This page was not yet optimized for use on mobile devices.

Prisma SD-WAN Controller's Cryptographic Module

Certificate #4668

Webpage information ?

Status	active
Validation dates	05.12.2023
Sunset date	21-09-2026
Standard	FIPS 140-2
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	When operated in FIPS mode. When operated per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings
Exceptions	Physical Security: N/A Mitigation of Other Attacks: N/A
Description	The Palo Alto Networks Controller allows operators the ability to manage ION devices to administer security policy rules and provides various application and network analytics.
Tested configurations	JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz with PAA JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz without PAA (single-user mode)
Vendor	Palo Alto Networks, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Document information ?

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-, TDEA, HMAC, HMAC-SHA-256, HMAC-SHA-512, HMAC-SHA-224, HMAC-SHA-384, CMAC

Asymmetric Algorithms

ECDSA, ECC, Diffie-Hellman, DH, DSA

Hash functions

SHA-1, SHA-224, SHA-256, SHA-384, SHA-512

Schemes

Key Exchange

Protocols

TLS, TLS 1.2, VPN

Randomness

DRBG

Elliptic Curves

P-256, P-384, P-521, P-224, K-233, sect163k1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp256k1

Block cipher modes

ECB, CBC, CTR, GCM, CCM

Trusted Execution Environments

SSC

Security level

Level 1

Standards

FIPS 140-2, FIPS 186-4, FIPS 197, FIPS 198-1, FIPS 180-4, FIPS 202, SP 800-38D, SP 800-52, SP 800-38B, SP 800-38C, SP 800-56A, SP 800-90A, PKCS1, PKCS#1, PKCS#5, PKCS#12, RFC 5288

File metadata

Title:	Microsoft Word - FIPS_Security_Policy_PAN_Prisma_11_20_2023.docx
Author:	Admin
Creation date:	D:20231120213053-08'00'
Modification date:	D:20231120213053-08'00'
Pages:	13
Creator:	PScript5.dll Version 5.2.2
Producer:	GPL Ghostscript 8.64

References

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

08.01.2024 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2023_020124_0656.pdf.
02.01.2024 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4668,
  "dgst": "28aba8137d93763f",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KAS#A2476",
        "RSA#A2476",
        "HMAC#A2476",
        "KTS#A2496",
        "KBKDF#A2496",
        "KAS-SSC#A2496",
        "DRBG#A2496",
        "CVL#A2476",
        "KTS#A2476",
        "KAS#A2496",
        "ECDSA#A2476",
        "CVL#A2496",
        "DRBG#A2476",
        "RSA#A2496",
        "AES#A2476",
        "AES#A2496",
        "ECDSA#A2496",
        "HMAC#A2496",
        "KAS-SSC#A2476",
        "SHS#A2496",
        "SHS#A2476"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 6
          },
          "ECDSA": {
            "ECDSA": 13
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "Diffie-Hellman": 2
          },
          "DSA": {
            "DSA": 1
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "TLS": {
          "TLS": {
            "TLS": 39,
            "TLS 1.2": 1
          }
        },
        "VPN": {
          "VPN": 4
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "K-233": 1,
          "P-224": 10,
          "P-256": 6,
          "P-384": 14,
          "P-521": 6,
          "secp160k1": 1,
          "secp160r1": 1,
          "secp160r2": 1,
          "secp192k1": 1,
          "secp192r1": 1,
          "secp224k1": 1,
          "secp256k1": 1,
          "sect163k1": 1,
          "sect163r2": 1,
          "sect193r1": 1,
          "sect193r2": 1,
          "sect233k1": 1,
          "sect233r1": 1,
          "sect239k1": 1,
          "sect283k1": 1,
          "sect283r1": 1,
          "sect409k1": 1,
          "sect409r1": 1,
          "sect571k1": 1,
          "sect571r1": 1
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "HMAC-SHA-1": 6,
          "HMAC-SHA-224": 2,
          "HMAC-SHA-256": 4,
          "HMAC-SHA-384": 4,
          "HMAC-SHA-512": 2,
          "PKCS#1": 2,
          "PKCS#12": 2,
          "PKCS#5": 2,
          "PKCS1": 8,
          "SHA- 224": 1,
          "SHA- 384": 2,
          "SHA- 512": 1,
          "SHA-1": 4,
          "SHA-224": 5,
          "SHA-256": 11,
          "SHA-384": 7,
          "SHA-512": 7
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 1
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 4
          },
          "SHA2": {
            "SHA-224": 5,
            "SHA-256": 11,
            "SHA-384": 7,
            "SHA-512": 7
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 17
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 3,
          "FIPS 180-4": 3,
          "FIPS 186-4": 4,
          "FIPS 197": 3,
          "FIPS 198-1": 3,
          "FIPS 202": 1
        },
        "NIST": {
          "SP 800-38B": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 3,
          "SP 800-52": 2,
          "SP 800-56A": 1,
          "SP 800-90A": 1
        },
        "PKCS": {
          "PKCS#1": 1,
          "PKCS#12": 1,
          "PKCS#5": 1,
          "PKCS1": 4
        },
        "RFC": {
          "RFC 5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 5,
            "AES-": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 1,
            "HMAC": 7,
            "HMAC-SHA-224": 2,
            "HMAC-SHA-256": 2,
            "HMAC-SHA-384": 2,
            "HMAC-SHA-512": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 2
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Admin",
      "/CreationDate": "D:20231120213053-08\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20231120213053-08\u002700\u0027",
      "/Producer": "GPL Ghostscript 8.64",
      "/Title": "Microsoft Word - FIPS_Security_Policy_PAN_Prisma_11_20_2023.docx",
      "pdf_file_size_bytes": 160961,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 13
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "8c2912cbd37525909e42bc8988da611c34cf7701c1c7885dbfb81725ec3943c2",
    "policy_txt_hash": "ae9c3c866c9e751348b48235bce027d623ed3359644367c3fc563b7291f7596f"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. When operated per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2023_020124_0656.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Palo Alto Networks Controller allows operators the ability to manage ION devices to administer security policy rules and provides various application and network analytics.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Prisma SD-WAN Controller\u0027s Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "1.0",
    "tested_conf": [
      "JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz with PAA",
      "JDK 11.0.10 on Ubuntu 14.04 running on Dell Power Edge R740 with Intel(R) Xeon(R) Platinum 8260 CPU @ 2.40GHz without PAA (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-12-05",
        "lab": "ADVANCED DATA SECURITY LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Palo Alto Networks, Inc.",
    "vendor_url": "http://www.paloaltonetworks.com"
  }
}