Cryptographic Module Validation Program CMVP

Certificate #2797

Details

Module Name
PA-3060 and PA-7080 Firewalls
Standard
FIPS 140-2
Status
Active
Sunset Date
11/21/2021
Validation Dates
11/22/2016;01/19/2018;02/13/2018;02/21/2020
Overall Level
2
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #4020
CVL Certs. #848, #849, #873 and #874
DRBG Cert. #1198
ECDSA Cert. #896
HMAC Cert. #2622
KAS SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed
KTS AES Cert. #4020; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #4020 and HMAC Cert. #2622; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #2064
SHS Cert. #3316
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B, 910-000117-00A, 910-000136-00A, or 910-000137-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A
Firmware Versions
7.1.3

Vendor

Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000

Lab

InfoGard Laboratories, Inc.
NVLAP Code: 100432-0