Module Name
Cisco Firepower Cryptographic Module
Validation Dates
08/14/2018
Caveat
When operated in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 2
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The module is designed to help you handle network traffic in a way that complies with your organization's security policy for protecting your network. The system can affect the flow of traffic using access control, which allows you to specify, in a granular fashion, how to handle the traffic entering, exiting, and traversing your network. All the information gathered from it can be used to filter and control that traffic.
Tested Configuration(s)
- [Cisco ASA 5506-X, Cisco ASA 5506H-X, Cisco ASA 5506W-X, Cisco ASA 5508-X, Cisco ASA 5516-X, Cisco ASA 5525-X, Cisco ASA 5545-X, Cisco ASA 5555-X] with Fire Linux OS 6.2
FIPS Algorithms
AES |
Cert. #4266 |
CKG |
vendor affirmed |
CVL |
Cert. #1008 |
DRBG |
Cert. #1337 |
HMAC |
Cert. #2811 |
RSA |
Cert. #2297 |
SHS |
Cert. #3512 |
Triple-DES |
Cert. #2307 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1008, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1008, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)