Module Name
Prisma SD-WAN Controller's Cryptographic Module
Caveat
When operated in FIPS mode. When operated per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks Controller allows operators the ability to manage ION devices to administer security policy rules and provides various application and network analytics.
Tested Configuration(s)
- JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz with PAA
- JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz without PAA (single-user mode)
Approved Algorithms
| AES |
Certs. #A2476 and #A2496 |
| CKG |
vendor affirmed |
| CVL |
Certs. #A2476 and #A2496 |
| DRBG |
Certs. #A2476 and #A2496 |
| ECDSA |
Certs. #A2476 and #A2496 |
| HMAC |
Certs. #A2476 and #A2496 |
| KAS |
KAS-SSC Certs. #A2476 and #A2496, CVL Certs. #A2476 and #A2496 |
| KAS-SSC |
Certs. #A2476 and #A2496 |
| KBKDF |
Cert. #A2496 |
| KTS |
AES Certs. #A2476 and #A2496 and HMAC Certs. #A2476 and #A2496; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Certs. #A2476 and #A2496 |
| SHS |
Certs. #A2476 and #A2496 |
