Module Name
Cisco ASA and ISA Cryptographic Modules
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. When installed with the tamper evident seals and opacity shields, initialized and configured as specified in Section 3 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The core operating system for the Cisco ASA and ISA series appliances. From a small desktop form factor, rack mounted units, to ruggedized unit offering stateful firewall with a comprehensive range of next-generation network security services.
Approved Algorithms
AES |
Certs. #2050, #2444, #2472, #3301 and #4905 |
CVL |
Cert. #1521 |
DRBG |
Certs. #332, #336, #819 and #1735 |
ECDSA |
Cert. #1254 |
HMAC |
Certs. #1247, #1514, #2095 and #3272 |
RSA |
Cert. #2678 |
SHS |
Certs. #1794, #2091, #2737 and #4012 |
Triple-DES |
Certs. #1321, #1513, #1881 and #2559 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1521, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
ASA 5506-X[1][2], ASA 5506H-X[1][2], ASA 5506W-X[1][2], ASA 5508-X[1][3], ASA 5516-X[1][4], ASA 5525-X[1], ASA 5545-X[1], ASA 5555-X[1], ISA 3000-4C[1] and ISA 3000-2C2F[1] with [AIR-AP-FIPSKIT=][1], [ASA5506-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3] and [ASA5516-FIPS-KIT=][4]