Module Name
Cisco Firepower 4100 and Cisco Firepower 9300 Series
Validation Dates
01/21/2021
Caveat
When operated in FIPS mode. When installed with the tamper evident seals and opacity shields, initialized and configured as specified in Section 3 of the Security Policy. This module contains the embedded module Cisco ASA Cryptographic Module validated to FIPS 140-2 under Cert. #3789 operating in FIPS mode
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
This Cisco Firepower eXtensible Operating System (FX-OS) is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, built for scalability, consistent control, and simplified management. The FX-OS provides provides high performance, flexible input/output configurations, and scalability. A graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features. A command-based interface for configuring features, monitoring chassis status, and accessing advanced troublesho
FIPS Algorithms
| AES |
Certs. #2034, #2035, #4905, #C784 and #C1026 |
| CVL |
Certs. #1521 and #C784 |
| DRBG |
Certs. #197, #1735, #C784 and #C1026 |
| ECDSA |
Certs. #1254 and #C784 |
| HMAC |
Certs. #1233, #3272, #C784 and #C1026 |
| RSA |
Certs. #2678 and #C784 |
| SHS |
Certs. #1780, #4012, #C784 and #C1026 |
| Triple-DES |
Certs. #1311, #2559, #C784 and #C1026 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #1521 and #C784, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C784, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
FPR4110-NGFW-K9[1], FPR4115-NGFW-K9[1], FPR4120-NGFW-K9[1], FPR4125-NGFW-K9[1], FPR4140-NGFW-K9[1], FPR4145-NGFW-K9[1], FPR4150-NGFW-K9[1], FPR9K-Sup (SM-24)[2], FPR9K-Sup (SM-36)[2], FPR9K-Sup (SM-40)[2], FPR9K-Sup (SM-44)[2], FPR9K-Sup (SM-48)[2] and FPR9K-Sup (SM-56)[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
