Cryptographic Module Validation Program CMVP

Certificate #2616


Module Name
PA-3060 and PA-7080 Firewalls
FIPS 140-2
Sunset Date
Validation Dates
Overall Level
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Multi-Chip Stand Alone
The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #3475
CVL Certs. #564, #565, #566 and #567
DRBG Cert. #870
ECDSA Cert. #713
HMAC Cert. #2220
KTS AES Cert. #3475; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #3475 and HMAC Cert. #2220; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #1782
SHS Cert. #2870
Other Algorithms
EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength)
Hardware Versions
PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B or 910-000117-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A
Firmware Versions
7.0.1-h4, 7.0.3 or 7.0.8


Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054

Jake Bajic
Phone: 408-753-4000


InfoGard Laboratories, Inc.
NVLAP Code: 100432-0