Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #4741

Details

Module Name
Palo Alto Networks Core Crypto Module
Standard
FIPS 140-3
Status
Active
Sunset Date
7/25/2026
Overall Level
1
Caveat
Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
Security Level Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks Core Crypto Module is a software cryptographic module that can run on various environments.
Tested Configuration(s)
  • Panorama 10.2 running on a M-200 with an Intel Xeon E5-2620 V4 [1]
  • Panorama 10.2 running on a M-300 with an Intel Xeon 4310 [1]
  • Panorama 10.2 running on a M-600 with an Intel Xeon E5-2680 V4 [1]
  • Panorama 10.2 running on a M-700 with an Intel Xeon 4316 [1]
  • Panorama 10.2 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 10.2 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 10.2 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.0 running on a M-200 with an Intel Xeon E5-2620 V4 [1]
  • Panorama 11.0 running on a M-300 with an Intel Xeon 4310 [1]
  • Panorama 11.0 running on a M-600 with an Intel Xeon E5-2680 V4 [1]
  • Panorama 11.0 running on a M-700 with an Intel Xeon 4316 [1]
  • Panorama 11.0 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.0 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.0 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.1 running on a M-200 with an Intel Xeon E5-2620 V4 [1]
  • Panorama 11.1 running on a M-300 with an Intel Xeon 4310 [1]
  • Panorama 11.1 running on a M-600 with an Intel Xeon E5-2680 V4 [1]
  • Panorama 11.1 running on a M-700 with an Intel Xeon 4316 [1]
  • Panorama 11.1 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.1 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.1 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.2 running on a M-200 with an Intel Xeon E5-2620 V4 [1]
  • Panorama 11.2 running on a M-300 with an Intel Xeon 4310 [1]
  • Panorama 11.2 running on a M-600 with an Intel Xeon E5-2680 V4 [1]
  • Panorama 11.2 running on a M-700 with an Intel Xeon 4316 [1]
  • Panorama 11.2 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.2 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • Panorama 11.2 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 10.2 running on a PA-220 with an Marvell CN7130 [1]
  • PAN-OS 10.2 running on a PA-220R with an Marvell CN7130 [1]
  • PAN-OS 10.2 running on a PA-3220 with an Intel Pentium D1517 / CN7350 [1]
  • PAN-OS 10.2 running on a PA-3250 with an Intel Pentium D1517 / CN7350 [1]
  • PAN-OS 10.2 running on a PA-3260 with an Intel Pentium D1517 / CN7360 [1]
  • PAN-OS 10.2 running on a PA-3410 with an Intel Atom P5332 [1]
  • PAN-OS 10.2 running on a PA-3420 with an Intel Atom P5342 [1]
  • PAN-OS 10.2 running on a PA-3430 with an Intel Atom P5352 [1]
  • PAN-OS 10.2 running on a PA-3440 with an Intel Atom P5362 [1]
  • PAN-OS 10.2 running on a PA-410 with an Intel Denverton C3436L [1]
  • PAN-OS 10.2 running on a PA-440 with an Intel Denverton C3558R [1]
  • PAN-OS 10.2 running on a PA-450 with an Intel Denverton C3758R [1]
  • PAN-OS 10.2 running on a PA-460 with an Intel Denverton C3758R [1]
  • PAN-OS 10.2 running on a PA-5220 with an Intel Xeon D-1548 / CN7885 [1]
  • PAN-OS 10.2 running on a PA-5250 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 10.2 running on a PA-5260 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 10.2 running on a PA-5280 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 10.2 running on a PA-5410 with an AMD EPYC 7352 [2]
  • PAN-OS 10.2 running on a PA-5420 with an AMD EPYC 7452 [2]
  • PAN-OS 10.2 running on a PA-5430 with an AMD EPYC 7642 [2]
  • PAN-OS 10.2 running on a PA-5450 with an Intel Xeon D-2187NT [1]
  • PAN-OS 10.2 running on a PA-7050 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 10.2 running on a PA-7080 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 10.2 running on a PA-820 with an Marvell CN7240 [1]
  • PAN-OS 10.2 running on a PA-850 with an Marvell CN7240 [1]
  • PAN-OS 10.2 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 10.2 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 10.2 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.0 running on a PA-1410 with an Intel Atom C5325 [1]
  • PAN-OS 11.0 running on a PA-1420 with an Intel Atom C5325C1 [1]
  • PAN-OS 11.0 running on a PA-3220 with an Intel Pentium D1517 / CN7350 [1]
  • PAN-OS 11.0 running on a PA-3250 with an Intel Pentium D1517 / CN7350 [1]
  • PAN-OS 11.0 running on a PA-3260 with an Intel Pentium D1517 / CN7360 [1]
  • PAN-OS 11.0 running on a PA-3410 with an Intel Atom P5332 [1]
  • PAN-OS 11.0 running on a PA-3420 with an Intel Atom P5342 [1]
  • PAN-OS 11.0 running on a PA-3430 with an Intel Atom P5352 [1]
  • PAN-OS 11.0 running on a PA-3440 with an Intel Atom P5362 [1]
  • PAN-OS 11.0 running on a PA-410 with an Intel Denverton C3436L [1]
  • PAN-OS 11.0 running on a PA-415 with an Intel Denverton C3436L [1]
  • PAN-OS 11.0 running on a PA-440 with an Intel Denverton C3558R [1]
  • PAN-OS 11.0 running on a PA-445 with an Intel Denverton C3558R [1]
  • PAN-OS 11.0 running on a PA-450 with an Intel Denverton C3758R [1]
  • PAN-OS 11.0 running on a PA-460 with an Intel Denverton C3758R [1]
  • PAN-OS 11.0 running on a PA-5220 with an Intel Xeon D-1548 / CN7885 [1]
  • PAN-OS 11.0 running on a PA-5250 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.0 running on a PA-5260 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.0 running on a PA-5280 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.0 running on a PA-5410 with an AMD EPYC 7352 [2]
  • PAN-OS 11.0 running on a PA-5420 with an AMD EPYC 7452 [2]
  • PAN-OS 11.0 running on a PA-5430 with an AMD EPYC 7642 [2]
  • PAN-OS 11.0 running on a PA-5440 with an AMD EPYC 7742 [2]
  • PAN-OS 11.0 running on a PA-5450 with an Intel Xeon D-2187NT [1]
  • PAN-OS 11.0 running on a PA-7050 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.0 running on a PA-7080 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.0 running on a PA-820 with an Marvell CN7240 [1]
  • PAN-OS 11.0 running on a PA-850 with an Marvell CN7240 [1]
  • PAN-OS 11.0 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.0 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.0 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.1 running on a PA-1410 with an Intel Atom C5325 [1]
  • PAN-OS 11.1 running on a PA-3250 with an Intel Pentium D1517 / CN7350 [1]
  • PAN-OS 11.1 running on a PA-3410 with an Intel Atom P5332 [1]
  • PAN-OS 11.1 running on a PA-460 with an Intel Denverton C3758R [1]
  • PAN-OS 11.1 running on a PA-5250 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.1 running on a PA-5410 with an AMD EPYC 7352 [2]
  • PAN-OS 11.1 running on a PA-5440 with an AMD EPYC 7742 [2]
  • PAN-OS 11.1 running on a PA-5450 with an Intel Xeon D-2187NT [1]
  • PAN-OS 11.1 running on a PA-7080 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.1 running on a PA-7500 with an Intel Atom P5752 / Intel Xeon D-2798NX / Intel Denverton C3758R [1]
  • PAN-OS 11.1 running on a PA-850 with a Marvell CN7240 [1]
  • PAN-OS 11.1 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.1 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.1 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.2 running on a PA-1410 with an Intel Atom C5325 [1]
  • PAN-OS 11.2 running on a PA-3410 with an Intel Atom P5332 [1]
  • PAN-OS 11.2 running on a PA-460 with an Intel Denverton C3758R [1]
  • PAN-OS 11.2 running on a PA-5250 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.2 running on a PA-5410 with an AMD EPYC 7352 [2]
  • PAN-OS 11.2 running on a PA-5440 with an AMD EPYC 7742 [2]
  • PAN-OS 11.2 running on a PA-5450 with an Intel Xeon D-2187NT [1]
  • PAN-OS 11.2 running on a PA-7080 with an Intel Xeon D-1567 / CN7890 [1]
  • PAN-OS 11.2 with KVM on Ubuntu 20.04 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.2 with Microsoft Hyper-V Server 2019 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • PAN-OS 11.2 with VMware ESXi v7.0 running on a Dell PowerEdge R740 with an Intel Gold 6248 [1]
  • WildFire 10.2 running on a WF-500 with an Intel Xeon E5-2620 [1]
  • WildFire 10.2 running on a WF-500-B with an Intel Xeon 4316 [1]
  • WildFire 11.0 running on a WF-500 with an Intel Xeon E5-2620 [1]
  • WildFire 11.0 running on a WF-500-B with an Intel Xeon 4316 [1]
  • WildFire 11.1 running on a WF-500 with an Intel Xeon E5-2620 [1]
  • WildFire 11.1 running on a WF-500-B with an Intel Xeon 4316 [1]
  • WildFire 11.2 running on a WF-500 with an Intel Xeon E5-2620 [1]
  • WildFire 11.2 running on a WF-500-B with an Intel Xeon 4316 [1]
Approved Algorithms
AES-CBC
A4206
AES-CBC
A4207
AES-GCM
A4206
AES-GCM
A4207
Conditioning Component AES-CBC-MAC SP800-90B
A1791
Conditioning Component AES-CBC-MAC SP800-90B
A2138
Conditioning Component AES-CBC-MAC SP800-90B
A2153
Conditioning Component AES-CBC-MAC SP800-90B
A2165
Conditioning Component AES-CBC-MAC SP800-90B
A2518
Conditioning Component AES-CBC-MAC SP800-90B
A2541
Counter DRBG
A4206
Counter DRBG
A4207
ECDSA KeyGen (FIPS186-4)
A4206
ECDSA KeyGen (FIPS186-4)
A4207
ECDSA KeyVer (FIPS186-4)
A4206
ECDSA KeyVer (FIPS186-4)
A4207
ECDSA SigGen (FIPS186-4)
A4206
ECDSA SigGen (FIPS186-4)
A4207
ECDSA SigVer (FIPS186-4)
A4206
ECDSA SigVer (FIPS186-4)
A4207
HMAC-SHA-1
A4206
HMAC-SHA-1
A4207
HMAC-SHA2-224
A4206
HMAC-SHA2-224
A4207
HMAC-SHA2-256
A4206
HMAC-SHA2-256
A4207
HMAC-SHA2-384
A4206
HMAC-SHA2-384
A4207
HMAC-SHA2-512
A4206
HMAC-SHA2-512
A4207
KAS-ECC-SSC Sp800-56Ar3
A4206
KAS-ECC-SSC Sp800-56Ar3
A4207
KAS-FFC-SSC Sp800-56Ar3
A4206
KAS-FFC-SSC Sp800-56Ar3
A4207
RSA KeyGen (FIPS186-4)
A4206
RSA SigGen (FIPS186-4)
A4206
RSA SigGen (FIPS186-4)
A4207
RSA SigVer (FIPS186-4)
A4206
RSA SigVer (FIPS186-4)
A4207
Safe Primes Key Generation
A4206
Safe Primes Key Generation
A4207
Safe Primes Key Verification
A4206
Safe Primes Key Verification
A4207
SHA-1
A4206
SHA-1
A4207
SHA2-224
A4206
SHA2-224
A4207
SHA2-256
A4206
SHA2-256
A4207
SHA2-384
A4206
SHA2-384
A4207
SHA2-512
A4206
SHA2-512
A4207
TLS v1.2 KDF RFC7627
A4206
TLS v1.2 KDF RFC7627
A4207
Software Versions
1.0 [1] and 1.1 [2]

Vendor

Palo Alto Networks, Inc.
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
[email protected]
Phone: 408-753-4000
 Amir Shahhosseini
[email protected]
Phone: 408-753-4000

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
7/26/2024 Initial Leidos Accredited Testing & Evaluation (AT&E) Lab
9/15/2025 Update Leidos Accredited Testing & Evaluation (AT&E) Lab
1/7/2026 Update Leidos Accredited Testing & Evaluation (AT&E) Lab