Cryptographic Module Validation Program CMVP

Certificate #3306

Details

Module Name
Cisco FTD FX-OS on 4K/9K Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
10/18/2023
Validation Dates
10/19/2018
Overall Level
2
Caveat
When operated in FIPS mode. When installed with the tamper evident seals and opacity shields, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module Cisco Firepower Threat Defense on 4K/9K Cryptographic Module validated to FIPS 140-2 under Cert. #3287 operating in FIPS mode
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
This Cisco Firepower eXtensible Operating System (FX-OS) is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, built for scalability, consistent control, and simplified management. The FX-OS provides provides high performance, flexible input/output configurations, and scalability. A graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features. A command-based interface for configuring features, monitoring chassis status, and accessing advanced troublesho
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #2034, #2035, #4307 and #4905
CKG vendor affirmed
CVL Certs. #1023 and #1521
DRBG Certs. #197, #1368 and #1735
ECDSA Cert. #1254
HMAC Certs. #1233, #2843 and #3272
RSA Certs. #2328 and #2678
SHS Certs. #1780, #3546 and #4012
Triple-DES Certs. #1311, #2328 and #2559
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1023 and #1521, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1023 and #1521, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
FPR4110-ASA-K9[1], FPR4120-ASA-K9[1], FRP4140-ASA-K9[1], FRP4150-ASA-K9[1], FPR9K-SM24 (SM-24)[2], FPR9K-SM36 (SM-36)[2] and FPR9K-SM44 (SM-44)[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]
Firmware Versions
2.2

Vendor

Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team
certteam@cisco.com

Lab

GOSSAMER SECURITY SOLUTIONS INC
NVLAP Code: 200997-0