| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Firmware-hybrid |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 1/14/2031 |
| Caveat | When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy |
| Vendor | Cisco Systems, Inc |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A4595 |
| AES-GCM | A4595 |
| Counter DRBG | A4595 |
| ECDSA KeyGen (FIPS186-4) | A4595 |
| ECDSA SigGen (FIPS186-4) | A4595 |
| ECDSA SigVer (FIPS186-4) | A4595 |
| HMAC-SHA-1 | A4595 |
| HMAC-SHA2-224 | A4595 |
| HMAC-SHA2-256 | A4595 |
| HMAC-SHA2-384 | A4595 |
| HMAC-SHA2-512 | A4595 |
| KAS-ECC-SSC Sp800-56Ar3 | A4595 |
| KAS-FFC-SSC Sp800-56Ar3 | A4595 |
| KDF SNMP (CVL) | A4595 |
| KDF SSH (CVL) | A4595 |
| RSA KeyGen (FIPS186-4) | A4595 |
| RSA SigGen (FIPS186-4) | A4595 |
| RSA SigVer (FIPS186-4) | A4595 |
| SHA-1 | A4595 |
| SHA2-224 | A4595 |
| SHA2-256 | A4595 |
| SHA2-384 | A4595 |
| SHA2-512 | A4595 |
| TLS v1.2 KDF RFC7627 (CVL) | A4595 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Non-Invasive Security | N/A |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Cisco Firepower Management Center Virtual Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>SNMPv3 Session Encrypt/Decrypt</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Cisco Firepower Management Center Virtual Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>SSHv2 Session Encrypt/Decrypt<br/>TLSv1.2 Session Encrypt/Decrypt<br/>SNMPv3 Session Encrypt/Decrypt</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Cisco Systems, Inc Cisco Firepower Management Center Virtual Cryptographic Module Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA © 2021-2026 Cisco Systems, Inc. Cisco Systems logo is registered trademark of Cisco Systems, Inc.
| # | Section | Page |
|---|---|---|
| 1 | General | 5 |
| 1.1 | Overview | 5 |
| 1.2 | Security Levels | 5 |
| 2 | Cryptographic Module Specification | 5 |
| 2.1 | Description | 5 |
| 2.2 | Tested and Vendor Affirmed Module Version and Identification | 7 |
| 2.3 | Excluded Components | 8 |
| 2.4 | Modes of Operation | 8 |
| 2.5 | Algorithms | 8 |
| 2.6 | Security Function Implementations | 10 |
| 2.7 | Algorithm Specific Information | 15 |
| 2.8 | RBG and Entropy | 15 |
| 2.9 | Key Generation | 16 |
| 2.10 | Key Establishment | 17 |
| 2.11 | Industry Protocols | 17 |
| 3 | Cryptographic Module Interfaces | 17 |
| 3.1 | Ports and Interfaces | 17 |
| 4 | Roles, Services, and Authentication | 18 |
| 4.1 | Authentication Methods | 18 |
| 4.2 | Roles | 18 |
| 4.3 | Approved Services | 18 |
| 4.4 | Non-Approved Services | 26 |
| 4.5 | External Software/Firmware Loaded | 26 |
| 4.6 | Bypass Actions and Status | 26 |
| 4.7 | Cryptographic Output Actions and Status | 26 |
| 5 | Software/Firmware Security | 27 |
| 5.1 | Integrity Techniques | 27 |
| 5.2 | Initiate on Demand | 27 |
| 6 | Operational Environment | 27 |
| 6.1 | Operational Environment Type and Requirements | 27 |
| 7 | Physical Security | 27 |
| 8 | Non-Invasive Security | 27 |
| 9 | Sensitive Security Parameters Management | 28 |
| 9.1 | Storage Areas | 28 |
| 9.2 | SSP Input-Output Methods | 28 |
| 9.3 | SSP Zeroization Methods | 28 |
| 9.4 | SSPs | 29 |
| 9.5 | Transitions | 39 |
| 10 | Self-Tests | 39 |
| 10.1 | Pre-Operational Self-Tests | 39 |
| 10.2 | Conditional Self-Tests | 40 |
| 10.3 | Periodic Self-Test Information | 43 |
| 10.4 | Error States | 45 |
| 11 | Life-Cycle Assurance | 45 |
| 11.1 | Installation, Initialization, and Startup Procedures | 45 |
| 11.2 | Administrator Guidance | 46 |
| 11.3 | Non-Administrator Guidance | 46 |
| 12 | Mitigation of Other Attacks | 46 |
| Item | Page |
|---|---|
| Table 1: Security Levels | 5 |
| Table 2: Tested Module Identification – Software, Firmware, Hybrid (Executable Code Sets) | 7 |
| Table 3: Tested Module Identification – Hybrid Disjoint Hardware | 7 |
| Table 4: Tested Operational Environments - Software, Firmware, Hybrid | 7 |
| Table 5: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid | 7 |
| Table 6: Modes List and Description | 8 |
| Table 7: Approved Algorithms | 9 |
| Table 8: Vendor-Affirmed Algorithms | 9 |
| Table 9: Security Function Implementations | 15 |
| Table 10: Entropy Certificates | 15 |
| Table 11: Entropy Sources | 16 |
| Table 12: Ports and Interfaces | 18 |
| Table 13: Roles | 18 |
| Table 14: Approved Services | 26 |
| Table 15: Storage Areas | 28 |
| Table 16: SSP Input-Output Methods | 28 |
| Table 17: SSP Zeroization Methods | 29 |
| Table 18: SSP Table 1 | 34 |
| Table 19: SSP Table 2 | 39 |
| Table 20: Pre-Operational Self-Tests | 39 |
| Table 21: Conditional Self-Tests | 43 |
| Table 22: Pre-Operational Periodic Information | 43 |
| Table 23: Conditional Periodic Information | 44 |
| Table 24: Error States | 45 |
| Figure 1 Block Diagram | 6 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | 1 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | N/A |
| Overall Level | Overall Level | 1 |
Center Virtual VMware Cryptographic Module (hereinafter referred to as the Module or FMCv) with firmware version 7.4.2. The following details how this module meets the security requirements of FIPS 140-3, SP 800-140 and ISO/IEC 19790 for a Security Level 1 firmware The security requirements cover areas related to the design and implementation of a cryptographic module. These areas include cryptographic module specification; cryptographic indicates the actual security levels for each area of the cryptographic module.
Purpose and Use: This module is a multi-chip standalone firmware hybrid cryptographic module deployed as the virtualized version of the Cisco Firepower Management Center with underlying operating system identified as Linux 4 (also referred to as Firepower eXtensible Operating System or FX-OS) throughout this document. The Module’s operational environment is non-modifiable. The module is the administrative nerve center for managing critical Cisco network security solutions. It provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection, quickly and easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks. It is a key part of the broad and integrated Cisco Secure portfolio, delivering in-depth © 2021-2026 Cisco Systems, Inc.
analysis, streamlined security management across the network and cloud, and accelerated incident investigation and response, working across Cisco and third-party technologies. The Firewall Management Center (FMC) discovers real-time information about changing network resources and operations. The Management Center is the centralized point for event and policy management for the following solutions:
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | 7.4.2 | Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | HMAC- SHA2-512 | ||||||||
| UCS C220 M5S SFF Server | UCS C220 M5S SFF Server | 1.0 | VMware ESXi 7.0 | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX- OS) | Linux 4 (FX- OS) | UCS C220 M5S SFF Server | 7.4.2 | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | 7.4.2 | Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | HMAC- SHA2-512 | ||||||||
| UCS C220 M5S SFF Server | UCS C220 M5S SFF Server | 1.0 | VMware ESXi 7.0 | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX- OS) | Linux 4 (FX- OS) | UCS C220 M5S SFF Server | 7.4.2 | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | 7.4.2 | Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | HMAC- SHA2-512 | ||||||||
| UCS C220 M5S SFF Server | UCS C220 M5S SFF Server | 1.0 | VMware ESXi 7.0 | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX- OS) | Linux 4 (FX- OS) | UCS C220 M5S SFF Server | 7.4.2 | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
| Name | Model | Operating System | Hardware Platform | Hardware Version | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | 7.4.2 | Cisco_Secure_FW_Mgmt_Center_Virtual300_VMware- 7.4.2-172.tar.gz | HMAC- SHA2-512 | ||||||||
| UCS C220 M5S SFF Server | UCS C220 M5S SFF Server | 1.0 | VMware ESXi 7.0 | Intel Xeon Platinum 8160 (Skylake) | |||||||
| Linux 4 (FX- OS) | Linux 4 (FX- OS) | UCS C220 M5S SFF Server | 7.4.2 | Intel Xeon Platinum 8160 (Skylake) | Yes | VMware ESXi 7.0 | |||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C220 M7 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C225 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C240 M6 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS C480 M5 SFF Server w/ESXi 7.0 | |||||||||
| Linux 4 (FX-OS) | Linux 4 (FX-OS) | UCS-E1100D M6 SFF Server w/ESXi 7.0 |
Tested Module Identification
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A4595 | Key Length - 128, 256 | SP 800-38A |
| AES-GCM | A4595 | Key Length - 128, 256 | SP 800-38D |
| Counter DRBG | A4595 | Prediction Resistance - Yes Mode - AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 |
| ECDSA SigVer (FIPS186-4) | A4595 | Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 |
| HMAC-SHA-1 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A4595 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods - P- 256, P-384, P-521 | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 | SP 800-56A Rev. 3 |
| KDF SNMP (CVL) | A4595 | Password Length - Password Length: 256, 64 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A4595 | Cipher - AES-128, AES-192, AES-256 | SP 800-135 Rev. 1 |
| RSA KeyGen (FIPS186-4) | A4595 | Modulo - 2048, 3072 | FIPS 186-4 |
| RSA SigGen (FIPS186-4) | A4595 | Modulo - 2048, 3072 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A4595 | Modulo - 2048, 3072 | FIPS 186-4 |
| Safe Primes Key Generation | A4595 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp- 4096 | SP 800-56A Rev. 3 |
| SHA-1 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-224 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-256 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-384 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| SHA2-512 | A4595 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 |
| TLS v1.2 KDF RFC7627 (CVL) | A4595 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
N/A for this module. Modes List and Description: Table 6: Modes List and Description The module has one Approved mode of operation and does not implement a Non-Approved following the steps in section 11 of this document, the module will only operate in the Approved mode of operation. The module doesn’t claim the implementation of a degraded mode
Approved Algorithms: © 2021-2026 Cisco Systems, Inc.
| Name | Properties | I | |
|---|---|---|---|
| CKG | Key Type:Asymmetric | N/A | The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per sections 4 and 5 in SP800-133rev2 (vendor affirmed) and FIPS 140-3 IG D.H. A seed (i.e., the random value) used in asymmetric key generation is a direct output from SP800-90Arev1 CTR_DRBG (A4595) |
Table 7: Approved Algorithms Implementation Reference N/A Table 8: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: © 2021-2026 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| KAS-FFC (SSHv2) | Full KAS-FFC Key Agreement used for SSHv2 service | KAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter Generation: MODP-2048, MODP-3072, MODP-4096 Safe Primes Key Generation: (A4595) KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 112 and 152 bits of security strength IG : IG D.F Path 2, Scenario 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-ECC (SSHv2) | Full KAS-ECC Key Agreement used for SSHv2 service | KAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 KDF SSH: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL |
| KAS-FFC (TLSv1.2) | Full KAS-FFC Key Agreement used for TLSv1.2 service | KAS-FFC-SSC Sp800-56Ar3: (A4595) Domain Parameter | CKG KAS-Full | Caveat:Key establishment methodology provides between 112 and 152 bits |
N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. Non-Approved, Not Allowed Algorithms: N/A for this module.
| Name | Description | Role Access | Approved Functions | Type |
|---|---|---|---|---|
| KAS-ECC (TLSv1.2) | Full KAS-ECC Key Agreement used for TLSv1.2 service | Caveat:Key establishment methodology provides between 128 and 256 bits of security strength IG : IG D.F Scenario 2, Path 2, Split Key Confirmation : No Key Derivation : IG 2.4.B SP 800- 135rev1 CVL | KAS-ECC-SSC Sp800-56Ar3: (A4595) Curves: P-256, P-384, P-521 TLS v1.2 KDF RFC7627: (A4595) Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | CKG KAS-Full |
| KTS (SSHv2 with AES and HMAC) | KTS via SSHv2 service by using AES and HMAC | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:"combination" method: use any approved symmetric encryption mode together with an approved authentication method | AES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) SHA-1: (A4595) SHA2-256: (A4595) | KTS-Unwrap KTS-Wrap |
| KTS (SSHv2 with AES-GCM) | KTS via SSHv2 service by using AES-GCM | Caveat:Key establishment methodology | AES-GCM: (A4595) | KTS-Unwrap KTS-Wrap |
| Name | Type | Description | Strength | Use |
|---|---|---|---|---|
| KTS (TLSv1.2 with AES and HMAC) | KTS-Unwrap KTS-Wrap | KTS via TLSv1.2 service by using AES and HMAC | AES-CBC: (A4595) Key Length: 128, 256 HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) | Caveat:Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G: "combination" method: use any approved symmetric encryption mode together with an approved authentication method |
| KTS (TLSv1.2 with AES-GCM) | KTS-Unwrap KTS-Wrap | KTS via TLSv1.2 service by using AES- GCM | AES-GCM: (A4595) Key Length: 128, 256 | Caveat: Key establishment methodology provides 128 or 256 bits of security strength Standard:SP 800- 38F IG D.G:method: use of any approved authenticated symmetric encryption mode |
| RSA KeyGen (SSHv2, TLSv1.2) | AsymKeyPair- KeyGen CKG | RSA KeyGen for SSHv2 and TLSv1.2 services | RSA KeyGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bits Counter DRBG: |
AsymKeyPairKeyGen © 2021-2026 Cisco Systems, Inc.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| RSA SigGen (SSHv2, TLSv1.2) | RSA SigGen for SSHv2 and TLSv1.2 services | RSA SigGen (FIPS186-4): (A4595) Modulus: 2048, 3072 bits | DigSig-SigGen |
| RSA SigVer (SSHv2, TLSv1.2) | RSA SigVer for SSHv2 and TLSv1.2 services | RSA SigVer (FIPS186-4): (A4595) Modulus: 2048, 3072 bits | DigSig-SigVer |
| ECDSA KeyGen (SSHv2, TLSv1.2) | ECDSA KeyGen for SSHv2 and TLSv1.2 services | ECDSA KeyGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 Counter DRBG: (A4595) CKG: () Key Type: Asymmetric | AsymKeyPair- KeyGen |
| ECDSA SigGen (SSHv2, TLSv1.2) | ECDSA SigGen for SSHv2 and TLSv1.2 services | ECDSA SigGen (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 | DigSig-SigGen |
| ECDSA SigVer (SSHv2, TLSv1.2) | ECDSA SigVer for SSHv2 and TLSv1.2 services | ECDSA SigVer (FIPS186-4): (A4595) Curves: P-256, P-384, P-521 | DigSig-SigVer |
| SSHv2 Session Encrypt/Decrypt | SSHv2 session protection. | AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 | BC-Auth BC-UnAuth |
| SSHv2 Session Authentication | SSHv2 Session Authentication. | SHA-1: (A4595) SHA2-256: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) | MAC |
| SSHv2 Keying Materials Development | SSHv2 session keying materials, used to derive SSHv2 session keys. | KDF SSH: (A4595) | KAS-135KDF |
| TLSv1.2 Session Encrypt/Decrypt | TLSv1.2 session protection. | AES-CBC: (A4595) Key Length: 128, 256 AES-GCM: (A4595) Key Length: 128, 256 | BC-Auth BC-UnAuth |
| TLSv1.2 Session Authentication | TLSv1.2 session authentication. | SHA-1: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) | MAC |
| TLSv1.2 Keying Materials Development | TLSv1.2 session keying materials, used to derive TLS session keys. | TLS v1.2 KDF RFC7627: (A4595) | KAS-135KDF |
| SNMPv3 Session Encrypt/Decrypt | SNMPv3 session protection. | AES-CBC: (A4595) Key Length: 128, 256 | BC-UnAuth |
| SNMPv3 Session Authentication | SNMPv3 session authentication. | SHA-1: (A4595) SHA2-224: (A4595) SHA2-256: (A4595) SHA2-384: (A4595) HMAC-SHA-1: (A4595) HMAC-SHA2- 224: (A4595) HMAC-SHA2- 256: (A4595) HMAC-SHA2- 384: (A4595) | MAC |
| SNMPv3 Keying Materials Development | SNMPv3 session keying materials, used to derive SNMPv3 session keys. | KDF SNMP: (A4595) | KAS-135KDF |
| DRBG Function | Used for DRBG generation | Counter DRBG: (A4595) | DRBG |
Table 9: Security Function Implementations
Table 10: Entropy Certificates © 2021-2026 Cisco Systems, Inc.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| Cisco Jitter Entropy Source | Non- Physical | 256 bits | Intel Xeon Platinum 8160 (Skylake) | Full entropy | A2810 (SHA3- 256) |
NonPhysical Table 11: Entropy Sources A2810 (SHA3256) The module employs a Deterministic Random Bit Generator (DRBG) implementation based on SP800-90Arev1. This DRBG is used internally by the module (e.g. to generate symmetric keys, seeds for asymmetric key pairs, and random numbers for security functions). The DRBG implemented is an AES-256 Counter DRBG, seeded by the entropy source described in the table above. The Counter DRBG utilizes the Derivation Function and employs prediction resistance. The DRBG is instantiated with a 384-bits long entropy input (corresponding to 384 bits of entropy). Additionally, the DRBG is reseeded with a 256-bits long entropy input (corresponding
The module implements Cryptographic Key Generation (CKG, vendor affirmed), compliant with SP 800- 133r2. When random values are required, they are obtained from the SP 800-90Ar1 approved DRBG, compliant with Section 4 of SP 800-133r2. The following methods are implemented:
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | Arguments for an API that provide the data to be used for processed by the module. |
| N/A | N/A | Data Output | Arguments output from an API call. |
| N/A | N/A | Control Input | Arguments for an API call used to control and configure module operation. |
| N/A | N/A | Control Output | Arguments for an API call used to control and configure a connected Approved Cisco Firewall Thread Defense module. |
| N/A | N/A | Status Output | Return values, and/or log messages. |
| N/A | N/A | Power | Provide the Power Supply to the module. |
The module provides the following key/SSP establishment services in the approved mode of KAS-FFC Shared Secret Computation:
7919 (TLS). Note that the module only implements domain parameter generation, key
pair generation and verification, and shared secret computation.
The module supports SSHv2, TLSv1.2 and SNMPv3 industrial protocols. No parts of SSHv2, TLSv1.2 or SNMPv3 protocols, other than the KDFs, have been tested by the CAVP and CMVP. Please refer to SSPs Table for more information.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Show Status | Provide Module's current status | Crypto Officer | None | None | API comman d to show status. | Module's current status. | |||
| Show Version | Provide Module's name/ID | Crypto Officer | None | None | API comman | Module's name "Secure |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | Crypto Officer | Role | None | ||||||
| Show Status | Provide Module's current status | Crypto Officer | None | None | API comman d to show status. | Module's current status. | |||
| Show Version | Provide Module's name/ID | Crypto Officer | None | None | API comman | Module's name "Secure | |||
| and versioning informatio n. | and versioning informatio n. | d "show version" | Firewall Manageme nt Center for VMWare" and versioning information | ||||||
| Perform Self- Tests | Perform Self-Tests (Pre- operationa l self-tests and Conditiona l Self- Tests) | Crypto Officer | None | None | API comman ds to conduct on- demand Self- Tests. | Status of the self- tests results. | |||
| Perform Zeroizati on | Perform Zeroizatio n. | Crypto Officer - DRBG Entropy Input: Z - DRBG Seed: Z - DRBG Internal State V value: Z - DRBG Key: Z - SSH DH Private Key: Z - SSH DH Public Key: Z - SSH Peer DH Public Key: Z - SSH DH Shared Secret: Z - SSH ECDH Private Key: Z - SSH ECDH Public Key: | None | None | API comman ds to conduct Zeroizati on operation or Power down the tested platform. | Status of the SSPs zeroization. |
N/A N/A Table 12: Ports and Interfaces The module’s physical perimeter encompasses the case of the tested platform mentioned in Table 2. The module provides its logical interfaces via Application Programming Interface (API) calls. The logical interfaces provided by the module are mapped onto the FIPS 140-3 interfaces (data input, data output, control input, control output and status output) as follows.
Table 13: Roles The module supports Crypto Officer (CO) role. The module does not allow concurrent operators. The Crypto Officer is implicitly assumed based on the service requested.
The following tables detail the types of approved services available to each role in approved mode of operation, the types of access for each role and the Keys or SSPs they affect.
SelfTests n n. (Preoperationa l SelfTests) n. ondemand SelfTests. the selftests © 2021-2026 Cisco Systems, Inc. Z Z Z
| Name | Csps Accessed | Descriptio | Security |
|---|---|---|---|
| n | Access | n | Functions |
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Configur e Network | Sets configurati on of the systems. | Crypto Officer | None | None | API comman ds to configure the module. | Status of the completion of network related configuratio n. |
| Configur e SSHv2 Function | Configure SSHv2 Function | Crypto Officer - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2) ECDSA KeyGen (SSHv2, TLSv1.2) DRBG Function | Global Indicator and SSHv2 configurati on success status message. | API comman ds to configure SSHv2. | Status of the completion of SSHv2 configuratio n. |
| Configur e HTTPS over TLSv1.2 Function | Configure HTTPS over TLSv1.2 Function. | Crypto Officer - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - DRBG Entropy Input: | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) RSA KeyGen (SSHv2, TLSv1.2) ECDSA KeyGen (SSHv2, TLSv1.2) DRBG Function | Global Indicator and HTTPS over TLSv1.2 configurati on success status message. | API comman ds to configure HTTPS over TLSv1.2 | Status of the completion of HTTPS over TLSv1.2 configuratio n. |
| Configur e SNMPv3 Function | Configure SNMPv3 Function | Crypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticati on Key: G,W,E | KTS (TLSv1.2 with AES and HMAC) KTS (TLSv1.2 with AES- GCM) SNMPv3 Keying Materials Development | Global Indicator and SNMPv3 configurati on on success status message. | API comman ds to configure SNMPv3. | Status of the completion of SNMPv3 configuratio n. |
| Run SSHv2 Function | Execute SSHv2 Function | Crypto Officer - SSH DH Private Key: G,W,E - SSH DH Public Key: G,R,W - SSH Peer DH Public Key: W,E - SSH DH Shared Secret: G,W,E - SSH ECDH Private Key: G,W,E - SSH ECDH Public Key: G,R,W - SSH Peer | KAS-FFC (SSHv2) KAS-ECC (SSHv2) KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2) RSA SigVer (SSHv2, TLSv1.2) ECDSA SigGen (SSHv2, TLSv1.2) ECDSA SigVer (SSHv2, TLSv1.2) | Global Indicator and Successful SSHv2 log message. | API comman ds to execute SSHv2 service. | Status of SSHv2 secure tunnel establishme nt. |
| SSHv2 Session Encrypt/Decr ypt SSHv2 Session Authenticatio n SSHv2 Keying Materials Development DRBG Function | ECDH Public Key: W,E - SSH ECDH Shared Secret: G,W,E - SSH RSA Private Key: G,W,E - SSH RSA Public Key: G,R,W - SSH ECDSA Private Key: G,W,E - SSH ECDSA Public Key: G,R,W - SSH Session Encryption Key: G,W,E - SSH Session Authenticati on Key: G,W,E - DRBG Entropy Input: G,W,E - DRBG Seed: G,W,E - DRBG Internal State V value: G,W,E - DRBG Key: G,W,E | SSHv2 Session Encrypt/Decr ypt SSHv2 Session Authenticatio n SSHv2 Keying Materials Development DRBG Function | ||||
| Run HTTPS over | Execute HTTPS over | Crypto Officer - TLS DH Private Key: | KAS-FFC (TLSv1.2) KAS-ECC (TLSv1.2) | Global Indicator and Successful | API comman d to execute | Status of HTTPS over TLSv1.2 |
| TLSv1.2 Function | TLSv1.2 Function. | G,W,E - TLS DH Public Key: G,R,W - TLS Peer DH Public Key: W,E - TLS DH Shared Secret: G,W,E - TLS ECDH Private Key: G,W,E - TLS ECDH Public Key: G,R,W - TLS Peer ECDH Public Key: W,E - TLS ECDH Shared Secret: G,W,E - TLS RSA Private Key: G,W,E - TLS RSA Public Key: G,R,W - TLS ECDSA Private Key: G,W,E - TLS ECDSA Public Key: G,R,W - TLS Master Secret: G,W,E - TLS Session Encryption Key: G,W,E - TLS Session | KTS (SSHv2 with AES and HMAC) KTS (SSHv2 with AES- GCM) RSA SigGen (SSHv2, TLSv1.2) RSA SigVer (SSHv2, TLSv1.2) ECDSA SigGen (SSHv2, TLSv1.2) ECDSA SigVer (SSHv2, TLSv1.2) TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n TLSv1.2 Keying Materials Development DRBG Function | HTTPS over TLSv1.2 log message. | HTTPS over TLSv1.2 service. | establishme nt. |
| Run SNMPv3 Function | Execute SNMPv3 Function. | Crypto Officer - SNMPv3 Authenticati on/ Privacy Password: W,E - SNMPv3 Encryption Key: G,W,E - SNMPv3 Authenticati on Key: G,W,E | SNMPv3 Session Encrypt/Decr ypt SNMPv3 Session Authenticatio n SNMPv3 Keying Materials Development | Global Indicator and Successful SNMPv3 log message. | API comman d to execute SNMPv3 service. | Status of SNMPv3 service. |
n n. n. © 2021-2026 Cisco Systems, Inc. with AESGCM) with AESGCM) G,W,E G,R,W G,W,E G,R,W G,W,E G,W,E G,W,E G,W,E G,R,W G,W,E G,R,W
n e n. with AESGCM) with AESGCM) © 2021-2026 Cisco Systems, Inc. G,W,E G,W,E G,W,E W,E G,W,E G,W,E G,R,W G,W,E G,W,E G,R,W
n © 2021-2026 Cisco Systems, Inc. with AESGCM) n G,W,E G,R,W G,W,E G,W,E G,R,W W,E G,W,E G,W,E G,R,W G,W,E G,R,W G,W,E
The module is provided in the form of binary executable code. To ensure the firmware security, the module is protected by HMAC-SHA2-512 (HMAC Certs. #A4595) algorithm. The firmware integrity test key (non-SSP) was preloaded to the module’s binary the factory and used for firmware integrity test only at the pre-operational self-test. At Module’s initialization, the integrity of the runtime executable is verified using a HMAC-SHA2-512 digest which is compared to a value computed at build time. If at the load time the MAC does not match the stored, known MAC value, the module would enter to an Error state with all crypto functionality inhibited.
Integrity test is performed as part of the Pre-Operational Self-Tests. It is automatically executed at power-on. The operator can power-cycle or reboot the tested platform to initiate the firmware integrity test on-demand.
Type of Operational Environment: Non-Modifiable The module is a firmware hybrid module, which is operated in a non-modifiable operational environment per FIPS 140-3 level 1 specifications. The module’s firmware version running on each tested platform is 7.4.2. The module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevent unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators.
The module is running on the multi-chip standalone production grade platform to meet physical security requirements from FIPS 140-3 level
N/A for this module. © 2021-2026 Cisco Systems, Inc.
| Name | Type | Description |
|---|---|---|
| DRAM | Dynamic | Volatile memory provided by the ESXi host for the module temporary. |
| Flash | Static | Non-Volatile memory provided by the ESXi host for the module to retain memory across power-cycles. |
| Name | Approved Functions | Type | From | To | ||
|---|---|---|---|---|---|---|
| Peer Public Key Input | Plaintext | External (Outside of the TOEPP) | TOEPP | Automated | Electronic | |
| Module Public Key Output | Plaintext | TOEPP | External (Outside of the TOEPP) | Automated | Electronic | |
| Secret Input via SSHv2 encrypted by GCM | KTS (SSHv2 with AES- GCM) | Encrypted | External (Outside of the TOEPP) | TOEPP | Automated | Electronic |
| Secret Input via SSHv2 encrypted by AES and HMAC | KTS (SSHv2 with AES and HMAC) | Encrypted | External (Outside of the TOEPP) | TOEPP | Automated | Electronic |
| Secret Input via TLS encrypted by GCM | KTS (TLSv1.2 with AES- GCM) | Encrypted | External (Outside of the Module's Boundary) | TOEPP | Automated | Electronic |
| Secret Input via TLS encrypted by AES and HMAC | KTS (TLSv1.2 with AES and HMAC) | Encrypted | External (Outside of the Module's Boundary) | TOEPP | Automated | Electronic |
with AESGCM) with AESGCM) Table 16: SSP Input-Output Methods
| Name | Type | Description | Strength | Generation | Establishment | Zeroization | Use | Operator Initiation Delete the virtual machine from the VMware ESXi host. |
|---|---|---|---|---|---|---|---|---|
| Session termination will automatically zeroize all session based temporary SSPs | Zeroization upon session termination | Session Termination | Terminate session | |||||
| Reboot to zeroize all temporary SSPs stored in volatile memory | Zeroization upon rebooting the module | Reboot | Reboot | |||||
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 384 bits - at least 256 bits | DRBG Function | ||||
| DRBG Seed | DRBG Seed - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||||
| DRBG Internal State V value | DRBG Internal State V value - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||||
| DRBG Key | DRBG Key - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | ||||
| SSH DH Private Key | Private Key - CSP | Used to derive the SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS- FFC (SSHv2) | KAS-FFC (SSHv2) | |||
| SSH DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) |
| Name | Type | Description | Strength | Generation | Establishment | Storage | Zeroization | Use | Operator Initiation Delete the virtual machine from the VMware ESXi host. | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Session termination will automatically zeroize all session based temporary SSPs | Zeroization upon session termination | Session Termination | Terminate session | ||||||||
| Reboot to zeroize all temporary SSPs stored in volatile memory | Zeroization upon rebooting the module | Reboot | Reboot | ||||||||
| DRBG Entropy Input | Entropy Input - CSP | Used to seed the DRBG | 384 bits - at least 256 bits | DRBG Function | |||||||
| DRBG Seed | DRBG Seed - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | |||||||
| DRBG Internal State V value | DRBG Internal State V value - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | |||||||
| DRBG Key | DRBG Key - CSP | Used in DRBG Generation | 256 bits - 256 bits | DRBG Function | |||||||
| SSH DH Private Key | Private Key - CSP | Used to derive the SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS- FFC (SSHv2) | KAS-FFC (SSHv2) | ||||||
| SSH DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | |||||||
| SSH Peer DH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | |||||||
| SSH DH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | MODP- 2048, MODP- 3072, MODP- 4096 - 112 to 152 bits | KAS-FFC (SSHv2) | SSHv2 Keying Materials Development | ||||||
| SSH ECDH Private Key | Private Key - CSP | Used to derive the SSH ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS- ECC (SSHv2) | KAS-ECC (SSHv2) | ||||||
| SSH ECDH Public Key | Public Key - PSP | Used to derive the SSH ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | |||||||
| SSH Peer ECDH Public Key | Public Key - PSP | Used to derive SSH DH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | |||||||
| SSH ECDH Shared Secret | Shared Secret - CSP | Used to derive SSH Session Encryption Keys, SSH Session Authenticati on Keys | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (SSHv2) | SSHv2 Keying Materials Development | ||||||
| SSH RSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Modulus 2048 and 3072 bits - | RSA KeyGen (SSHv2, TLSv1.2) | RSA SigGen (SSHv2, TLSv1.2) | ||||||
| SSH RSA Public Key | Public Key - PSP | Used for SSH session authenticati on | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2) | |||||||
| SSH ECDSA Private Key | Private Key - CSP | Used for SSH session authenticati on | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2) | ECDSA SigGen (SSHv2, TLSv1.2) | ||||||
| SSH ECDSA Public Key | Public Key - PSP | Used for SSH session authenticati on | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA SigGen (SSHv2, TLSv1.2) | |||||||
| SSH Session Encryption Key | Symmetric Key - CSP | Used for SSH session confidentiali ty protection | 128, 256 bits - 128, 256 bits | SSHv2 Keying Materials Developm ent | SSHv2 Session Encrypt/Decr ypt | ||||||
| SSH Session Authenticati on Key | Session Key - CSP | Used for SSH Session integrity protection | At least 160 bits - At least 160 bits | SSHv2 Keying Materials Developm ent | SSHv2 Session Authenticatio n | ||||||
| TLS DH Private Key | Private Key - CSP | Used to Derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS- FFC (TLSv1.2 ) | KAS-FFC (TLSv1.2) | ||||||
| TLS DH Public Key | Public Key - PSP | Used to Derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 | KAS-FFC (TLSv1.2) | |||||||
| TLS Peer DH Public Key | Public Key - PSP | Used to derive TLS DH Shared Secret | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS-FFC (TLSv1.2) | |||||||
| TLS DH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and TLS Session Authenticati on Key | ffdhe204 8, ffdhe307 2, ffdhe409 6 - 112 to 152 bits | KAS-FFC (TLSv1.2) | TLSv1.2 Keying Materials Development | ||||||
| TLS ECDH Private Key | Private Key - CSP | Used to Derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS- ECC (TLSv1.2 ) | KAS-ECC (TLSv1.2) | ||||||
| TLS ECDH Public Key | Public Key - PSP | Used to Derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | |||||||
| TLS Peer ECDH Public Key | Public Key - PSP | Used to derive TLS ECDH Shared Secret | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | |||||||
| TLS ECDH Shared Secret | Shared Secret - CSP | Used to Derive TLS Session Encryption Key and TLS Session Authenticati on Key | Curves: P-256, P-384, P-521 - 128 to 256 bits | KAS-ECC (TLSv1.2) | TLSv1.2 Keying Materials Development | ||||||
| TLS RSA Private Key | Private Key - CSP | Used to support CO HTTPS interfaces | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2) | RSA SigGen (SSHv2, TLSv1.2) | ||||||
| TLS RSA Public Key | Public Key - PSP | Used to support CO HTTPS interfaces | Modulus 2048 and 3072 bits - 112 or 128 bits | RSA KeyGen (SSHv2, TLSv1.2) | |||||||
| TLS ECDSA Private Key | Private Key - CSP | Used to support CO HTTPS interfaces | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2) | ECDSA SigGen (SSHv2, TLSv1.2) | ||||||
| TLS ECDSA Public Key | Public Key - PSP | Used to support CO HTTPS interfaces | Curves: P-256, P-384, P-521 - 128 to 256 bits | ECDSA KeyGen (SSHv2, TLSv1.2) | |||||||
| TLS Master Secret | Master Secret - CSP | Used to protect HTTPS Session | 384 bits - 384 bits | TLSv1.2 Keying Materials Developm ent | TLSv1.2 Session Encrypt/Decr ypt TLSv1.2 Session Authenticatio n | ||||||
| TLS Session Encryption Key | Symmetric Key - CSP | Used to protect HTTPS Session | 128, 256 bits - 128, 256 bits | TLSv1.2 Keying Materials Developm ent | TLSv1.2 Session Encrypt/Decr ypt | ||||||
| TLS Session Authenticati on Key | Message Authenticati on Key - CSP | Used to authenticat e HTTPS Session | 160, 256, 384 bits - 160, 256, 384 bits | TLSv1.2 Keying Materials Developm ent | TLSv1.2 Session Authenticatio n | ||||||
| SNMPv3 Authenticati | Authenticati on | Used for SNMPv3 | 8-32 characte | ||||||||
| on/ Privacy Password | Password - CSP | user authenticati on | rs - 64 to 256 bits | ||||||||
| SNMPv3 Encryption Key | Symmetric Key - CSP | Used for SNMPv3 confidentiali ty | 128, 256 bits - 128 or 256 bits | SNMPv3 Keying Materials Developm ent | SSHv2 Session Encrypt/Decr ypt | ||||||
| SNMPv3 Authenticati on Key | Authenticati on key - CSP | Used for SNMPv3 authenticati on | At least 160 bits - At least 160 bits | SNMPv3 Keying Materials Developm ent | SNMPv3 Session Authenticatio n | ||||||
| DRBG Entropy Input | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||||
| DRBG Seed | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||||
| DRBG Internal State V value | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With | |||||||
| DRBG Key | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With | |||||||
| SSH DH Private Key | DRAM:Plaintext | Zeroization Command Session | While SSH | SSH DH Public Key:Paired With SSH Peer DH |
Table 17: SSP Zeroization Methods n h MODP2048, MODP3072, MODP2048, MODP3072, © 2021-2026 Cisco Systems, Inc. KASFFC
n h MODP2048, MODP3072, MODP2048, MODP3072, © 2021-2026 Cisco Systems, Inc. KASECC
n h n 8, 2, 8, 2, © 2021-2026 Cisco Systems, Inc. KASFFC )
n h 8, 2, 8, 2, © 2021-2026 Cisco Systems, Inc. KASECC )
| Name | Type | Description | Strength | Establishment | Storage | Zeroization | Use | Related SSPs | |
|---|---|---|---|---|---|---|---|---|---|
| on/ Privacy Password | Password - CSP | user authenticati on | rs - 64 to 256 bits | ||||||
| SNMPv3 Encryption Key | Symmetric Key - CSP | Used for SNMPv3 confidentiali ty | 128, 256 bits - 128 or 256 bits | SNMPv3 Keying Materials Developm ent | SSHv2 Session Encrypt/Decr ypt | ||||
| SNMPv3 Authenticati on Key | Authenticati on key - CSP | Used for SNMPv3 authenticati on | At least 160 bits - At least 160 bits | SNMPv3 Keying Materials Developm ent | SNMPv3 Session Authenticatio n | ||||
| DRBG Entropy Input | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Seed:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Seed | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Internal State V value:Used With DRBG Key:Used With | |||||
| DRBG Internal State V value | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Key:Used With | |||||
| DRBG Key | DRAM:Plaintext | Zeroization Command Reboot | Until Reboot | DRBG Entropy Input:Used With DRBG Seed:Used With DRBG Internal State V value:Used With | |||||
| SSH DH Private Key | DRAM:Plaintext | Zeroization Command Session | While SSH | SSH DH Public Key:Paired With SSH Peer DH |
n h Table 18: SSP Table 1 n © 2021-2026 Cisco Systems, Inc.
| Name | Storage | Zeroization | Use | Input | Session is active |
|---|---|---|---|---|---|
| SSH DH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH DH Private Key:Paired With | Module Public Key Output | While SSH session is active |
| SSH Peer DH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH DH Private Key:Used With | Peer Public Key Input | While SSH session is active |
| SSH DH Shared Secret | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH DH Private Key:Derived From SSH Peer DH Public Key:Derived From | While SSH session is active | |
| SSH ECDH Private Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH ECDH Public Key:Paired With SSH Peer ECDH Public Key:Used With | While SSH session is active | |
| SSH ECDH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH ECDH Private Key:Paired With | Module Public Key Output | While SSH session is active |
| SSH Peer ECDH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH ECDH Private Key:Used With | Peer Public Key Input | While SSH session is active |
| SSH ECDH Shared Secret | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH ECDH Private Key:Derived From SSH Peer ECDH Public Key:Derived From | While SSH session is active | |
| SSH RSA Private Key | Flash:Plaintext | Zeroization Command | SSH RSA Public Key:Paired With | ||
| SSH RSA Public Key | Flash:Plaintext | Zeroization Command | SSH RSA Private Key:Paired With | Module Public Key Output Secret Input via SSHv2 encrypted | |
| SSH ECDSA Private Key | Flash:Plaintext | Zeroization Command | SSH ECDSA Public Key:Paired With | ||
| SSH ECDSA Public Key | Flash:Plaintext | Zeroization Command | SSH ECDSA Private Key:Paired With | Module Public Key Output Secret Input via SSHv2 encrypted by GCM Secret Input via SSHv2 encrypted by AES and HMAC | |
| SSH Session Encryption Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH Session Authentication Key:Used With | While SSH session is active | |
| SSH Session Authentication Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SSH Session Encryption Key:Used With | While SSH session is active | |
| TLS DH Private Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS DH Public Key:Paired With TLS Peer DH Public Key:Used With | While TLS session is active | |
| TLS DH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS DH Private Key:Paired With | Module Public Key Output | While TLS session is active |
| TLS Peer DH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS DH Private Key:Used With | Peer Public Key Input | While TLS session is active |
| TLS DH Shared Secret | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS DH Private Key:Derived From TLS Peer DH Public Key:Derived From | While TLS session is active | |
| TLS ECDH Private Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS ECDH Public Key:Paired With TLS Peer ECDH Public Key:Used With | While TLS session is active | |
| TLS ECDH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS ECDH Private Key:Paired With | Module Public Key Output | While TLS session is active |
| TLS Peer ECDH Public Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS ECDH Private Key:Used With | Peer Public Key Input | While TLS session is active |
| TLS ECDH Shared Secret | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS ECDH Private Key:Derived From TLS Peer ECDH Public Key:Derived From | While TLS session is active | |
| TLS RSA Private Key | Flash:Plaintext | Zeroization Command | TLS RSA Public Key:Paired With | ||
| TLS RSA Public Key | Flash:Plaintext | Zeroization Command | TLS RSA Private Key:Paired With | Module Public Key Output Secret Input via TLS encrypted by GCM Secret Input via TLS encrypted by AES and HMAC | |
| TLS ECDSA Private Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Public Key:Paired With | ||
| TLS ECDSA Public Key | Flash:Plaintext | Zeroization Command | TLS ECDSA Private Key:Paired With | Module Public Key Output Secret Input via TLS encrypted by GCM Secret Input via TLS encrypted by AES and HMAC | |
| TLS Master Secret | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS DH Shared Secret:Derived From TLS ECDH Shared Secret:Derived From | While TLS session is active | |
| TLS Session Encryption Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS Session Authentication Key:Used With TLS Master Secret:Derived From | While TLS session is active | |
| TLS Session Authentication Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | TLS Session Encryption Key:Used With TLS Master Secret:Derived From | While TLS session is active | |
| SNMPv3 Authentication/ Privacy Password | Flash:Plaintext | Zeroization Command | SNMPv3 Encryption Key:Derived to SNMPv3 Authentication Key:Derived to | Secret Input via TLS encrypted by GCM Secret Input via TLS encrypted by AES | |
| SNMPv3 Encryption Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SNMPv3 Authentication/ Privacy Password:Derived From SNMPv3 Authentication Key:Used With | While SNMP session is active | |
| SNMPv3 Authentication Key | DRAM:Plaintext | Zeroization Command Session Termination Reboot | SNMPv3 Authentication/ Privacy Password:Derived From SNMPv3 Encryption Key:Used With | While SNMP session is active |
| Name | Algorithm Or Test | Test Method | Test Type | Details | Test Properties | Indicator |
|---|---|---|---|---|---|---|
| HMAC-SHA2- 512 (A4595) | HMAC-SHA2- 512 (A4595) | KAT | SW/FW Integrity | HMAC- SHA2-512 | MAC with HMAC- SHA2-512 | Module is in normal state |
SHA-1 The module includes an implementation of SHA-1 for hashing and digital signature verification. This implementation will be non-Approved for all uses starting January 1, 2031 FIPS 186-4/186-5 As of February 5, 2024, the CMVP does not accept module submissions that implement DSA or RSA X9.31 in the approved mode, other than for signature verification which is approved for legacy use. This module does not implement DSA or RSA X9.31 for signature generation and therefore is unaffected by the current transition from 186-4 to 186-5. As detailed in section 2.7, the CAVP testing performed on the 186-4 algorithms is mathematically similar to the testing performed on the 186-5 algorithms and therefore this module claims compliance with 186-5. This means that no timeline exists in which any of the implemented algorithms will transition from approved to non-approved.
Table 20: Pre-Operational Self-Tests © 2021-2026 Cisco Systems, Inc. HMACSHA2-512
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or | Condition s | |
|---|---|---|---|---|---|---|---|---|---|
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAS T | Encrypt | 256 bits | Module is in normal state | Power up | ||
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAS T | Decrypt | 256 bits | Module is in normal state | Power up | ||
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAS T | Authenticat ed Encrypt | 256 bits | Module is in normal state | Power up | ||
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAS T | Authenticat ed Decrypt | 256 bits | Module is in normal state | Power up | ||
| Counter DRBG Instantiate/Generate/Res eed KAT (A4595) | Counter DRBG Instantiate/Generate/Res eed KAT (A4595) | KAT | CAS T | Instantiate, Generate, and Reseed KATs | AES-128 | Module is in normal state | Power up | ||
| ECDSA SigGen (FIPS186-4) KAT (A4595) | ECDSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAS T | ECDSA SigGen KAT | Curve P- 256 with SHA2- 256 | Module is in normal state | Power up | ||
| ECDSA SigVer (FIPS186-4) KAT (A4595) | ECDSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAS T | ECDSA SigVer KAT | Curve P- 256 with SHA2- 256 | Module is in normal state | Power up | ||
| Entropy Source RCT Start-up Health Tests | Entropy Source RCT Start-up Health Tests | RCT | CAS T | N/A | Repetitio n Count Test (RCT) | Module is in normal state | Power up | ||
| Entropy Source APT Start-up Health Tests | Entropy Source APT Start-up Health Tests | APT | CAS T | N/A | Adaptive Proportio n Test (APT) | Module is in normal state | Power up | ||
| Entropy Source RCT Continuous Health Tests | Entropy Source RCT Continuous Health Tests | RCT | CAS T | N/A | Repetitio n Count Test (RCT) | Module is in normal state | Performed continuous ly as entropy source is active | ||
| Entropy Source APT Continuous Health Tests | Entropy Source APT Continuous Health Tests | APT | CAS T | N/A | Adaptive Proportio n Test (APT) | Module is in normal state | Performed continuous ly as entropy source is active | ||
| HMAC-SHA-1 KAT (A4595) | HMAC-SHA-1 KAT (A4595) | KAT | CAS T | N/A | SHA-1 | Module is in normal state | Power up | ||
| HMAC-SHA2-224 KAT (A4595) | HMAC-SHA2-224 KAT (A4595) | KAT | CAS T | N/A | SHA2- 224 | Module is in normal state | Power up | ||
| HMAC-SHA2-256 KAT (A4595) | HMAC-SHA2-256 KAT (A4595) | KAT | CAS T | N/A | SHA2- 256 | Module is in normal state | Power up | ||
| HMAC-SHA2-384 KAT (A4595) | HMAC-SHA2-384 KAT (A4595) | KAT | CAS T | N/A | SHA2- 384 | Module is in normal state | Power up | ||
| HMAC-SHA2-512 KAT (A4595) | HMAC-SHA2-512 KAT (A4595) | KAT | CAS T | N/A | SHA2- 512 | Module is in normal state | Power up | ||
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAS T | Primitive Z KAT | Curve P- 256 | Module is in normal state | Power up | ||
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAS T | Primitive Z KAT | MODP- 2048 | Module is in normal state | Power up | ||
| KDF SNMP KAT (A4595) | KDF SNMP KAT (A4595) | KAT | CAS T | N/A | N/A | Module is in | Power up | ||
| KDF SSH KAT (A4595) | KDF SSH KAT (A4595) | KAT | CAS T | N/A | N/A | Module is in normal state | Power up | ||
| RSA SigGen (FIPS186-4) KAT (A4595) | RSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAS T | RSA SigGen KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power up | ||
| RSA SigVer (FIPS186-4) KAT (A4595) | RSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAS T | RSA SigVer KAT | 2048 bit modulus with SHA2- 256 | Module is in normal state | Power up | ||
| TLS v1.2 KDF RFC7627 KAT (A4595) | TLS v1.2 KDF RFC7627 KAT (A4595) | KAT | CAS T | N/A | N/A | Module is in normal state | Power up | ||
| ECDSA KeyGen (FIPS186-4) PCT (A4595) | ECDSA KeyGen (FIPS186-4) PCT (A4595) | PCT | PCT | ECDSA | Curve P- 256 with SHA2- 256 | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operational use. | ||
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | N/A | Curve P- 256 with SHA2- 256 | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operational use. | ||
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | N/A | MODP- 2048 | Module is in | Performs all required pair-wise | ||
| normal state | normal state | consistenc y tests on the newly generated key pairs before the first operational use. | |||||||
| RSA KeyGen (FIPS186- 4) PCT (A4595) | RSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | RSA | 2048 bit modulus | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operational use. | ||
| HMAC-SHA2- 512 (A4595) | HMAC-SHA2- 512 (A4595) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
The module performs the following self-tests, including Pre-operational and Conditional selftests. Prior to the module providing any data output via the data output interface, the module performs and passes the pre-operational self-tests. Following the successful pre-operational self-tests, the module executes the Conditional Cryptographic Algorithm Self-tests (CASTs). The self-test success or failure results are an output of the return value of the library load API call, which is functioning as the self-test status indicator. If anyone of the self-tests fails, the module transitions into an error state and outputs the error message via the module’s status output interface. While the module is in the error state, all data through the data output interface and all cryptographic operations are disabled. The error state can only be cleared by reloading the module. All self-tests must be completed successfully before the module transitions to the operational state.
s d s T T T T T SHA2256 SHA2256 T T T N/A © 2021-2026 Cisco Systems, Inc.
s d s T N/A T N/A T N/A T N/A SHA2224 T N/A SHA2256 T N/A SHA2384 T N/A SHA2512 T N/A Curve P256 T MODP2048 T N/A T N/A © 2021-2026 Cisco Systems, Inc.
s d N/A T SHA2256 SHA2256 N/A T T T SHA2256 SHA2256 MODP2048 © 2021-2026 Cisco Systems, Inc. s N/A N/A N/A N/A
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or | Condition s | |
|---|---|---|---|---|---|---|---|---|---|
| normal state | normal state | consistenc y tests on the newly generated key pairs before the first operational use. | |||||||
| RSA KeyGen (FIPS186- 4) PCT (A4595) | RSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | RSA | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operational use. | 2048 bit modulus | ||
| HMAC-SHA2- 512 (A4595) | HMAC-SHA2- 512 (A4595) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicat or | Condition s | |
|---|---|---|---|---|---|---|---|---|---|
| normal state | normal state | consistenc y tests on the newly generated key pairs before the first operational use. | |||||||
| RSA KeyGen (FIPS186- 4) PCT (A4595) | RSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | RSA | Module is in normal state | Performs all required pair-wise consistenc y tests on the newly generated key pairs before the first operational use. | 2048 bit modulus | ||
| HMAC-SHA2- 512 (A4595) | HMAC-SHA2- 512 (A4595) | KAT | SW/FW Integrity | Recommend 60 Days | Reboot | ||||
| AES-CBC encrypt KAT (A4595) | AES-CBC encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-CBC decrypt KAT (A4595) | AES-CBC decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated encrypt KAT (A4595) | AES-GCM authenticated encrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| AES-GCM authenticated decrypt KAT (A4595) | AES-GCM authenticated decrypt KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | Counter DRBG Instantiate/Generate/Reseed KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigGen (FIPS186-4) KAT (A4595) | ECDSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA SigVer (FIPS186-4) KAT (A4595) | ECDSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| Entropy Source RCT Start- up Health Tests | Entropy Source RCT Start- up Health Tests | RCT | CAST | Recommend 60 Days | Reboot | ||||
| Entropy Source APT Start- up Health Tests | Entropy Source APT Start- up Health Tests | APT | CAST | Recommend 60 Days | Reboot | ||||
| Entropy Source RCT Continuous Health Tests | Entropy Source RCT Continuous Health Tests | RCT | CAST | N/A | N/A | ||||
| Entropy Source APT Continuous Health Tests | Entropy Source APT Continuous Health Tests | APT | CAST | N/A | N/A | ||||
| HMAC-SHA-1 KAT (A4595) | HMAC-SHA-1 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-224 KAT (A4595) | HMAC-SHA2-224 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-256 KAT (A4595) | HMAC-SHA2-256 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-384 KAT (A4595) | HMAC-SHA2-384 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| HMAC-SHA2-512 KAT (A4595) | HMAC-SHA2-512 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SNMP KAT (A4595) | KDF SNMP KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| KDF SSH KAT (A4595) | KDF SSH KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigGen (FIPS186-4) KAT (A4595) | RSA SigGen (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| RSA SigVer (FIPS186-4) KAT (A4595) | RSA SigVer (FIPS186-4) KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| TLS v1.2 KDF RFC7627 KAT (A4595) | TLS v1.2 KDF RFC7627 KAT (A4595) | KAT | CAST | Recommend 60 Days | Reboot | ||||
| ECDSA KeyGen (FIPS186- 4) PCT (A4595) | ECDSA KeyGen (FIPS186- 4) PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-ECC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | KAS-FFC-SSC Sp800- 56Ar3 PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot | ||||
| RSA KeyGen (FIPS186-4) PCT (A4595) | RSA KeyGen (FIPS186-4) PCT (A4595) | PCT | PCT | Recommend 60 Days | Reboot |
s d Table 21: Conditional Self-Tests s
Table 22: Pre-Operational Periodic Information © 2021-2026 Cisco Systems, Inc.
N/A N/A N/A Table 23: Conditional Periodic Information © 2021-2026 Cisco Systems, Inc. N/A
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error State | If self-test tests fail, the module is put into an error state. | Self-test failure | System halt | Reboot the module |
| Choose | SSH | or | HTTPS |
|---|
| ( | Firepower Management Center Configuration Guide provides more detailed |
|---|---|
| information). |
The module performs on-demand self-tests initiated by the operator, by powering off and powering the module back on. The full suite of self-tests is then executed. The same procedure may be employed by the operator to perform periodic self-tests.
Table 24: Error States If any of the above-mentioned self-tests fail, the module reports the error and enters the Error state. In the Error State, no cryptographic services are provided, and data output is prohibited. The only method to recover from the error state is to reboot the module and perform the selftests, including the pre-operational integrity test and the conditional CASTs. The module will only enter into the operational state after successfully passing the pre-operational integrity test and the conditional CASTs.
The module meets all the Level 1 requirements for FIPS 140-3. The Crypto Officer must configure and enforce the following initialization steps: Step 1: Log in with the default username admin and the password Admin123. Step 2: The first time you log in to the Module, you are prompted to accept the End User License Agreement (EULA) and to change the admin password. You will be prompted with the CLI setup wizard. Answer the prompts to configure the network settings. Step 3: Use a web browser to navigate to the Modules Firewall Management Center IP address you configured in Step 2. Step 4: Navigate to System > Configuration > Access List (Choose SSH or HTTPS or a combination of these options to specify which ports you want to enable for these IP addresses). Step 5: Navigate to System > Licenses > Smart Licenses, add and verify licenses Install AES SMART license to use AES (for data traffic and SSH). Step 6: Navigate to System > Configuration > UCAPL/CC Compliance, choose “CC” from the drop down; Click on save. © 2021-2026 Cisco Systems, Inc.
Step 8: Check the Module’s name, version and approved service status by using the following commands/ procedure: Output the modules name/version: > show version Output the modules approved mode of operation status by navigating to System > Configuration > UCAPL/CC Compliance, and confirming the “CC” option is selected.
No specific Administrator guidance.
No specific Non-Administrator guidance.
N/A for this module. © 2021-2026 Cisco Systems, Inc.