Certificate 2176 - ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
intCertNum 2176
strVendorName Cisco Systems, Inc.
strURL http://www.cisco.com
strAddress1 170 W. Tasman Drive
strAddress2
strAddress3
strCity San Jose
strStateProv CA
strPostalCode 95134
strCountry 95134
strContact Global Certification Team
strEmail certteam@cisco.com
strPhone
strFax
strContact2
strEmail2
strFax2
strPhone2
intCertNum 2176
strModuleName ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
strPartNumber Hardware Versions: 5580-20 [2], 5580-40 [2], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [3], 5585-X SSP-20 [3], 5585-X SSP-40 [3], 5585-X SSP-60 [3] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [2], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [3];
Firmware Version: 9.1.7.7
memModuleNotes When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL
strModuleType Hardware
strValidationDate 06/18/2014;08/29/2014;01/12/2016;03/02/2016;06/29/2016;08/15/2016
intOverallLevel 2
memIndividualLevelNotes -Roles, Services, and Authentication: Level 3;-Mitigation of Other Attacks: N/A
strFIPSAlgorithms AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483);
DRBG (Certs. #332, #336, #339 and #341);
ECDSA (Certs. #411 and #412);
HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525);
RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272);
SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101);
Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521)
strOtherAlgorithms DES;
Diffie-Hellman (key agreement: key establishment methodology provides 112 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
HMAC-MD5;
MD5;
NDRNG;
RC4;
RNG;
RSA (key wrapping;
key establishment methodology provides 112 bits of encryption strength;
non-compliant less than 112 bits of encryption strength)
strConfiguration Multi-chip standalone
memModuleDescription The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes.
intModuleCount 1
memAdditionalNotes 08/29/14: Updated FW to 9.1.5
There are two changes made: 1) The vendor made a series of non-FIPS relevant bug fixes to the firmware in order to patch various issues reported by vendors; 2) Due to the RNG transition requirement, the vendor dropped off some modules (ASA 5505, ASA 5510, ASA 5520, ASA 5540 and ASA 5550) that only used the legacy RNG, and moved the RNG to non-FIPS mode for the other modules that used an approved DRBG for all security material (ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60).
There are two changes made: 1) The vendor made a series of non-FIPS relevant bug fixes to the firmware in order to patch various issues reported by vendors; 2) Due to the RNG transition requirement, the vendor dropped off some modules (ASA 5505, ASA 5510, ASA 5520, ASA 5540 and ASA 5550) that only used the legacy RNG, and moved the RNG to non-FIPS mode for the other modules that used an approved DRBG for all security material (ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60).
strFirstValidtionDate 06/18/14 00:00:00
strLabName Leidos
strValidationYear 2014