Module Name
Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60 Adaptive Security Appliances
Validation Dates
07/13/2018
Caveat
When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes.
FIPS Algorithms
| AES |
Certs. #2050, #2444, #2472, #3301 and #4905 |
| CKG |
vendor affirmed |
| CVL |
Cert. #1521 |
| DRBG |
Certs. #332, #336, #819 and #1735 |
| ECDSA |
Cert. #1254 |
| HMAC |
Certs. #1247, #1514, #2095 and #3272 |
| RSA |
Cert. #2678 |
| SHS |
Certs. #1794, #2091, #2737 and #4012 |
| Triple-DES |
Certs. #1321, #1513, #1881 and #2559 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
ASA 5506-X[1][2], ASA 5506H-X[1][2], ASA 5506W-X[1][2], ASA 5508-X[1][3], ASA 5516-X[1][4], ASA 5525-X[1], ASA 5545-X[1], ASA 5555-X[1] and [ASA 5585-X SSP-10, ASA 5585-X SSP-20, ASA 5585-X SSP-40 and ASA 5585-X SSP-60][1][5] with [AIR-AP-FIPSKIT=][1], [ASA5506-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] and [ASA5585-X-FIPS-KIT][5]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
