Module Name
Cisco FTD FX-OS on 4K/9K Cryptographic Module
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. When installed with the tamper evident seals and opacity shields, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module Cisco Firepower Threat Defense on 4K/9K Cryptographic Module validated to FIPS 140-2 under Cert. #3821 operating in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
This Cisco Firepower eXtensible Operating System (FX-OS) is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, built for scalability, consistent control, and simplified management. The FX-OS provides provides high performance, flexible input/output configurations, and scalability. A graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features. A command-based interface for configuring features, monitoring chassis status, and accessing advanced troublesho
Approved Algorithms
| AES |
Certs. #2034, #2035, #4905, #C784 and #C1026 |
| CVL |
Certs. #1521 and #C784 |
| DRBG |
Certs. #197, #1735, #C784 and #C1026 |
| ECDSA |
Certs. #1254 and #C784 |
| HMAC |
Certs. #1233, #3272, #C784 and #C1026 |
| RSA |
Certs. #2678 and #C784 |
| SHS |
Certs. #1780, #4012, #C784 and #C1026 |
| Triple-DES |
Certs. #1311, #2559, #C784 and #C1026 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #C784, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C784, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Certs. #1521 and #C784, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1521 and #C784, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
FPR4110[1], FPR4115[1], FPR4120[1], FPR4125[1], FPR4140[1], FPR4145[1], FPR4150[1], FPR9K-SM-24[2], FPR9K-SM-36[2], FPR9K-SM-40[2], FPR9K-SM-44[2], FPR9K-SM-48[2] and FPR9K-SM-56[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]
