Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4715

Details

Module Name
Palo Alto Networks SD-WAN ION Core Crypto Module
Standard
FIPS 140-3
Status
Active
Sunset Date
7/7/2026
Overall Level
1
Caveat
Interim Validation. When installed, initialized and configured as specified in section "Secure Operation" of the Security Policy and operated in approved mode
Security Level Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks SD-WAN ION Core Crypto Module is utilized in hardware and software ION form factors. These enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN.
Tested Configuration(s)
  • ION 6.1 running on ION 1200 with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200 with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-C-5G-WW with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-C-5G-WW with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-C-NA with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-C-NA with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-C-ROW with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-C-ROW with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-S with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-S with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-S-C-5G-WW with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-S-C-5G-WW with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-S-C-NA with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-S-C-NA with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 1200-S-C-ROW with Intel Atom C3436L with PAA
  • ION 6.1 running on ION 1200-S-C-ROW with Intel Atom C3436L without PAA
  • ION 6.1 running on ION 3200 with Intel Atom C3558R with PAA
  • ION 6.1 running on ION 3200 with Intel Atom C3558R without PAA
  • ION 6.1 running on ION 5200 with Intel Atom C5325 with PAA
  • ION 6.1 running on ION 5200 with Intel Atom C5325 without PAA
  • ION 6.1 running on ION 9200 with Intel Atom P5362 with PAA
  • ION 6.1 running on ION 9200 with Intel Atom P5362 without PAA
Approved Algorithms
AES-CBC
AES-CBC
AES-CTR
AES-ECB
AES-GCM
AES-GCM
Counter DRBG
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
HMAC DRBG
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KDF IKEv2
KDF SNMP
KDF SSH
KDF TLS
KDF TLS
RSA KeyGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
SHA-1
SHA2-224
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-512
SHA2-512
Software Versions
1.0

Vendor

Palo Alto Networks, Inc.
3000 Tannery Way
Santa Clara, CA 95054
USA

Amir Shahhosseini
certifications@paloaltonetworks.com
Phone: 408-753-4000
Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000

Validation History

Date Type Lab
7/8/2024 Initial GOSSAMER SECURITY SOLUTIONS INC