112 to
128 bits

IPsec/IKEv2 Used for Curves: Private Key ECDSA ECDSA ECDSA IPsec/IKEv P-256, - CSP KeyGen SigGen Private Key 2 P-384, (SSHv2, (SSHv2, authenticati P-521 - TLSv1.2, TLSv1.2, on 128 to IKEv2) IKEv2)

256 bits

IPsec/IKEv2 Used for Curves: Public Key - ECDSA ECDSA IPsec/IKEv P-256, PSP KeyGen Public Key 2 P-384, (SSHv2, authenticati P-521 - TLSv1.2, on 128 to IKEv2)

256 bits

IPsec/IKEv2 Used for 16-32 Shared Pre-Shared IPsec/IKEv characte Secret Key 2 rs - 128 CSP authenticati to 256 on bits SKEYSEED Keying 160 bits Keying IPsec/IKEv IPsec/IKEv2 material - 160 Material - 2 Keying Session used to bits CSP Materials Encrypt/Decr derive the Developm ypt IPSec/IKE ent IPsec/IKEv2 Session Session Encryption © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 42

Name Descriptio Size - Type - Generat Establishe Used By n Strengt Category ed By d By h Key and Authenticatio IPSec/IKE n Authenticati on Key IPsec/IKEv2 Used to 128, Symmetric IPsec/IKEv IPsec/IKEv2 Session secure 192, 256 Key - CSP 2 Keying Session Encryption IPsec/IKEv bits - Materials Encrypt/Decr Key 2 session 128, Developm ypt confidentiali 192, 256 ent ty bits IPsec/IKEv2 Used to at least Message IPsec/IKEv IPsec/IKEv2 Authenticati secure 160 bits Authenticati 2 Keying Session on Key IPsec/IKEv - at least on Key - Materials Authenticatio

2 session 160 bits CSP Developm n

authenticati ent on SNMPv3 Used for 8-32 Authenticati Authenticati SNMPv3 characte on on/ Privacy user rs - 64 to Password Password authenticati 256 bits CSP on SNMPv3 Used for 128 bits Symmetric SNMPv3 SNMPv3 Encryption SNMPv3 - 128 Key - CSP Keying Session Key confidentiali bits Materials Encrypt/Decr ty Developm ypt ent SNMPv3 Used for At least Authenticati SNMPv3 SNMPv3 Authenticati SNMPv3 112 bits on Key - Keying Session on Key authenticati - At least CSP Materials Authenticatio on 112 bits Developm n ent Table 18: SSP Table 1 Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n DRBG DRAM:Plaintex Until Zeroization DRBG Seed:Used Entropy Input t Reboot Command With Reboot DRBG Internal State V value:Used With DRBG Key:Used With DRBG Seed DRAM:Plaintex Until Zeroization DRBG Entropy t Reboot Command Input:Used With Reboot DRBG Internal State V value:Used © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 43

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n With DRBG Key:Used With DRBG DRAM:Plaintex Until Zeroization DRBG Entropy Internal State t Reboot Command Input:Used With V value Reboot DRBG Seed:Used With DRBG Key:Used With DRBG Key DRAM:Plaintex Until Zeroization DRBG Entropy t Reboot Command Input:Used With Reboot DRBG Seed:Used With DRBG Internal State V value:Used With SSH DH DRAM:Plaintex While SSH Zeroization SSH DH Public Private Key t session is Command Key:Paired With active Session SSH Peer DH Terminatio Public Key:Used n With Reboot SSH DH Module DRAM:Plaintex While SSH Zeroization SSH DH Private Public Key Public t session is Command Key:Paired With Key active Session Output Terminatio n Reboot SSH Peer DH Peer DRAM:Plaintex While SSH Zeroization SSH DH Private Public Key Public t session is Command Key:Used With Key Input active Session Terminatio n Reboot SSH DH DRAM:Plaintex While SSH Zeroization SSH DH Private Shared t session is Command Key:Derived From Secret active Session SSH Peer DH Terminatio Public Key:Derived n From Reboot SSH ECDH DRAM:Plaintex While SSH Zeroization SSH ECDH Public Private Key t session is Command Key:Paired With active Session SSH Peer ECDH Terminatio Public Key:Used n With Reboot © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 44

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n SSH ECDH Module DRAM:Plaintex While SSH Zeroization SSH ECDH Private Public Key Public t session is Command Key:Paired With Key active Session Output Terminatio n Reboot SSH Peer Peer DRAM:Plaintex While SSH Zeroization SSH ECDH Private ECDH Public Public t session is Command Key:Used With Key Key Input active Session Terminatio n Reboot SSH ECDH DRAM:Plaintex While SSH Zeroization SSH ECDH Private Shared t session is Command Key:Derived From Secret active Session SSH Peer ECDH Terminatio Public Key:Derived n From Reboot SSH RSA Flash:Plaintext Zeroization SSH RSA Public Private Key Command Key:Paired With SSH RSA Module Flash:Plaintext Zeroization SSH RSA Private Public Key Public Command Key:Paired With Key Output Secret Input via SSHv2 encrypte d by GCM Secret Input via SSHv2 encrypte d by AES and HMAC SSH ECDSA Flash:Plaintext Zeroization SSH ECDSA Public Private Key Command Key:Paired With SSH ECDSA Module Flash:Plaintext Zeroization SSH ECDSA Public Key Public Command Private Key:Paired Key With Output Secret Input via SSHv2 encrypte d by © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 45

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n GCM Secret Input via SSHv2 encrypte d by AES and HMAC SSH Session DRAM:Plaintex While SSH Zeroization SSH Session Encryption t session is Command Authentication Key active Session Key:Used With Terminatio n Reboot SSH Session DRAM:Plaintex While SSH Zeroization SSH Session Authentication t session is Command Encryption Key active Session Key:Used With Terminatio n Reboot TLS DH DRAM:Plaintex While TLS Zeroization TLS DH Public Private Key t session is Command Key:Paired With active Session TLS Peer DH Terminatio Public Key:Used n With Reboot TLS DH Module DRAM:Plaintex While TLS Zeroization TLS DH Private Public Key Public t session is Command Key:Paired With Key active Session Output Terminatio n Reboot TLS Peer DH Peer DRAM:Plaintex While TLS Zeroization TLS DH Private Public Key Public t session is Command Key:Used With Key Input active Session Terminatio n Reboot TLS DH DRAM:Plaintex While TLS Zeroization TLS DH Private Shared t session is Command Key:Derived From Secret active Session TLS Peer DH Terminatio Public Key:Derived n From Reboot TLS ECDH DRAM:Plaintex While TLS Zeroization TLS ECDH Public Private Key t session is Command Key:Paired With active Session TLS Peer ECDH Terminatio © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 46

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n n Public Key:Used Reboot With TLS ECDH Module DRAM:Plaintex While TLS Zeroization TLS ECDH Private Public Key Public t session is Command Key:Paired With Key active Session Output Terminatio n Reboot TLS Peer Peer DRAM:Plaintex While TLS Zeroization TLS ECDH Private ECDH Public Public t session is Command Key:Used With Key Key Input active Session Terminatio n Reboot TLS ECDH DRAM:Plaintex While TLS Zeroization TLS ECDH Private Shared t session is Command Key:Derived From Secret active Session TLS Peer ECDH Terminatio Public Key:Derived n From Reboot TLS RSA Flash:Plaintext Zeroization TLS RSA Public Private Key Command Key:Paired With TLS RSA Module Flash:Plaintext Zeroization TLS RSA Private Public Key Public Command Key:Paired With Key Output Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC TLS ECDSA Flash:Plaintext Zeroization TLS ECDSA Public Private Key Command Key:Paired With TLS ECDSA Module Flash:Plaintext Zeroization TLS ECDSA Public Key Public Command Private Key:Paired Key With Output Secret Input via TLS © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 47

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC TLS Master DRAM:Plaintex While TLS Zeroization TLS DH Shared Secret t session is Command Secret:Derived active Session From Terminatio TLS ECDH Shared n Secret:Derived Reboot From TLS Session DRAM:Plaintex While TLS Zeroization TLS Session Encryption t session is Command Authentication Key active Session Key:Used With Terminatio TLS Master n Secret:Derived Reboot From TLS Session DRAM:Plaintex While TLS Zeroization TLS Session Authentication t session is Command Encryption Key active Session Key:Used With Terminatio TLS Master n Secret:Derived Reboot From IPsec/IKEv2 DRAM:Plaintex While Zeroization IPsec/IKEv2 DH DH Private t IPsec/IKEv Command Public Key:Paired Key 2 tunnel is Session With active Terminatio IPsec/IKEv2 Peer n DH Public Reboot Key:Used With IPsec/IKEv2 Module DRAM:Plaintex While Zeroization IPsec/IKEv2 DH DH Public Public t IPsec/IKEv Command Private Key:Paired Key Key 2 tunnel is Session With Output active Terminatio n Reboot IPsec/IKEv2 Peer DRAM:Plaintex While Zeroization IPsec/IKEv2 DH Peer DH Public t IPsec/IKEv Command Private Key:Used Public Key Key Input 2 tunnel is Session With active Terminatio n Reboot © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 48

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n IPsec/IKEv2 DRAM:Plaintex While Zeroization SKEYSEED:Used DH Shared t IPsec/IKEv Command With Secret 2 tunnel is Session active Terminatio n Reboot IPsec/IKEv2 DRAM:Plaintex While Zeroization IPsec/IKEv2 ECDH ECDH Private t IPsec/IKEv Command Public Key:Paired Key 2 tunnel is Session With active Terminatio IPsec/IKEv2 Peer n ECDH Public Reboot Key:Used With IPsec/IKEv2 Module DRAM:Plaintex While Zeroization IPsec/IKEv2 ECDH ECDH Public Public t IPsec/IKEv Command Private Key:Paired Key Key 2 tunnel is Session With Output active Terminatio n Reboot IPsec/IKEv2 Peer DRAM:Plaintex While Zeroization IPsec/IKEv2 ECDH Peer ECDH Public t IPsec/IKEv Command Private Key:Used Public Key Key Input 2 tunnel is Session With active Terminatio n Reboot IPsec/IKEv2 DRAM:Plaintex While Zeroization IPsec/IKEv2 ECDH ECDH Shared t IPsec/IKEv Command Private Secret 2 tunnel is Session Key:Derived From active Terminatio IPsec/IKEv2 Peer n ECDH Public Reboot Key:Derived From SKEYSEED:Used With IPsec/IKEv2 Flash:Plaintext Zeroization IPsec/IKEv2 RSA RSA Private Command Public Key:Paired Key With IPsec/IKEv2 Module Flash:Plaintext Zeroization IPsec/IKEv2 RSA RSA Public Public Command Private Key:Paired Key Key With Output Secret Input via TLS encrypte d by GCM Secret Input via TLS © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 49

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n encrypte d by AES and HMAC IPsec/IKEv2 Flash:Plaintext Zeroization IPsec/IKEv2 ECDSA Command ECDSA Public Private Key Key:Paired With IPsec/IKEv2 Module Flash:Plaintext Zeroization IPsec/IKEv2 ECDSA Public Command ECDSA Private Public Key Key Key:Paired With Output Secret Input via TLS encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC IPsec/IKEv2 Secret Flash:Plaintext Zeroization SKEYSEED:Derive Pre-Shared Input via Command d to Key TLS encrypte d by GCM Secret Input via TLS encrypte d by AES and HMAC SKEYSEED DRAM:Plaintex While Zeroization IPsec/IKEv2 DH t IPsec/IKEv Command Shared

2 tunnel is Session Secret:Derived

active Terminatio From n IPsec/IKEv2 ECDH Reboot Shared Secret:Derived From IPsec/IKEv2 PreShared Key:Derived From © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 50

Name Input - Storage Storage Zeroizatio Related SSPs Output Duration n IPsec/IKEv2 DRAM:Plaintex While Zeroization SKEYSEED:Derive Session t IPsec/IKEv Command d From Encryption 2 tunnel is Session Key active Terminatio n Reboot IPsec/IKEv2 DRAM:Plaintex While Zeroization SKEYSEED:Derive Authentication t IPsec/IKEv Command d From Key 2 tunnel is Session active Terminatio n Reboot SNMPv3 Secret Flash:Plaintext Zeroization SNMPv3 Authentication Input via Command Encryption / Privacy TLS Key:Derived to Password encrypte SNMPv3 d by Authentication GCM Key:Derived to Secret Input via TLS encrypte d by AES and HMAC SNMPv3 DRAM:Plaintex While Zeroization SNMPv3 Encryption t SNMPv3 Command Authentication/ Key tunnel is Session Privacy active Terminatio Password:Derived n From Reboot SNMPv3 Authentication Key:Used With SNMPv3 DRAM:Plaintex While Zeroization SNMPv3 Authentication t SNMPv3 Command Authentication/ Key tunnel is Session Privacy active Terminatio Password:Derived n From Reboot SNMPv3 Encryption Key:Used With Table 19: SSP Table 2

9.5 Transitions

SHA-1 © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 51

The module includes an implementation of SHA-1 for hashing and digital signature verification. This implementation will be non-Approved for all uses starting January 1, 2031 FIPS 186-4/186-5 As of February 5, 2024, the CMVP does not accept module submissions that implement DSA or RSA X9.31 in the approved mode, other than for signature verification which is approved for legacy use. This module does not implement DSA or RSA X9.31 for signature generation and therefore is unaffected by the current transition from 186-4 to 186-5. As detailed in section 2.7, the CAVP testing performed on the 186-4 algorithms is mathematically similar to the testing performed on the 186-5 algorithms and therefore this module claims compliance with 186-5. This means that no timeline exists in which any of the implemented algorithms will transition from approved to non-approved.

10 Self-Tests
10.1 Pre-Operational Self-Tests

Algorithm or Test Test Properties Test Test Type Indicator Details Method RSA SigVer RSA 2048 SigVer KAT SW/FW Module is in RSA (FIPS186-4) with SHA2-512 Integrity normal state SigVer (A4595) Table 20: Pre-Operational Self-Tests The module performs the following self-tests, including Pre-operational and Conditional selftests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). The self-test success or failure results are an output of the return value of the library load API call, which is functioning as the self-test status indicator. If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.

10.2 Conditional Self-Tests

Algorithm or Test Test Test Test Indicat Details Condition Propertie Metho Type or s s d AES-CBC encrypt KAT 256 bits KAT CAS Module Encrypt Power up (A4595) T is in normal state AES-CBC decrypt KAT 256 bits KAT CAS Module Decrypt Power up (A4595) T is in normal state © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 52

Algorithm or Test Test Test Test Indicat Details Condition Propertie Metho Type or s s d AES-GCM authenticated 256 bits KAT CAS Module Authenticat Power up encrypt KAT (A4595) T is in ed Encrypt normal state AES-GCM authenticated 256 bits KAT CAS Module Authenticat Power up decrypt KAT (A4595) T is in ed Decrypt normal state Counter DRBG AES-128 KAT CAS Module Instantiate, Power up Instantiate/Generate/Res T is in Generate, eed KAT (A4595) normal and Reseed state KATs ECDSA SigGen Curve P- KAT CAS Module ECDSA Power up (FIPS186-4) KAT 256 with T is in SigGen (A4595) SHA2- normal KAT

256 state

ECDSA SigVer Curve P- KAT CAS Module ECDSA Power up (FIPS186-4) KAT 256 with T is in SigVer KAT (A4595) SHA2- normal

256 state

Entropy Source RCT Repetitio RCT CAS Module N/A Power up Start-up Health Tests n Count T is in Test normal (RCT) state Entropy Source APT Adaptive APT CAS Module N/A Power up Start-up Health Tests Proportio T is in n Test normal (APT) state Entropy Source RCT Repetitio RCT CAS Module N/A Performed Continuous Health Tests n Count T is in continuous Test normal ly as (RCT) state entropy source is active Entropy Source APT Adaptive APT CAS Module N/A Performed Continuous Health Tests Proportio T is in continuous n Test normal ly as (APT) state entropy source is active HMAC-SHA-1 KAT SHA-1 KAT CAS Module N/A Power up (A4595) T is in normal state HMAC-SHA2-224 KAT SHA2- KAT CAS Module N/A Power up (A4595) 224 T is in © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 53

Algorithm or Test Test Test Test Indicat Details Condition Propertie Metho Type or s s d normal state HMAC-SHA2-256 KAT SHA2- KAT CAS Module N/A Power up (A4595) 256 T is in normal state HMAC-SHA2-384 KAT SHA2- KAT CAS Module N/A Power up (A4595) 384 T is in normal state HMAC-SHA2-512 KAT SHA2- KAT CAS Module N/A Power up (A4595) 512 T is in normal state KAS-ECC-SSC Sp800- Curve P- KAT CAS Module Primitive Z Power up 56Ar3 KAT (A4595) 256 T is in KAT normal state KAS-FFC-SSC Sp800- MODP- KAT CAS Module Primitive Z Power up 56Ar3 KAT (A4595) 2048 T is in KAT normal state KDF IKEv2 KAT (A4595) N/A KAT CAS Module N/A Power up T is in normal state KDF SNMP KAT (A4595) N/A KAT CAS Module N/A Power up T is in normal state KDF SSH KAT (A4595) N/A KAT CAS Module N/A Power up T is in normal state RSA SigGen (FIPS186-4) 2048 bit KAT CAS Module RSA Power up KAT (A4595) modulus T is in SigGen with normal KAT SHA2- state RSA SigVer (FIPS186-4) 2048 bit KAT CAS Module RSA SigVer Power up KAT (A4595) modulus T is in KAT with normal SHA2- state TLS v1.2 KDF RFC7627 N/A KAT CAS Module N/A Power up KAT (A4595) T is in © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 54

Algorithm or Test Test Test Test Indicat Details Condition Propertie Metho Type or s s d normal state ECDSA KeyGen Curve P- PCT PCT Module ECDSA Performs (FIPS186-4) PCT 256 with is in all required (A4595) SHA2- normal pair-wise

256 state consistenc

y tests on the newly generated key pairs before the first operational use. KAS-ECC-SSC Sp800- Curve P- PCT PCT Module N/A Performs 56Ar3 PCT (A4595) 256 with is in all required SHA2- normal pair-wise

256 state consistenc

y tests on the newly generated key pairs before the first operational use. KAS-FFC-SSC Sp800- MODP- PCT PCT Module N/A Performs 56Ar3 PCT (A4595) 2048 is in all required normal pair-wise state consistenc y tests on the newly generated key pairs before the first operational use. RSA KeyGen (FIPS186- 2048 bit PCT PCT Module RSA Performs 4) PCT (A4595) modulus is in all required normal pair-wise state consistenc y tests on the newly generated key pairs before the © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 55

Algorithm or Test Test Test Test Indicat Details Condition Propertie Metho Type or s s d first operational use. Table 21: Conditional Self-Tests The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.3 Periodic Self-Test Information

Algorithm or Test Method Test Type Period Periodic Test Method RSA SigVer KAT SW/FW Integrity Recommend 60 Reboot (FIPS186-4) Days (A4595) Table 22: Pre-Operational Periodic Information Algorithm or Test Test Method Test Type Period Periodic Method AES-CBC encrypt KAT KAT CAST Recommend Reboot (A4595) 60 Days AES-CBC decrypt KAT KAT CAST Recommend Reboot (A4595) 60 Days AES-GCM authenticated KAT CAST Recommend Reboot encrypt KAT (A4595) 60 Days AES-GCM authenticated KAT CAST Recommend Reboot decrypt KAT (A4595) 60 Days Counter DRBG KAT CAST Recommend Reboot Instantiate/Generate/Reseed 60 Days KAT (A4595) ECDSA SigGen (FIPS186-4) KAT CAST Recommend Reboot KAT (A4595) 60 Days ECDSA SigVer (FIPS186-4) KAT CAST Recommend Reboot KAT (A4595) 60 Days Entropy Source RCT Start- RCT CAST Recommend Reboot up Health Tests 60 Days Entropy Source APT Start- APT CAST Recommend Reboot up Health Tests 60 Days Entropy Source RCT RCT CAST N/A N/A Continuous Health Tests Entropy Source APT APT CAST N/A N/A Continuous Health Tests HMAC-SHA-1 KAT (A4595) KAT CAST Recommend Reboot

60 Days

© 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 56

Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA2-224 KAT KAT CAST Recommend Reboot (A4595) 60 Days HMAC-SHA2-256 KAT KAT CAST Recommend Reboot (A4595) 60 Days HMAC-SHA2-384 KAT KAT CAST Recommend Reboot (A4595) 60 Days HMAC-SHA2-512 KAT KAT CAST Recommend Reboot (A4595) 60 Days KAS-ECC-SSC Sp800- KAT CAST Recommend Reboot 56Ar3 KAT (A4595) 60 Days KAS-FFC-SSC Sp800- KAT CAST Recommend Reboot 56Ar3 KAT (A4595) 60 Days KDF IKEv2 KAT (A4595) KAT CAST Recommend Reboot

60 Days

KDF SNMP KAT (A4595) KAT CAST Recommend Reboot

60 Days

KDF SSH KAT (A4595) KAT CAST Recommend Reboot

60 Days

RSA SigGen (FIPS186-4) KAT CAST Recommend Reboot KAT (A4595) 60 Days RSA SigVer (FIPS186-4) KAT CAST Recommend Reboot KAT (A4595) 60 Days TLS v1.2 KDF RFC7627 KAT CAST Recommend Reboot KAT (A4595) 60 Days ECDSA KeyGen (FIPS186- PCT PCT Recommend Reboot 4) PCT (A4595) 60 Days KAS-ECC-SSC Sp800- PCT PCT Recommend Reboot 56Ar3 PCT (A4595) 60 Days KAS-FFC-SSC Sp800- PCT PCT Recommend Reboot 56Ar3 PCT (A4595) 60 Days RSA KeyGen (FIPS186-4) PCT PCT Recommend Reboot PCT (A4595) 60 Days Table 23: Conditional Periodic Information The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.

10.4 Error States

Name Description Conditions Recovery Indicator Method Error If self-test tests fail, the module is Self-test Reboot the System State put into an error state. failure module halt Table 24: Error States © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.

Page 57

If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational integrity test and the conditional CASTs.

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module meets all the Level 1 requirements for FIPS 140-3. The Crypto Officer must configure and enforce the following initialization steps. Operating this module without maintaining the following settings will put the module into a non-compliant state. Step 1: Log in with the default username admin and the password Admin123. Step 2: The first time you log in to the Module, you are prompted to accept the End User License Agreement (EULA) and to change the admin password. You will be prompted with the CLI setup wizard. See the following guidelines:

Page 58
11.2 Administrator Guidance

No specific Administrator guidance.

11.3 Non-Administrator Guidance

No specific Non-Administrator guidance.

12 Mitigation of Other Attacks

N/A for this module. © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.