Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4711

Details

Module Name
Firepower Threat Defense Virtual Cryptographic Module
Standard
FIPS 140-3
Status
Active
Sunset Date
6/16/2026
Overall Level
1
Caveat
Interim Validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Security Level Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Cisco Firepower Threat Defense (FTD) solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. All running in a virtual environment.
Tested Configuration(s)
  • Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) With PAA
  • Linux 4 (FX-OS) on NFVIS 4.4 running on ENCS 5412 Server with Intel Xeon Processor D-1557 (Broadwell) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 6.7 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) with PAA
  • Linux 4 (FX-OS) on VMware ESXi 7.0 running on UCS C220 M5 SFF Server with Intel Xeon Gold 6128 (Skylake) without PAA
Approved Algorithms
AES-CBC
AES-CBC
AES-GCM
AES-GCM
Counter DRBG
Counter DRBG
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-FFC-SSC Sp800-56Ar3
KAS-FFC-SSC Sp800-56Ar3
KDF IKEv2
KDF IKEv2
KDF SSH
KDF SSH
RSA KeyGen (FIPS186-4)
RSA KeyGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
Safe Primes Key Generation
Safe Primes Key Generation
SHA-1
SHA-1
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-512
SHA2-512
TLS v1.2 KDF RFC7627
TLS v1.2 KDF RFC7627
Software Versions
7.0.5

Vendor

Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Patricia Karpus
pkarpus@cisco.com
Phone: 984-216-2022

Validation History

Date Type Lab
6/17/2024 Initial GOSSAMER SECURITY SOLUTIONS INC