The following features are FIPS-certified on Windows 7 or later, and any exceptions are listed:

• ACS and ISE do not support Suite B, but FreeRADIUS 2.x with OpenSSL 1.x does. Microsoft NPS 2008 supports Suite B in part (the NPS certificate still has to be RSA).

• 802.1X/EAP supports the transitional Suite B profile only (as defined in RFC 5430). TLS 1.2 is not supported.

• MACsec is FIPS-compliant.

• Elliptic Curve Diffie-Hellman (ECDH) key exchange is supported.

• ECDSA client certificates are supported.

• ECDSA CA certificates in the OS store are supported.

• ECDSA CA certificates in the network profile (PEM encoded) are supported.

• Server’s ECDSA certificate chain verification is supported."

Reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/configure_nam.html?bookSearch=true#ID-1424-0000020d

The above document mention, "TLS 1.2 is not supported" in FIPS mode. 

Now looking at ISE hardening guide, it mention that ISE 2.1+ supports TLS 1.2. 

Would like to know, if anyconnect NAM is PCI /DSS supported and what version of TLS will be supported in PCI / DSS mode. Any documentation or list of Cipher suite supported by Anyconnect will be helpful. 

Appreciate your time and assistance. 

- Asif