U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Certificate #3133

Details

Module Name
PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series and PA-7000 Series Firewalls
Standard
FIPS 140-2
Status
Active
Sunset Date
2/20/2023
Validation Dates
02/21/2018;05/18/2018;10/31/2018;02/21/2020
Overall Level
2
Caveat
When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The Palo Alto Networks PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5200 Series, and PA-7000 Series Firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Cert. #4532
CKG vendor affirmed
CVL Certs. #1211, #1212 and #1213
DRBG Cert. #1489
DSA Cert. #1207
ECDSA Cert. #1103
HMAC Cert. #2990
KAS SP 800-56Arev2 with CVL Certs. #1211 and #1212, vendor affirmed
KTS AES Cert. #4532; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Cert. #4532 and HMAC Cert. #2990; key establishment methodology provides 128 or 256 bits of encryption strength
RSA Cert. #2467
SHS Cert. #3713
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1211, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
PA-200 P/N 910-000015 Rev. E with [1], PA-220 P/N 910-000128 Rev. A with [1], PA-500 P/N 910-000006 Rev. O with [2], PA-500-2GB P/N 910-000094 Rev. O with [2], PA-820 P/N 910-000120 Rev. A with [3], PA-850 P/N 910-000119 Rev. A with [3], PA-3020 P/N 910-000017 Rev. J with [4], PA-3050 P/N 910-000016 Rev. J with [4], PA-3060 P/N 910-000104 Rev. C with [5], PA-5020 P/N 910-000010 Rev. F with [6], PA-5050 P/N 910-000009 Rev. F with [6], PA-5060 P/N 910-000008 Rev. F with [6], PA-5220 P/N 910-000132 Rev. A with [7], PA-5250 P/N 910-000131 Rev. A with [7], PA-5260 P/N 910-000125 Rev. A with [7], PA-7050 P/N 910-000102 Rev. B with [8] and at least one from [10] and PA-7080 P/N 910-000122 Rev. A with [9] and at least one from [10]; FIPS Kit: P/Ns 920-000084 Rev. A [1], 920-000005 Rev. A [2], 920-000185 Rev. A [3], 920-000081 Rev. A [4], 920-000138 Rev. A [5], 920-000037 Rev. A [6], 920-000186 Rev. A [7], 920-000112 Rev. A [8] and 920-000119 Rev. A [9]; Network Processing Cards [10]: P/Ns 910-000028-00B, 910-000117-00A, 910-000137-00A and 910-000136-00A
Firmware Versions
8.0.3, 8.0.6, 8.0.9, 8.0.12 or 8.0.13

Vendor

Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
USA

Jake Bajic
certifications@paloaltonetworks.com
Phone: 408-753-4000

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0