Which Panorama platforms are FIPS compliant?
15336
Created On 02/16/19 01:38 AM - Last Modified 03/25/19 20:05 PM
Question
FIPS (Federal Information Processing Standard) 140-2 certification ensures that cryptographic modules meet the security requirements determined by NIST
(National Institute of Standards and Technology) for use by US government, Canadian government, and other regulated industries.
Many customers require a FIPS certified central management platform. This is a baseline requirement for any federal deployment.
Environment
- Panorama
- FIPS
Answer
Starting in 9.0, M-200 and M-600 platforms are FIPS 140-2 compliant. The M-100 and M-500 platforms are already FIPS certified in previous releases
FIPS and PAN-OS Compatibility Chart
| Panorama Model | Minimum PAN-OS Release for FIPS 140-2 |
| *Panorama-VM | 8.1 |
| M-100 | 6.1 |
| M-200 | 9.0 |
| M-500 | 7.1 |
| M-600 | 9.0 |
*Panorama-VM FIPS support on Amazon AWS, Microsoft Azure, KVM, and Hyper-V
Note: Downgrades to PAN-OS on an earlier version while in FIPS-CC mode is not supported. FIPS support is only added in specified versions.
For example, an admin attempts to downgrade to 8.1 or older while in FIPS-CC mode on M-200 or M-600.
An error message will be prompted before downgrading, "Note: Downgrade to version 8.1.4 is not possible as FIPS-CC mode is not available in this release."