Cryptographic Module Validation Program CMVP

Certificate #2620

Details

Module Name
Palo Alto Networks VM-Series
Standard
FIPS 140-2
Status
Active
Sunset Date
9/7/2021
Validation Dates
04/21/2016;09/08/2016;01/11/2018;02/13/2018;02/21/2020
Overall Level
1
Caveat
When operated in FIPS mode.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features.
Tested Configuration(s)
  • CentOS 6.5 - KVM running on PA-VM-KVM-7.0.1.qcow2
  • Citrix XenServer 6.1.0 running on PA-VM-SDX-7.0.1.xva (single-user mode)
  • VMware ESXi 5.5 running on PA-VM-ESX-7.0.1.ova or PA-VM-NSX-7.0.1.ova
FIPS Algorithms
AES Cert. #3501
CVL Certs. #568, #569, #570 and #571
DRBG Cert. #871
ECDSA Cert. #714
HMAC Cert. #2235
KTS AES Cert. #3501; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #3501 and HMAC Cert. #2235; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #1797
SHS Cert. #2888
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #569, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Software Versions
7.0.1-h4, 7.0.3 or 7.0.8

Vendor

Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000

Lab

InfoGard Laboratories, Inc.
NVLAP Code: 100432-0