Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #4760

Details

Module Name
PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
Standard
FIPS 140-3
Status
Active
Sunset Date
8/13/2029
Overall Level
2
Caveat
Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy
Security Level Exceptions
  • Roles, services, and authentication: Level 3
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Life-cycle assurance: Level 3
  • Mitigation of other attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
Palo Alto Networks offers a full line of next-generation security appliances that range from the PA-220, designed for enterprise remote offices, to the PA-7080, which is a modular chassis designed for high-speed datacenters. The platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES-CBC
A2906
AES-CCM
A2906
AES-CFB128
A2906
AES-CTR
A2906
AES-GCM
A2906
Conditioning Component AES-CBC-MAC SP800-90B
A2138
Conditioning Component AES-CBC-MAC SP800-90B
A2153
Conditioning Component AES-CBC-MAC SP800-90B
A2165
Conditioning Component AES-CBC-MAC SP800-90B
A2541
Counter DRBG
A2906
ECDSA KeyGen (FIPS186-4)
A2906
ECDSA KeyVer (FIPS186-4)
A2906
ECDSA SigGen (FIPS186-4)
A2906
ECDSA SigVer (FIPS186-4)
A2906
HMAC-SHA-1
A2906
HMAC-SHA2-224
A2906
HMAC-SHA2-256
A2906
HMAC-SHA2-384
A2906
HMAC-SHA2-512
A2906
KAS-ECC-SSC Sp800-56Ar3
A2906
KAS-FFC-SSC Sp800-56Ar3
A2906
KDF IKEv2
A2906
KDF SNMP
A2906
KDF SSH
A2906
KDF TLS
A2906
RSA KeyGen (FIPS186-4)
A2906
RSA SigGen (FIPS186-4)
A2906
RSA SigVer (FIPS186-4)
A2906
Safe Primes Key Generation
A2906
Safe Primes Key Verification
A2906
SHA-1
A2906
SHA2-224
A2906
SHA2-256
A2906
SHA2-384
A2906
SHA2-512
A2906
Entropy
ENT (P)
Hardware Versions
910-000102 with Physical Kit 920-000112 [1], 910-000122 with Physical Kit 920-000119 [1], 910-000128 with Physical Kit 920-000084 [1], 910-000147 with Physical Kit 920-000226 [1], 910-000223 with Physical Kit 920-000309 [1], [910-000119 and 910-000120] with Physical Kit 920-000185 [1], [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186 [1], [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212 [1], [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454 [1], [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333 [1], and [910-000252, 910-000253, and 910-000254] with Physical Kit 920-000320 [2]
Firmware Versions
10.2.8-h4 [1] and 10.2.17 [2]

Vendor

Palo Alto Networks, Inc.
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
[email protected]
Phone: 408-753-4000
 Amir Shahhosseini
[email protected]
Phone: 408-753-4000

Related Files

Security Policy
Consolidated Certificate

Validation History

Date Type Lab
8/14/2024 Initial Leidos Accredited Testing & Evaluation (AT&E) Lab
9/2/2025 Update Leidos Accredited Testing & Evaluation (AT&E) Lab