Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4829

Details

Module Name
PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs
Standard
FIPS 140-3
Status
Active
Sunset Date
10/10/2026
Overall Level
2
Caveat
Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and physical kit installed as indicated in the Security Policy
Security Level Exceptions
  • Roles, services, and authentication: Level 3
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Life-cycle assurance: Level 3
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES-CBC
AES-CCM
AES-CFB128
AES-CTR
AES-GCM
Conditioning Component AES-CBC-MAC SP800-90B
Conditioning Component AES-CBC-MAC SP800-90B
Conditioning Component AES-CBC-MAC SP800-90B
Conditioning Component AES-CBC-MAC SP800-90B
Counter DRBG
ECDSA KeyGen (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
KAS-ECC-SSC Sp800-56Ar3
KAS-FFC-SSC Sp800-56Ar3
KDF IKEv2
KDF SNMP
KDF SSH
RSA KeyGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigVer (FIPS186-4)
Safe Primes Key Generation
Safe Primes Key Verification
SHA-1
SHA2-224
SHA2-256
SHA2-384
SHA2-512
TLS v1.2 KDF RFC7627
Hardware Versions
910-000102 with components 910-000185, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000112, 910-000122 with components 910-000186, 910-000169, 910-000183 and 910-000156 with Physical Kit 920-000119, 910-000223 with components 920-000293, 910-000195, 910-000194 and 910-000204 with Physical Kit 920-000309, [910-000119 and 910-000120] with Physical Kit 920-000185, [910-000125, 910-000131, 910-000132, and 910-000157] with Physical Kit 920-000186, [910-000162, 910-000163, and 910-000164] with Physical Kit 920-000212, [910-000212, 910-000230, 910-000231, and 910-000232] with Physical Kit 920-000454, [910-000241, 910-000242, 910-000243, and 910-000244] with Physical Kit 920-000333, [910-000252, 910-000253, 910-000254, and 910-000255] with Physical Kit 920-000320, [910-000267 and 910-000269] with Physical Kit 920-000392, and [910-000280 and 910-000281] with Physical Kit 920-000455
Firmware Versions
11.0.3-h12

Vendor

Palo Alto Networks, Inc.
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000
Amir Shahhosseini
certifications@paloaltonetworks.com
Phone: 408-753-4000

Related Files

Validation History

Date Type Lab
10/11/2024 Initial LEIDOS CSTL