{ "metadata": { "generated_at": "2026-04-19T03:09:17.580873Z", "total_modules": 1083, "total_historical_modules": 4150, "total_modules_in_process": 331, "total_certificates_with_algorithms": 1610, "total_certificate_details": 5233, "source": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search", "modules_in_process_source": "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list", "algorithm_source": "firecrawl", "algorithm_cache_version": "2026-04-15-legacy-v1", "version": "3.0" }, "modules": [ { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5244", "Certificate Number": "5244", "Vendor Name": "Google, LLC", "Module Name": "BoringCrypto", "Module Type": "Software", "Validation Date": "04/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5244.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5244", "module_name": "BoringCrypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/17/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6134 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6134 | Key Length - 128 | SP 800-38C", "AES-CTR | A6134 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6134 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6134 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A6134 | Direction - Decrypt, Encrypt | IV Generation - External | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6134 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A6134 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "Counter DRBG | A6134 | Prediction Resistance - No", "Mode - AES-256 | Derivation Function Enabled - No | SP 800-90A | Rev. 1", "ECDSA KeyGen | (FIPS186-5) | A6134 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing | candidates | FIPS 186-5 | Google, LLC 2026 | Version 1.0 | Public Material – May be reproduced only in its original entirely (without revision) | CAVP | Cert", "ECDSA KeyVer | (FIPS186-5) | A6134 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6134 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA2-512/256 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6134 | Curve - P-224, P-256, P-384, P-521", "HMAC-SHA-1 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6134 | Key Length - Key Length: 8-524288 | Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A6134 | Domain Parameter Generation Methods - | P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | staticUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A6134 | Domain Parameter Generation Methods - | FB, FC | Scheme - | dhEphem - | KAS Role - initiator | SP 800-56A | Rev. 3", "KDA HKDF | Sp800-56Cr1 | A6134 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret | Length: 224-65336 Increment 8 | HMAC Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA2-512/256 | SP 800-56C | Rev. 2", "RSA KeyGen | (FIPS186-5) | A6134 | Key Generation Mode - probable | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6134 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6134 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4 | Google, LLC 2026 | Version 1.0 | Public Material – May be reproduced only in its original entirely (without revision) | CAVP | Cert", "SHA2-224 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4", "SHA2-256 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4", "SHA2-384 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4", "SHA2-512 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4", "SHA2-512/256 | A6134 | Message Length - Message Length: 0- | 65528 Increment 8 | FIPS 180-4", "TLS v1.2 KDF", "RFC7627 (CVL) | A6134", "Hash Algorithm - SHA2-256, SHA2-384,", "SHA2-512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF", "(CVL) | A6134 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK- | DHE | SP 800-135 | Rev. 1 | Name Properties | Implementation Reference | CKG | Key | Type:Asymmetric | BoringCrypto | Section 4, example 1: U is directly output | without XORing V | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function | MD5, MD4 | Non-Approved Hashing | POLYVAL | Non-Approved authenticated encryption", "DES, Triple-DES (non-compliant) | Non-Approved encryption/decryption", "AES (non-compliant) | Non-Approved encryption/decryption | DH (non-compliant) | Non-Approved key agreement", "RSA PKCS #1 v1.5 key wrapping (non-compliant) Non-Approved key wrapping", "TLS 1.0/1.1 KDF (non-compliant)", "Non-Approved TLS key derivation | Google, LLC 2026 | Version 1.0 | Public Material – May be reproduced only in its original entirely (without revision)" ], "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5243", "Certificate Number": "5243", "Vendor Name": "DigiCert, Inc.", "Module Name": "DigiCert TrustCore Cryptographic Suite B Module", "Module Type": "Software", "Validation Date": "04/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5243.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5243", "module_name": "DigiCert TrustCore Cryptographic Suite B Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/14/2031", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The DigiCert TrustCore Cryptographic Module is a software library that that provides approved cryptographic functionality to serve user-space applications.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A5484 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A5484 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A5491 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5492 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5491 | Direction - Decrypt, Encrypt | IV Generation - External | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5492 | Direction - Decrypt, Encrypt | IV Generation - External | Key Length - 128, 192, 256 | SP 800-38D", "AES-OFB | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS | Testing | Revision 2.0 | A5484 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A5484 | Prediction Resistance - No, Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1 | Version 7.1.0f | DigiCert, Inc. Public Material – May be reproduced only in its original entirety (without revision). | CAVP | Cert", "ECDSA | KeyGen | (FIPS186-5) | A5484 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA | KeyVer | (FIPS186-5) | A5484 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA | SigGen | (FIPS186-5) | A5484 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-", "384, SHA2-512, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512, SHAKE-128, SHAKE-256 | Component - No | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A5484 | Curve - P-224, P-256, P-384, P-521", "384, SHA3-512, SHAKE-128, SHAKE-256 | FIPS 186-5", "EDDSA | KeyGen | A5484 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA | KeyVer | A5484 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA | SigGen | A5484 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigVer | A5484 | Curve - ED-25519, ED-448 | FIPS 186-5", "HMAC-SHA-1 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5484 | Key Length - Key Length: 112-65536 Increment 8 | FIPS 198-1", "KAS-ECC | Sp800-56Ar3 | A5484 | Domain Parameter Generation Methods - P-224, | P-256, P-384, P-521 | Function - Full Validation, Key Pair Generation | Scheme - | ephemeralUnified - | KAS Role - Initiator, Responder", "KDF Methods - | twoStepKdf - | Key Length - 256 | SP 800-56A | Rev. 3 | Version 7.1.0f | DigiCert, Inc. Public Material – May be reproduced only in its original entirety (without revision). | CAVP | Cert", "KAS-FFC | Sp800-56Ar3 | A5484 | Domain Parameter Generation Methods - FB, FC, | MODP-2048, MODP-3072, MODP-4096, MODP- | 6144, MODP-8192 | Function - Full Validation, Key Pair Generation | Scheme - | dhEphem - | KAS Role - Initiator, Responder", "KDF Methods - | twoStepKdf - | Key Length - 256 | SP 800-56A | Rev. 3", "KDF SP800- | 108 | A5484", "KDF Mode - Feedback | Supported Lengths - Supported Lengths: 8-4096 | Increment 8 | SP 800-108 | Rev. 1", "RSA KeyGen | (FIPS186-5) | A5484 | Key Generation Mode - probable, | probableWithProvableAux | Modulo - 2048, 3072, 4096, 8192 | Primality Tests - 2powSecStr", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A5484 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A5484 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Safe Primes | Key | Generation | A5484 | Safe Prime Groups - MODP-2048, MODP-3072, | MODP-4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes | Key | Verification | A5484 | Safe Prime Groups - MODP-2048, MODP-3072, | MODP-4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A5484 | Message Length - Message Length: 160, 0-65536 | Increment 8 | FIPS 180-4", "SHA2-224 | A5484 | Message Length - Message Length: 224, 0-65536 | Increment 8 | FIPS 180-4", "SHA2-256 | A5484 | Message Length - Message Length: 256, 0-65536 | Increment 8 | FIPS 180-4", "SHA2-384 | A5484 | Message Length - Message Length: 384, 0-65536 | Increment 8 | FIPS 180-4", "SHA2-512 | A5484 | Message Length - Message Length: 512, 0-65536 | Increment 8 | FIPS 180-4", "SHA3-224 | A5484 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 202", "SHA3-256 | A5484 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 202", "SHA3-384 | A5484 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 202", "SHA3-512 | A5484 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 202 | Version 7.1.0f | DigiCert, Inc. Public Material – May be reproduced only in its original entirety (without revision). | CAVP | Cert", "SHAKE-128 | A5484 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "SHAKE-256 | A5484 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202 | ApprovedAlgorithmsTable From Web Cryptik ApprovedAlgorithmsTable | The Module implements the FIPS Vendor Affirmed cryptographic algorithms listed. | Name | Implementation | CKG | Key Type:Asymmetric | N/A | SP800-133r2 Section 4 (example 1) | Non-Approved, Allowed Algorithms: | The module does not implement any Non-Approved, but Allowed Algorithms in the Approved Mode of | Operation | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | The module does not implement any Non-Approved, Algorithms Allowed with No Security Claimed in | the Approved Mode of Operation | N/A for this module. | Non-Approved, Not Allowed Algorithms: | The Module implements the Non-Approved, Not Allowed cryptographic algorithms listed. | Name | Use and Function", "AES-EAX | (NC) | Authentication and Encryption", "AES GCM | 256-bit (NC) | 256-bit Encryption/Decryption for 256-bit state table implementation", "AES GMAC | 256-bit (NC) | 256-bit Encryption/Decryption for 256-bit state table implementation", "AES XCBC | (NC) | Version 7.1.0f | DigiCert, Inc. Public Material – May be reproduced only in its original entirety (without revision). | Name | Use and Function", "DES (NC) | Encryption/Decryption | DH (NC) | Key Agreement: Key establishment methodology provides less than 112 bits | of encryption strength", "DSA (NC) | FIPS 186-4 key generation, PQG generation, PQG verification, signature | generation, and signature verification | ECC CDH | (NC) | Key Agreement: Key establishment methodology provides less than 112 bits | of encryption strength | EDDH (NC) | Curve 25519; Curve 448", "HMAC (NC)", "HMAC generation with key size less than 112 bits", "HMAC-MD5 | (NC) | MD2, MD4, | MD5 (NC) | RNG (NC) | FIPS 186-2 Random Number Generation", "RSA (NC) | Key Wrapping: Key establishment methodology provides less than 112 bits | of encryption strength", "RSA-OAEP | (NC) | PKCS#1 v2.1 RSAES-OAEP Encryption/Decryption", "RSA (Key | Wrapping) | (NC) | Per IG D.G. the module wraps data sent by the requesting application via an | API call. Data being wrapped is unknown. PKCS non-approved padding. | Key establishment methodology provides between 112 and 138 bits of | encryption strength.", "Triple-DES | (NC) | Encryption/Decryption", "Note: All the various AES modes (e.g., EAX, XCBC, XTS, etc.) use the same underlying AES", "implementation as the approved AES cert." ], "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5242", "Certificate Number": "5242", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider)", "Module Type": "Software", "Validation Date": "04/14/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5242.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5242", "module_name": "AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-CBC- | CS1 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | Payload Length - Payload Length: 128-65536 | Increment 8 | SP 800- | 38A", "AES-CBC- | CS2 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | Payload Length - Payload Length: 128-65536 | Increment 8 | SP 800- | 38A", "AES-CBC- | CS3 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | Payload Length - Payload Length: 128-65536 | Increment 8 | SP 800- | 38A", "AES-CCM | A3548 | Key Length - 128, 192, 256 | Tag Length - 112, 128, 32, 48, 64, 80, 96 | IV Length - IV Length: 56-104 Increment 8 | Payload Length - Payload Length: 0-256 Increment 8 | AAD Length - AAD Length: 0-524288 Increment 8 | SP 800- | 38C", "AES-CFB1 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-CFB128 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-CFB8 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-CMAC | A3548 | Direction - Generation, Verification | Key Length - 128, 192, 256 | MAC Length - MAC Length: 128 | Message Length - Message Length: 0-524288 | Increment 8 | SP 800- | 38B", "AES-CTR | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | Payload Length - Payload Length: 8-128 Increment 8 | Supports Counter larger than maximum value - No | Incremental Counter - Yes | Counter Tests Performed - Yes | SP 800- | 38A", "AES-ECB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-GCM | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | Tag Length - 104, 112, 120, 128, 32, 64, 96 | SP 800- | 38D | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | IV Length - IV Length: 96-1024 Increment 8 | Payload Length - Payload Length: 0-65536 Increment | 8, Payload Length: 8-65536 Increment 8 | AAD Length - AAD Length: 0-65536 Increment 8", "AES-GMAC | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | Tag Length - 104, 112, 120, 128, 32, 64, 96 | IV Length - IV Length: 96-1024 Increment 8 | AAD Length - AAD Length: 0-65536 Increment 8 | SP 800- | 38D", "AES-KW | A3548 | Direction - Decrypt, Encrypt | Cipher - Cipher, Inverse | Key Length - 128, 192, 256 | Payload Length - Payload Length: 128-4096 | Increment 128 | SP 800- | 38F", "AES-KWP | A3548 | Direction - Decrypt, Encrypt | Cipher - Cipher, Inverse | Key Length - 128, 192, 256 | Payload Length - Payload Length: 8-4096 Increment | 8 | SP 800- | 38F", "AES-OFB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800- | 38A", "AES-XTS | Testing | Revision 2.0 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | Payload Length - Payload Length: 128-65536 | Increment 128 | Tweak Mode - Hex | Data Unit Length Matches Payload Length - Yes | SP 800- | 38E | Counter", "DRBG | A3548 | Prediction Resistance - Yes | Supports Reseed - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | Additional Input - Additional Input: 0-256 Increment | 256, Additional Input: 256, Additional Input: 320, | Additional Input: 384 | Entropy Input - Entropy Input: 128-256 Increment | 128, Entropy Input: 256, Entropy Input: 256-512 | Increment 128, Entropy Input: 320, Entropy Input: 384 | Nonce - Nonce: 0, Nonce: 128 | Personalization String Length - Personalization String | Length: 0-256 Increment 256, Personalization String | Length: 256, Personalization String Length: 320, | Personalization String Length: 384 | Returned Bits - 256 | SP 800- | 90A Rev. 1", "DSA KeyGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "DSA | PQGGen | (FIPS186-4) | A3548 | P/Q Generation Methods - Probable | G Generation Methods - Canonical, Unverifiable | L - 2048, 3072 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,", "SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A3548 | P/Q Generation Methods - Probable | G Generation Methods - Canonical, Unverifiable | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA2-512/224, SHA2- | 512/256 | FIPS 186-4", "DSA SigGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256", "DSA SigVer | (FIPS186-4) | A3548 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA | KeyGen | (FIPS186-4) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K- | 409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA | KeyVer | (FIPS186-4) | A3548 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K- | 233, K-283, K-409, K-571, P-192, P-224, P-256, P- | 384, P-521 | FIPS 186-4", "ECDSA | SigGen | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K- | 409, K-571, P-224, P-256, P-384, P-521", "SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-", "224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4", "ECDSA | SigVer | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K- | 233, K-283, K-409, K-571, P-192, P-224, P-256, P- | 384, P-521", "SHA2-384, SHA2-512, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - Yes | Supports Reseed - Yes", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384,", "256, SHA3-512 | Entropy Input - Entropy Input: 128-256 Increment 64, | SP 800- | 90A Rev. 1 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | Entropy Input: 192-256 Increment 64, Entropy Input: | 256-320 Increment 64, Entropy Input: 256-65536 | Increment 64 | Nonce - Nonce: 128-160 Increment 32, Nonce: 96- | 128 Increment 32 | Personalization String Length - Personalization String | Length: 0-256 Increment 128, Personalization String | Length: 0-65536 Increment 128 | Additional Input - Additional Input: 0-256 Increment | 128 | Returned Bits - 160, 224, 256, 384, 512", "HMAC DRBG | A3548 | Prediction Resistance - Yes | Supports Reseed - Yes", "256, SHA3-512 | Entropy Input - Entropy Input: 160-256 Increment 32, | Entropy Input: 192-256 Increment 64, Entropy Input: | 256-512 Increment 64, Entropy Input: 256-65536 | Increment 64, Entropy Input: 384-512 Increment 64, | Entropy Input: 512-1024 Increment 64 | Nonce - Nonce: 128, Nonce: 128-160 Increment 32, | Nonce: 64, Nonce: 96 | Personalization String Length - Personalization String | Length: 0-192 Increment 64, Personalization String | Length: 0-256 Increment 128, Personalization String | Length: 0-65536 Increment 128 | Additional Input - Additional Input: 0-256 Increment | 128, Additional Input: 192 | Returned Bits - 160, 224, 256, 384, 512 | SP 800- | 90A Rev. 1", "HMAC-SHA-1 | A3548 | MAC - MAC: 32-160 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A3548 | MAC - MAC: 32-224 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A3548 | MAC - MAC: 32-256 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A3548 | MAC - MAC: 32-384 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A3548 | MAC - MAC: 32-512 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A3548 | MAC - MAC: 32-224 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A3548 | MAC - MAC: 32-256 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A3548 | MAC - MAC: 32-224 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A3548 | MAC - MAC: 32-256 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA3- | 384 | A3548 | MAC - MAC: 32-384 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A3548 | MAC - MAC: 32-512 Increment 8 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC | CDH- | Component | SP800-56Ar3", "(CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K- | 409, K-571, P-224, P-256, P-384, P-521 | SP 800- | 56A Rev. 3", "KAS-ECC- | SSC Sp800- | 56Ar3 | A3548 | Domain Parameter Generation Methods - B-233, B- | 283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800- | 56A Rev. 3", "KAS-FFC- | SSC Sp800- | 56Ar3 | A3548 | Domain Parameter Generation Methods - FB, FC, | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, | ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800- | 56A Rev. 3", "KAS-IFC-SSC A3548 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1- | crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | Fixed Public Exponent - 010001 | SP 800- | 56A Rev. 3", "KDA HKDF | SP800-56Cr2 | A3548 | Fixed Info Pattern - | Fixed Info Encoding - concatenation | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224- | 8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | Perform Multiple Expansion Tests - No", "Uses Hybrid Shared Secret - No | SP 800- | 56C Rev. 2", "KDA OneStep | SP800-56Cr2 | A3548 | Auxiliary Function Methods -", "Auxiliary Function Name - SHA-1 | MAC Salting Methods - default, random | Fixed Info Pattern - | SP 800- | 56C Rev. 2 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | Fixed Info Encoding - concatenation | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224- | 8192 Increment 8", "KDA TwoStep | SP800-56Cr2 | A3548 | MAC Salting Methods - default, random | Fixed Info Pattern - | Fixed Info Encoding - concatenation", "KDF Mode - feedback", "MAC Modes - HMAC-SHA-1, HMAC-SHA2-224,", "HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-", "512, HMAC-SHA2-512/224, HMAC-SHA2-512/256,", "HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-", "384, HMAC-SHA3-512 | Fixed Data Order - after fixed data | Counter Lengths - 8", "The KDF supports an empty IV - Yes", "The KDF requires an empty IV - Yes | Supported Lengths - Supported Lengths: 2048 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224- | 8192 Increment 8 | Perform Multiple Expansion Tests - No", "KDF ANS", "9.42 (CVL) | A3548", "KDF Type - DER", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | Other Info Length - Other Info Length: 0-4096 | Increment 8 | zz Length - zz Length: 8-4096 Increment 8 | Key Data Length - Key Data Length: 8-4096 | Increment 8 | Supplemental Information Length - Supplemental | Information Length: 0-120 Increment 8", "OID - AES-128-KW, AES-192-KW, AES-256-KW | SP 800- | 135 Rev. 1", "9.63 (CVL) | A3548", "SHA2-512 | Field Size - 224, 571", "Shared Info Length - Shared Info Length: 0, 1024 | Key Data Length - Key Data Length: 128, 4096 | SP 800- | 135 Rev. 1", "KDF KMAC | Sp800-108r1 | A3548 | Key Derivation Key Length - Key Derivation Key | Length: 112-4096 Increment 8 | Context Length - Context Length: 8-4096 Increment 8 | Label Length - Label Length: 8-4096 Increment 8 | Derived Key Length - Derived Key Length: 112-4096 | SP 800- | 108 Rev. 1 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | Increment 8 | MAC Modes - KMAC-128, KMAC-256", "KDF SP800- | 108 | A3548", "KDF Mode - Counter, Feedback | MAC Mode - CMAC-AES128, CMAC-AES192,", "CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224,", "384, HMAC-SHA3-512 | Supported Lengths - Supported Lengths: 8, 72, 128, | 776, 3456, 4096 | Fixed Data Order - Before Fixed Data | Counter Length - 32 | Supports Empty IV - No | Custom Key In Length - 0 | SP 800- | 108 Rev. 1", "KDF SSH", "(CVL) | A3548", "Cipher - AES-128, AES-192, AES-256", "SHA2-384, SHA2-512 | SP 800- | 135 Rev. 1 | KMAC-128 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | MAC Length - MAC Length: 32-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | Hex Customization - No | Supports eXtendable-Output Functions - No, Yes | SP 800- | 185 | KMAC-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | MAC Length - MAC Length: 32-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | Hex Customization - No | Supports eXtendable-Output Functions - No, Yes | SP 800- | 185", "KTS-IFC | A3548 | IUT ID - ABCD | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1- | crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Fixed Public Exponent - 010001 | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method -", "Hash Algorithms - SHA2-224, SHA2-256, SHA2-384,", "224, SHA3-256, SHA3-384, SHA3-512 | Supports Null Associated Data - Yes | Associated Data Encoding - concatenation | Key Length - 1024 | SP 800- | 56B Rev. 2 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000 Increment 1 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | Password Length - Password Length: 8-128 | Increment 8 | Salt Length - Salt Length: 128-4096 Increment 8 | Key Data Length - Key Data Length: 112-4096 | Increment 8 | SP 800- | 132", "RSA KeyGen | (FIPS186-4) | A3548 | Key Generation Mode - B.3.3, B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2, Table C.3 | Info Generated By Server - Yes | Public Exponent Mode - Fixed, Random | Private Key Format - Standard | Fixed Public Exponent - 010001 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | Hash Pair -", "Hash Algorithm - SHA2-224 | FIPS 186-4", "RSA | Primitive", "(CVL) | A3548 | Private Key Format - CRT | Public Exponent Mode - fixed | Fixed Public Exponent - 010001 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | Hash Pair -", "Hash Algorithm - SHA-1 | Public Exponent Mode - Random | FIPS 186-4 | Safe Primes | Key | Generation | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | SP 800- | 56A Rev. 3 | Safe Primes | Key | Verification | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | SP 800- | 56A Rev. 3", "SHA-1 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA2-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2- | 512/224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2- | 512/256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A3548 | Supports Bit-Oriented Messages - No | Supports Empty Message - Yes | Supports Bit-Oriented Output - No | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A3548 | Supports Bit-Oriented Messages - No | Supports Empty Message - Yes | Supports Bit-Oriented Output - No | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TLS v1.2 KDF | RFC7627", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | Key Block Length - Key Block Length: 1024 | SP 800- | 135 Rev. 1", "TLS v1.3 KDF", "(CVL) | A3548 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800- | 135 Rev. 1 | The Module implements the Approved cryptographic functions listed in Table 5. | Name | Implementation", "DSA | PQGGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGGen using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3) | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Implementation", "DSA | PQGVer | [FIPS 186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGVer using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3)", "DSA | SigGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:SigGen using", "DSA | SigVer | [FIPS186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:SigVer using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3) | CKG - | Section 4 | and 5.1 | Key Type :Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.1: Key Pairs for | Digital Signature | Schemes | CKG - | Section 4 | and 5.2 | Key Type:Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.2: Key Pairs for Key | Establishment | CKG - | Section 4 | and Section | 6.1 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 6.1: Direct Generation | of Symmetric Keys | CKG - | Section 6.2 | Key Type:Symmetric | N/A | NIST SP 800-133r2 | Section 6.2: Derivation | of Symmetric keys | CKG - | Section 6.3 | Key Type:Symmetric | N/A | NIST SP 800-133rev2, | Section 6.3: Symmetric | Keys Produced by | Combining Multiple | Keys and Other Data | CKG – | Section 4 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Implementation | Output of a Random | Bit Random bits | returned to the calling | application | Non-Approved, Allowed Algorithms: | Name Properties | Implementation", "AES", "AES KW, KWP | (Cert.#A3548):Symmetric key | unwrapping | OpenSSL Project | OpenSSL 3.x FIPS | Provider | Per IG D.G | Additional | Comment 5 | Non-Approved, Allowed Algorithms with No Security Claimed: | Name Caveat Use and | Function | N/A | N/A | N/A | The module does not support any Non-Approved Algorithms Allowed in the Approved Mode of Operation with No | Security Claimed. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, | Encryption, Decryption | Ed448", "SHAKE256, Ed448 provides 224 bits of security, Digital Signature | Generation | Ed25519", "SHA2-512, Ed25519 provides 128 bits of security, Digital Signature | Generation | X448 | Provides 224 bits of security, Key Agreement | X25519 | Provides 128 bits of security, Key Agreement", "ECDSA SigVer | Component | Provides between 80 and 256 bits for security, Curves: B-163, B-233, | B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSA | SigGen/SigVer", "Provides >= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256 | AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) | FIPS 140-3 Non-Proprietary Security Policy | Amazon Web Services Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Use and Function", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5241", "Certificate Number": "5241", "Vendor Name": "Zebra Technologies Corporation", "Module Name": "Zebra 8887 Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "04/14/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5241.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5241", "module_name": "Zebra 8887 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/18/2032", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Firmware-hybrid", "embodiment": "MultiChipStand", "description": "The Zebra 8887 Cryptographic Module implements cryptographic support for Zebra wireless devices.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ], "algorithms_detailed": [ "AES-CCM | A1146 | - | SP 800-38C", "AES-ECB | A1146 | - | SP 800-38A", "HMAC-SHA-1 A2718 | - | FIPS 198-1", "SHA-1 | A2718 | - | FIPS 180-4 | N/A for this module. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5240", "Certificate Number": "5240", "Vendor Name": "WatchGuard Technologies, Inc.", "Module Name": "WatchGuard Firebox M4800 and M5800", "Module Type": "Hardware", "Validation Date": "04/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5240.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5240", "module_name": "WatchGuard Firebox M4800 and M5800", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/12/2031", "overall_level": 2, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section Secure Operation in Section 11 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "MultiChipStand", "description": "WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the Firebox appliances are completely configurable – turn on or off components and services to fit different network security deployment requirements.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4397 | - | SP 800-38A", "AES-CTR | A4397 | - | SP 800-38A", "AES-GCM | A4397 | - | SP 800-38D", "Counter DRBG | A4397 | - | SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-5) | A4397 | - | FIPS 186-5", "ECDSA SigGen (FIPS186-5) | A4397 | - | FIPS 186-5", "ECDSA SigVer (FIPS186-5) | A4397 | - | FIPS 186-5", "HMAC-SHA-1 | A4397 | - | FIPS 198-1", "HMAC-SHA2-256 | A4397 | - | FIPS 198-1", "HMAC-SHA2-384 | A4397 | - | FIPS 198-1", "HMAC-SHA2-512 | A4397 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4397 | - | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A4397 | - | SP 800-56A Rev. 3", "KDF IKEv1 (CVL) | A4397 | - | SP 800-135 Rev. 1", "KDF IKEv2 (CVL) | A4397 | - | SP 800-135 Rev. 1", "KDF SSH (CVL) | A4397 | - | SP 800-135 Rev. 1", "RSA KeyGen (FIPS186-5) | A4397 | - | FIPS 186-5", "RSA SigGen (FIPS186-5) | A4397 | - | FIPS 186-5", "RSA SigVer (FIPS186-5) | A4397 | - | FIPS 186-5 | Safe Primes Key Generation | A4397 | - | SP 800-56A Rev. 3", "SHA-1 | A4397 | - | FIPS 180-4", "SHA2-256 | A4397 | - | FIPS 180-4", "SHA2-384 | A4397 | - | FIPS 180-4", "SHA2-512 | A4397 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627 (CVL) A4397 | - | SP 800-135 Rev. 1", "TLS v1.3 KDF (CVL) | A4397 | - | SP 800-135 Rev. 1 | •", "For TLS v1.2, the Module’s AES-GCM implementation conforms to Implementation", "Guidance C.H scenario #1 following RFC 5288 for TLS. The Module is compatible with | TLSv1.2 and provides support for the acceptable GCM cipher suites from SP 800-52 | Rev1, Section 3.3.1. The keys for the client and server negotiated in the TLSv1.2 | handshake process (client_write_key and server_write_key) are compared and the | This document may be freely reproduced and distributed whole and intact including this Copyright Notice. | UNCLASSIFIED / NON CLASSIFIÉ//TLP:AMBER+STRICT | Module aborts the session if the key values are identical. The operations of one of the", "two parties involved in the TLS key establishment scheme were performed entirely | within the cryptographic boundary of the Module being validated. The counter portion of | the IV is set by the Module within its cryptographic boundary. When the IV exhausts the | maximum number of possible values for a given session key, the first party, client or | server, to encounter this condition will trigger a handshake to establish a new encryption | key. In case the Module’s power is lost and then restored, a new key for use with the", "AES GCM encryption/decryption shall be established. | •", "For TLS v1.3, the Module offers the AES-GCM implementation and uses the context of", "Scenario #5 of FIPS 140-3 IG C.H. The protocol that provides this compliance is TLS | 1.3, defined in RFC8446 of August 2018, using the cipher suites that explicitly select", "AES-GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The Module", "supports acceptable AES-GCM cipher suites from Section 3.3.1 of SP800-52 Rev2. The", "Module implements, within its boundary, an IV generation unit for TLS 1.3 that keeps", "control of the 64-bit counter value within the AES-GCM IV. If the exhaustion condition is | observed, the Module will return an error indication to the calling application, who will", "then need to either trigger a re-key of the session (i.e., a new key for AES-GCM), or | terminate the connection. | •", "The Module uses RFC 7296 compliant IKEv2 to establish the shared secret SKEYSEED", "from which the AES GCM encryption keys are derived. Two keys established by IKEv2 | for one security association (one key for encryption in each direction between the | parties) are not identical and abort the session if they are. When the IV exhausts the | maximum number of possible values for a given session key, the first party, client or | server, to encounter this condition will trigger a handshake to establish a new encryption | key. In case the Module’s power is lost and then restored, a new key for use with the", "AES GCM encryption/decryption shall be established. | Name Properties | Implementation Reference | CKG | Key | Type:Asymmetric | N/A | The cryptographic module performs | Cryptographic Key Generation (CKG) for | asymmetric keys as per sections 4 and 5 in | SP800-133rev2 (vendor affirmed) and FIPS | 140-3 IG D.H. A seed (i.e., the random value) | used in asymmetric key generation is a direct | output from SP800-90Arev1 CTR_DRBG | (A4397) | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | This document may be freely reproduced and distributed whole and intact including this Copyright Notice. | UNCLASSIFIED / NON CLASSIFIÉ//TLP:AMBER+STRICT | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function | MD5", "DES | Data encryption/decryption", "Triple-DES Data encryption/decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5239", "Certificate Number": "5239", "Vendor Name": "", "Module Name": "", "Module Type": "Software", "Validation Date": "04/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5239.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5239", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "module_type": "Software", "embodiment": "3", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5238", "Certificate Number": "5238", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Linux Enterprise OpenSSL 1 Cryptographic Module", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5238.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5238", "module_name": "SUSE Linux Enterprise OpenSSL 1 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/9/2031", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true, "algorithms": [ "AES", "CVL", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- GenerationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A6075,A6076,A6077,A6078,A6079,A6080,A6081,A6082,A6083,A6100,A6101,A6102,A6106,A6107,A6108 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GMAC | A6075,A6076,A6077,A6078,A6079,A6080,A6081,A6082,A6083,A6100,A6101,A6102,A6106,A6107,A6108 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-KW | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "CounterDRBG | A5553,A5554,A5555,A5556,A5557,A5558,A5659 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-No,Yes | SP 800-90A Rev.1", "ECDSASigGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS186-5", "ECDSASigGen(FIPS186-5) | A6092,A6093,A6094,A6099,A6105,A6111 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No | FIPS186-5", "ECDSASigVer(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-5", "ECDSASigVer(FIPS186-5) | A6092,A6093,A6094,A6099,A6105,A6111 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-5", "HMAC-SHA2-224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109,A6110 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A6092,A6093,A6094,A6099,A6105,A6111 | Key Length - Key Length:112-524288Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSCSp800-56Ar3 | A6096 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56A Rev.3", "KDA HKDFSP800-56Cr2 | A6095 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-3072 Increment 8HMAC Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A6085,A6087,A6089,A6091,A6098,A6104 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Key Generation Mode-probableModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6084,A6086,A6088,A6090,A6092,A6093,A6094,A6097,A6099,A6103,A6105,A6109,A6111 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA2-224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109,A6110 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A6092,A6093,A6094,A6099,A6105,A6111 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A6092,A6093,A6094,A6099,A6105,A6111 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A6092,A6093,A6094,A6099,A6105,A6111 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A6084,A6086,A6088,A6090,A6097,A6103,A6109 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A6095 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "AES-GCM with external IV | Authenticated encryption", "HMAC with less than 112-bit keys, SipHash | Message authentication code (MAC)", "Diffie-Hellman with domain parameters other than safe primes | Key pair generation; Diffie-Hellman public key validation; Shared secret computation", "DSA with any key sizes | Digital signature verification", "EC Diffie-Hellman with P-192 curve, K curves, B curves and non-NIST curves | Shared secret computation", "ECDSA with P-192 curve, K curves, B curves and non-NIST curves | Key pair generation; Digital signature generation; Digital signature verification", "PBKDF with non-approved message digest algorithms or using input parameters not meeting requirements stated in section 2.7.3 | Key derivation", "RSA with keys smaller than 2048 bits | Key pair generation; Digital signature generation; Digital signature verification", "RSA encryption with any key sizes | Key encapsulation", "RSA decryption with any key sizes | Key un-encapsulation", "TLS v1.0,v1.1 KDF | Key derivation", "SHA-1 | Message digest; Digital signature generation; Digital signature verification; Message authentication code (MAC); Key derivation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5237", "Certificate Number": "5237", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Strix 1\" and \"Krackan 1\")", "Module Type": "Hardware", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5237.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5237", "module_name": "AMD ASP Cryptographic CoProcessor (\"Strix 1\" and \"Krackan 1\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/9/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "SingleChip", "description": "The module is present in Ryzen AI 9 HX PRO 370 (\"Strix 1\") and Ryzen AI 7 PRO 350 (\"Krackan 1\").", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6633 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6634 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6633 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A6634 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B | AMD ASP Cryptographic CoProcessor (\"Strix 1\" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy | © 2026 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "AES-CTR | A6633 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6634 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6633 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6634 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A7003 | Direction - Encrypt | Key Length - 256 | SP 800-38A", "AES-ECB | A7004 | Direction - Encrypt | Key Length - 256 | SP 800-38A", "Conditioning Component AES- | CBC-MAC SP800-90B | A5337 | Key Length - 256 | SP 800-90B", "Counter DRBG | A7003 | Prediction Resistance - No", "Mode - AES-256 | Derivation Function Enabled - No | SP 800-90A | Rev. 1", "Counter DRBG | A7004 | Prediction Resistance - No", "HMAC-SHA-1 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1 | AMD ASP Cryptographic CoProcessor (\"Strix 1\" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy | © 2026 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "HMAC-SHA3-224 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6633 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6634 | Key Length - Key Length: 112- | 524288 Increment 8 | FIPS 198-1", "KDF SP800-108 | A6633", "KDF Mode - Counter | Supported Lengths - Supported | Lengths: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A6634", "RSA SigVer (FIPS186-2) | A6633 | Signature Type - PKCSPSS | Modulo - 1536 | FIPS 186-4", "RSA SigVer (FIPS186-2) | A6634 | Signature Type - PKCSPSS | Modulo - 1536 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A6633 | Signature Type - PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A6634 | Signature Type - PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A6633 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer (FIPS186-5) | A6634 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "SHA-1 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA-1 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4 | AMD ASP Cryptographic CoProcessor (\"Strix 1\" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy | © 2026 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "SHA2-256 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 180-4", "SHA3-224 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-224 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-256 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-256 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-384 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-384 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-512 | A6633 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHA3-512 | A6634 | Message Length - Message Length: | 0-65536 Increment 8 | FIPS 202", "SHAKE-128 | A6633 | Output Length - Output Length: 1344 | FIPS 202", "SHAKE-128 | A6634 | Output Length - Output Length: 1344 | FIPS 202", "SHAKE-256 | A6633 | Output Length - Output Length: 1088 | FIPS 202", "SHAKE-256 | A6634 | Output Length - Output Length: 1088 | FIPS 202 | N/A for this module. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | AMD ASP Cryptographic CoProcessor (\"Strix 1\" and “Krackan 1”)FIPS 140-3 Non-Proprietary Security Policy | © 2026 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Caveat | Use and Function", "AES-ECB using the | non-approved key. | Allowed per IG | 2.4.A example | 2. | De-obfuscate data using the non-approved RTL key for a | non-security relevant purpose (RL_ARCL_RtlDeobfuscate | service). | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "HMAC with key | lengths less than | 112 bits", "RSA (pre-hashed | message) | Signature verification", "SHA-384 with non- | standard initial | hash value | PCR-based memory measurement | CCP_HAL", "Message digest (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224,", "SHA3-256, SHA3-384, SHA3-512), XOF (SHAKE128, SHAKE256), encryption,", "decryption (AES, ECB, CBC, OFB, CFB, CTR, GCTR, IAPM, XTS), message", "authentication (AES CMAC) | SIB_HAL algorithm | Random number generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5236", "Certificate Number": "5236", "Vendor Name": "Peplink Technologies Inc.", "Module Name": "Peplink FIPS Module", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5236.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5236", "module_name": "Peplink FIPS Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Peplink FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Peplink products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC-CS3 | A4481 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:136-512 Increment 8 | SP 800-38A", "AES-CCM | A4481 | Key Length - 128,192,256Tag Length - 112,128,32,48,64,80,96IV Length - IV Length:56-104 Increment 8Payload Length - Payload Length:0-256 Increment 8AAD Length-AAD Length:0-524288 Increment 8 | SP 800-38C", "AES-CFB1 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256Payload Length-Payload Length:8-128 Increment 8Supports Counter larger than maximum value-NoIncremental Counter-YesCounter Tests Performed-Yes | SP 800-38A", "AES-ECB | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment 8Payload Length-Payload Length:8-65536 Increment 8AAD Length-AAD Length:0-65536 Increment 8 | SP 800-38D", "AES-KW | A4481 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:128-4096 Increment 128 | SP 800-38F", "AES-KWP | A4481 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:8-4096 Increment 8 | SP 800-38F", "AES-OFB | A4481 | Direction- Decrypt, Encrypt", "AES-XTS Testing Revision 2.0 | A4481 | Direction- Decrypt, Encrypt", "AES-CMAC | A4481 | Direction-Generation,VerificationKey Length-128,192,256MAC Length-MAC Length:128Message Length-Message Length:0-524288 Increment 8 | SP 800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96AAD Length-AAD Length:0-65536 Increment 8 | SP 800-38D", "HMAC-SHA-1 | A4481 | MAC-MAC:32-160Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | MAC-MAC:32-224Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | MAC-MAC:32-256Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | MAC-MAC:32-384Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | MAC-MAC:32-512Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | MAC-MAC:32-224Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | MAC-MAC:32-256Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | MAC-MAC:32-224Increment8Key Length-Key Length:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | MAC-MAC:32-256Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4481 | MAC-MAC:32-384Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-512 | A4481 | MAC-MAC:32-512Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS198-1", "Counter DRBG | A4481 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - No,YesAdditional Input - Additional Input:0-256 Increment 256,Additional Input:256,Additional Input:320,Additional Input:384Entropy Input - Entropy Input:128-256 Increment 128,Entropy Input:256,Entropy Input:256-512 Increment 128,EntropyInput:320,Entropy Input:384Nonce-Nonce:0,Nonce:128Personalization String Length-Personalization String Length:0-256 Increment 256,Personalization String Length:256,Personalization String Length:320,Personalization String Length:384Returned Bits-256 | SP 800-90ARev.1", "Hash DRBG | A4481 | Prediction Resistance - YesSupports Reseed - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:192-256 Increment 64,Entropy Input:256-320Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256 Increment 128 | SP 800-90ARev.1", "HMACDRBG | A4481 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Entropy Input-Entropy Input:160-256 Increment 32,Entropy Input:192-256 Increment 64,Entropy Input:256-512Increment 64,Entropy Input:384-512 Increment 64,Entropy Input:512-1024 Increment 64Nonce-Nonce:128,Nonce:64,Nonce:96Personalization String Length-Personalization String Length:0-192 Increment 64,Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128,Additional Input:192Returned Bits-160,224,256,384,512 | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4481 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4481 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-Yes | FIPS186-4", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4481 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4481 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448PreHash-No,YesContext Length-Context Length:0-255 Increment1Pure-Yes | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-256 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A4481 | Hash Pair-Hash Algorithm-SHA2-224Modulo-2048,3072,4096 | FIPS 186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format - crtPublic Exponent Mode - fixedFixed Public Exponent - 010001 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSSModulo - 1024, 2048, 3072, 4096Hash Pair-Hash Algorithm-SHA-1Public Exponent Mode-Random | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4481 | Hash Pair-Hash Algorithm-SHA-1Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pssMask Function-MGF1Public Exponent Mode-random | FIPS 186-5", "KAS-ECC CDH-ComponentSP800-56Ar3(CVL) | A4481 | Curve-B233,B283,B409,B571,K233,k283,k409,k571,P224,P256,P384,P521 | SP800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B233,B283,B409,B571,k233,k283,k409,k571,P224,P256,P384,P521Scheme ephemeralUnifiedKAS Role initiator,responder | SP800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme dhEphemKAS Role initiator,responder | SP800-56ARev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorSchemeKAS1-KAS Role initiator,responderKAS2- | SP800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4481 | Fixed Info Pattern - algorithmmld", "KDA OneStep SP800-56Cr2 | A4481 | Auxiliary Function Methods -Auxiliary Function Name - SHA2-512MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDF ANS 9.42 (CVL) | A4481 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-13Rev. 1", "KDF ANS 9.63 (CVL) | A4481 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Field Size - 224, 571Shared Info Length - Shared Info Length: 0, 1024Key Data Length - Key Data Length: 128, 4096 | SP 800-135 Rev. 1", "KDF SP800-108 | A4481 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096Fixed Data Order - Before Fixed DataCounter Length - 32Supports Empty IV - No, YesCustom Key In Length - 0Requires Empty IV - Yes | SP 800-108 Rev. 1", "KDF SSH (CVL) | A4481 | Cipher - AES-128, AES-192, AES-256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "PBKDF | A4481 | Iteration Count - Iteration Count: 1-10000 Increment 1HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Password Length - Password Length: 8-128 Increment 8Salt Length - Salt Length: 128-4096 Increment 8Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-132", "TLS v1.2 KDF RFC7627 (CVL) | A4481 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512Key Block Length - Key Block Length: 1024 | SP 800-135 Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm - SHA2-256, SHA2-384KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 Rev. 1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5235", "Certificate Number": "5235", "Vendor Name": "Radiant Logic", "Module Name": "Radiant Logic Cryptographic Module for Go", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5235.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5235", "module_name": "Radiant Logic Cryptographic Module for Go", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Radiant Logic Cryptographic Module for Go is a standards-based cryptographic engine for Go applications. The module delivers core cryptographic functions to server platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128,192,256Tag Length - 112,128,32,48,64,80,96IV Length - IV Length:56-104 Increment8Payload Length - Payload Length:0-256 Increment8AAD Length-AAD Length:0-524288 Increment8 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128,192,256Tag Length - 112,128,32,48,64,80,96IV Length - IV Length:56-104 Increment8Payload Length - Payload Length:0-256 Increment8AAD Length-AAD Length:0-524288 Increment8 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-CTR | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8Payload Length - Payload Length: 0-65536 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 8-4096 Increment 8 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, EncryptCipher - Cipher, Inverse | SP 800-38F", "KDA TwoStepSP800-56Cr2 | A5173 | MAC Salting Methods-default,randomFixed Info Pattern-algorithmId", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths-Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AES128, CMAC-AES192, CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths - Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32Supports Empty IV-NoCustom Key In Length-0 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | IUT ID - CAFECAFE Modulo - 2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent - 010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | IUT ID - CAFECAFEModulo-2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent-010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length-Password Length:8-128 Increment8Salt Length-Salt Length:128-4096 Increment8Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-Yes | FIPS 202", "SHAKE-256 | A5173 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-DecryptKeying Option-1 | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-DecryptKeying Option-1 | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-DecryptKeying Option-1 | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-DecryptKeying Option-1 | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1 (strength 112bits) brainpoolP256r1 (strength 128 bits) brainpoolP320r1 (strength 160 bits) brainpoolP384r1 (strength 192 bits) brainpoolP512r1 (strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5234", "Certificate Number": "5234", "Vendor Name": "QNu Labs", "Module Name": "QNu Labs Cryptographic Module", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5234.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5234", "module_name": "QNu Labs Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "QNu Labs Cryptographic Module is a standards-based cryptographic provider. The module delivers core crypto functionality to applications and services.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment 8 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256Tag Length-112,128,32,48,64,80,96IV Length-IV Length:56-104 Increment 8Payload Length-Payload Length:0-256 Increment 8AAD Length-AAD Length:0-524288 Increment 8 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256Tag Length-112,128,32,48,64,80,96IV Length-IV Length:56-104 Increment 8Payload Length-Payload Length:0-256 Increment 8AAD Length-AAD Length:0-524288 Increment 8 | SP 800-38C", "AES-CFB1 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-CTR | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8Payload Length-Payload Length:0-65536 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:128-4096 Increment128 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:128-4096 Increment128 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:8-4096 Increment8 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptCipher-Cipher,Inverse | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A4593 | Direction - Decrypt, EncryptKey Length - 128,256Payload Length - Payload Length:128-65536 Increment 128Tweak Mode-HexData Unit Length Matches Payload Length-Yes | SP 800-38E", "AES-XTSTestingRevision2.0 | A5173 | Direction - Decrypt, EncryptKey Length - 128,256Payload Length - Payload Length:128-65536 Increment 128Tweak Mode-HexData Unit Length Matches Payload Length-Yes | SP 800-38E", "CounterDRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-YesAdditional Input-Additional Input:0-256 Increment 256Entropy Input-Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce-Nonce:128Personalization String Length-Personalization String Length:0-256Increment 256Returned Bits-256 | SP 800-90ARev.1", "CounterDRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-YesAdditional Input-Additional Input:0-256 Increment 256Entropy Input-Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce-Nonce:128Personalization String Length-Personalization String Length:0-256Increment 256Returned Bits-256 | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance - YesSupports Reeseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance - YesSupports Reeseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | MAC-MAC:32-384 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responderFixed Public Exponent-010001 | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2- | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A4593 | Fixed Info Pattern - algorithmld", "KDA HKDFSP800-56Cr2 | A5173 | Fixed Info Pattern - algorithmld", "KDA OneStepSP800-56Cr2 | A4593 | Auxiliary Function Methods-Auxiliary Function Name-SHA-1MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDA OneStepSP800-56Cr2 | A5173 | Auxiliary Function Methods-Auxiliary Function Name-SHA-1MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDA TwoStepSP800-56Cr2 | A4593 | MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDA TwoStepSP800-56Cr2 | A5173 | MAC Salting Methods-default,randomFixed Info Pattern-algorithmmld", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths-Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AES128, CMAC-AES192, CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths - Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32Supports Empty IV-NoCustom Key In Length-0 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | IUT ID - CAFECAFE Modulo - 2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent - 010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | IUT ID - CAFECAFEModulo-2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent-010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length - Password Length:8-128 Increment8Salt Length-Salt Length:128-4096 Increment8Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-Yes | FIPS 202", "SHAKE-256 | A5173 | Supports Bit-Oriented Messages - NoSupports Empty Message - YesSupports Bit-Oriented Output - NoOutput Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1 (strength 112 bits) brainpoolP256r1 (strength 128 bits) brainpoolP320r1 (strength 160 bits) brainpoolP384r1 (strength 192 bits) brainpoolP512r1 (strength 256 bits): Signature Generation, Signature Verification, Key Generation, Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5233", "Certificate Number": "5233", "Vendor Name": "InfoScale/Arctera", "Module Name": "InfoScale/Arctera CryptoComply 140-3 FIPS Provider", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5233.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5233", "module_name": "InfoScale/Arctera CryptoComply 140-3 FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "InfoScale and Arctera's CryptoComply 140-3 FIPS Provider is designed to provide FIPS 140-3 validated cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CCM | A4593 | KeyLength-128,192,256TagLength-112,128,32,48,64,80,96IVLength-IVLength:56-104Increment8PayloadLength-PayloadLength:0-256Increment8AADLength-AADLength:0-524288Increment8 | SP 800-38C", "AES-CCM | A5173 | KeyLength-128,192,256TagLength-112,128,32,48,64,80,96IVLength-IVLength:56-104Increment8PayloadLength-PayloadLength:0-256Increment8AADLength-AADLength:0-524288Increment8 | SP 800-38C", "AES-CFB1 | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-CTR | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8Payload Length-Payload Length:0-65536 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptCipher-Cipher,InverseKeyLength-128,192,256Payload Length-Payload Length:128-4096 Increment128 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptCipher-Cipher,InverseKeyLength-128,192,256Payload Length-Payload Length:128-4096 Increment128 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptCipher-Cipher,Inverse | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, EncryptCipher-Cipher, InverseKey Length-128,192,256Payload Length-Payload Length:8-4096 Increment 8 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256PayloadLength-PayloadLength:128-65536Increment128TweakMode-HexDataUnitLengthMatchesPayloadLength-Yes | SP 800-38E", "AES-XTSTestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256PayloadLength-PayloadLength:128-65536Increment128TweakMode-HexDataUnitLengthMatchesPayloadLength-Yes | SP 800-38E", "CounterDRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-YesAdditionalInput-AdditionalInput:0-256Increment256EntropyInput-EntropyInput:128-256Increment128,EntropyInput:256-512Increment128Nonce-Nonce:128PersonalizationStringLength-PersonalizationStringLength:0-256Increment256ReturnedBits-256 | SP 800-90ARev.1", "CounterDRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-YesAdditionalInput-AdditionalInput:0-256Increment256EntropyInput-EntropyInput:128-256Increment128,EntropyInput:256-512Increment128 | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4593 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4593 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KASRole-initiator,responder | SP800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KASRole-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KASRole-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KASRole-initiator,responder | SP800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responderFixed Public Exponent-010001 | SP800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factor | SP800-56ARev.3", "KDA HKDFSP800-56Cr2 | A4593 | Fixed Info Pattern -algorithmld", "KDA HKDFSP800-56Cr2 | A5173 | Fixed Info Pattern -algorithmld", "KDA OneStepSP800-56Cr2 | A4593 | Auxiliary Function Methods-Auxiliary Function Name-SHA-1MAC Salting Methods-default,randomFixed Info Pattern -algorithmld", "KDA OneStepSP800-56Cr2 | A5173 | Auxiliary Function Methods-Auxiliary Function Name-SHA-1MAC Salting Methods-default,randomFixed Info Pattern -algorithmld", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDF ANS 9.42(CVL) | A4593 | KDF Type - DERHash Algorithm - SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length - Other Info Length:0-4096 Increment8zz Length - zz Length:8-4096 Increment8Key Data Length - Key Data Length:8-4096 Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter, FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths-Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32Supports Empty IV-NoCustom Key In Length-0 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | IUT ID - CAFECAFEModulo - 2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent - 010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data Pattern-Associated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | IUT ID - CAFECAFEModulo - 2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent - 010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data Pattern-Associated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length-Password Length:8-128 Increment 8Salt Length-Salt Length:128-4096 Increment 8Key Data Length-Key Data Length:112-4096 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length-Password Length:8-128 Increment 8Salt Length-Salt Length:128-4096 Increment 8Key Data Length-Key Data Length:112-4096 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-224 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA-1Public Exponent Mode-Random | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA-1Public Exponent Mode-Random | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Supports Bit-Oriented Messages - NoSupports Empty Message - YesSupports Bit-Oriented Output - NoOutput Length - Output Length: 16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Supports Bit-Oriented Messages - NoSupports Empty Message - YesSupports Bit-Oriented Output - NoOutput Length - Output Length: 16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction - DecryptKeying Option -1 | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction - DecryptKeying Option -1 | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction - DecryptKeying Option -1 | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction - DecryptKeying Option -1 | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5232", "Certificate Number": "5232", "Vendor Name": "CTERA Networks", "Module Name": "CTERA Crypto Module", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5232.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5232", "module_name": "CTERA Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "CTERA Crypto Module™ (Server) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length - 128,192,256Payload Length - Payload Length:128-65536 Increment8 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128,192,256Tag Length - 112,128,32,48,64,80,96IV Length - IV Length:56-104 Increment8Payload Length - Payload Length:0-256 Increment8AAD Length - AAD Length:0-524288 Increment8 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128,192,256Tag Length - 112,128,32,48,64,80,96IV Length - IV Length:56-104 Increment8Payload Length - Payload Length:0-256 Increment8AAD Length - AAD Length:0-524288 Increment8 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-CTR | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8Payload Length - Payload Length: 0-65536 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 8-4096 Increment 8 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, EncryptCipher - Cipher, Inverse | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode-HexData Unit Length Matches Payload Length-Yes | SP 800-38E", "AES-XTSTestingRevision2.0 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode-HexData Unit Length Matches Payload Length-Yes | SP 800-38E", "CounterDRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-YesAdditional Input-Additional Input:0-256 Increment 256Entropy Input-Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce-Nonce:128Personalization String Length-Personalization String Length:0-256Increment 256Returned Bits-256 | SP 800-90ARev.1", "CounterDRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-YesAdditional Input-Additional Input:0-256 Increment 256Entropy Input-Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce-Nonce:128Personalization String Length-Personalization String Length:0-256Increment 256Returned Bits-256 | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance - YesSupports Reseed - YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:160-256 Increment 32,Entropy Input:256-512 Increment 64,Entropy Input:512-1024 Increment 64Nonce-Nonce:128,Nonce:64Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance - YesSupports Reseed - YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:160-256 Increment 32,Entropy Input:256-512 Increment 64,Entropy Input:512-1024 Increment 64Nonce-Nonce:128,Nonce:64Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | MAC-MAC:32-384 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4593 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation MethodsFB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme dhEphemKAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation MethodsFB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme dhEphemKAS Role initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo 2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme KAS1-KAS Role initiator,responderKAS2-KAS Role initiator,responderFixed Public Exponent-010001 | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo 2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme KAS1-KAS Role initiator,responderKAS2- | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4593 | Fixed Info Pattern - algorithmld", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512", "Uses Hybrid Shared Secret - No | SP 800-56C Rev. 2", "KDA HKDF SP800-56Cr2 | A5173 | Fixed Info Pattern - algorithmld", "KDA OneStep SP800-56Cr2 | A4593 | Auxiliary Function Methods -", "Auxiliary Function Name - SHA-1", "KDA OneStep SP800-56Cr2 | A5173 | Auxiliary Function Methods -", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback", "MAC Modes - HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, | SP 800-56C Rev. 2", "KDA TwoStepSP800-56Cr2 | A5173 | MAC Salting Methods-default,randomFixed Info Pattern-algorithmId", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Other Info Length-Other Info Length:0-4096 Increment8zz Length-zz Length:8-4096 Increment8Key Data Length-Key Data Length:8-4096 Increment8Supplemental Information Length-Supplemental Information Length:0-120 Increment8OID-AES-128-KW,AES-192-KW,AES-256-KW | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Field Size-224,571Shared Info Length-Shared Info Length:0,1024Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Key Derivation Key Length-Key Derivation Key Length:112-4096Increment8Context Length-Context Length:8-4096 Increment8Label Length-Label Length:8-4096 Increment8Derived Key Length-Derived Key Length:112-4096 Increment8MAC Modes-KMAC-128,KMAC-256 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths-Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AES128, CMAC-AES192, CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512Supported Lengths - Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32Supports Empty IV-NoCustom Key In Length-0 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES128,AES192,AES256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES128,AES192,AES256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | IUT ID - CAFECAFEModulo - 2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent - 010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | IUT ID - CAFECAFEModulo-2048,3072,4096,6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent-010001Scheme-KTS-OAEP-basic-KAS Role - initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data PatternAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length-Password Length:8-128 Increment8Salt Length-Salt Length:128-4096 Increment8Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3 Modulo-2048,3072,4096 Primality Tests-Table C.2 Info Generated By Server-Yes Public Exponent Mode-Random Private Key Format-Standard | FIPS186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3 Modulo-2048,3072,4096 Primality Tests-Table C.2 Info Generated By Server-Yes Public Exponent Mode-Random Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS1.5,PKCSPSS Modulo-2048,3072,4096 Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS1.5,PKCSPSS Modulo-2048,3072,4096 Hash Pair-Hash Algorithm-SHA2-224 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSS Modulo-1024,2048,3072,4096 Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSS Modulo-1024,2048,3072,4096 Hash Pair-Hash Algorithm-SHA1Public Exponent Mode-Random | FIPS186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Supports Bit-Oriented Messages-NoSupports Empty Message-Yes | FIPS 202", "SHAKE-256 | A5173 | Supports Bit-Oriented Messages - NoSupports Empty Message - YesSupports Bit-Oriented Output - NoOutput Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction - DecryptKeying Option - 1 | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128bits) brainpoolP320r1(strength 160bits) brainpoolP384r1(strength 192bits) brainpoolP512r1(strength 256bits):SignatureGeneration,SignatureVerification,KeyGeneration,KeyVerification | CryptoComply140-3FIPSProvider | Allowed per IG C.A,category1a(perSP800-186AppendixH.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5231", "Certificate Number": "5231", "Vendor Name": "Aviatrix LLC", "Module Name": "Aviatrix Cloud Native Security Fabric Cryptographic Module", "Module Type": "Software", "Validation Date": "04/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5231.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5231", "module_name": "Aviatrix Cloud Native Security Fabric Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Aviatrix Cloud Native Security Fabric Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support.", "algorithms": [ "AES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "SHA" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 128-65536 Increment 8 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256Tag Length - 112, 128, 32, 48, 64, 80, 96IV Length - IV Length: 56-104 Increment 8Payload Length - Payload Length: 0-256 Increment 8AAD Length - AAD Length: 0-524288 Increment 8 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256Tag Length - 112, 128, 32, 48, 64, 80, 96IV Length - IV Length: 56-104 Increment 8Payload Length - Payload Length: 0-256 Increment 8AAD Length - AAD Length: 0-524288 Increment 8 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction- Generation, VerificationKey Length-128,192,256MAC Length-MAC Length:128Message Length-Message Length:0-524288 Increment8 | SP 800-38B", "AES-CMAC | A5173 | Direction- Generation, VerificationKey Length-128,192,256MAC Length-MAC Length:128Message Length-Message Length:0-524288 Increment8 | SP 800-38B", "AES-CTR | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256Payload Length-Payload Length:8-128 Increment8Supports Counter larger than maximum value-NoIncremental Counter-YesCounter Tests Performed-Yes | SP 800-38A", "AES-CTR | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256Payload Length-Payload Length:8-128 Increment8Supports Counter larger than maximum value-NoIncremental Counter-YesCounter Tests Performed-Yes | SP 800-38A", "AES-ECB | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction- Decrypt, EncryptIV Generation-External, InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024 Increment8 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024Increment8Payload Length-Payload Length:0-65536 Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96-1024Increment8AAD Length-AAD Length:0-65536 Increment8 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:128-4096Increment128 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:128-4096Increment128 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptCipher-Cipher,InverseKey Length-128,192,256Payload Length-Payload Length:8-4096Increment8 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptCipher-Cipher,Inverse | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5173 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode - HexData Unit Length Matches Payload Length - Yes | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode - HexData Unit Length Matches Payload Length - Yes | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - YesAdditional Input - Additional Input:0-256 Increment 256Entropy Input - Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce - Nonce:128Personalization String Length - Personalization String Length:0-256Increment 256Returned Bits - 256 | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - YesAdditional Input - Additional Input:0-256 Increment 256Entropy Input - Entropy Input:128-256 Increment 128,Entropy Input:256-512 Increment 128Nonce - Nonce:128Personalization String Length - Personalization String Length:0-256Increment 256Returned Bits - 256 | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-256,SHA2-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:256-320 Increment 64Nonce-Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256Increment 128Additional Input-Additional Input:0-256 Increment 128Returned Bits-160,256,512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-256, SHA2-512Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input:256-512 Increment 64, Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 64Personalization String Length - Personalization String Length: 0-256Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 256, 512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | MAC-MAC:32-160 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | MAC-MAC:32-224 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | MAC-MAC:32-256 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | MAC-MAC:32-384 Increment8Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4593 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A5173 | MAC-MAC:32-224Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4593 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A5173 | MAC-MAC:32-256Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4593 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A5173 | MAC-MAC:32-384Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A4593 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A5173 | MAC-MAC:32-512Increment8KeyLength-KeyLength:8-524288Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role initiator,responderKAS2-KAS Role initiator,responderFixed Public Exponent-010001 | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role initiator,responderKAS2- | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4593 | Fixed Info Pattern - algorithmld", "SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512", "Uses Hybrid Shared Secret - No | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A5173 | Fixed Info Pattern - algorithmld", "KDA OneStep SP800-56Cr2 | A4593 | Auxiliary Function Methods -", "Auxiliary Function Name - SHA-1", "KDA OneStep SP800-56Cr2 | A5173 | Auxiliary Function Methods -", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback", "MAC Modes - HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256, | SP 800-56C Rev.2", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5230", "Certificate Number": "5230", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Strix Halo\")", "Module Type": "Hardware", "Validation Date": "04/08/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5230.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5230", "module_name": "AMD ASP Cryptographic CoProcessor (\"Strix Halo\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/7/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "SingleChip", "description": "The module is present in Ryzen AI PRO \"Strix Halo/Sarlak\"", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "Conditioning Component AES-CBC-MAC SP800-90B | A5337 | Key Length - 256 | SP 800-90B", "Counter DRBG | A7030 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev.1", "HMAC-SHA-1 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6730 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KDF SP800-108 | A6730 | KDF Mode - Counter Supported Lengths - Supported Lengths: 112-4096 Increment 8 | SP 800-108 Rev.1", "RSA SigVer (FIPS186-2) | A6730 | Signature Type - PKCSPSS Modulo - 1536 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A6730 | Signature Type - PKCSPSS Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A6730 | Modulo - 2048, 3072, 4096 Signature Type - pss | FIPS 186-5", "SHA-1 | A6730 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A6730 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A6730 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A6730 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A6730 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA3-224 | A6730 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-256 | A6730 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-384 | A6730 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-512 | A6730 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHAKE-128 | A6730 | Output Length - Output Length:1344 | FIPS 202", "SHAKE-256 | A6730 | Output Length - Output Length:1088 | FIPS 202", "AES-ECB using the non-approved key | Allowed per IG 2.4.A example 2 | De-obfuscate data using the non-approved RTL key for a non-security relevant purpose.", "HMAC with key lengths less than 112 bits | Message authentication", "RSA(pre-hashed message) | Signature verification", "SHA-384 with non-standard initial hash value | PCR-based memory measurement", "CCP\\_HAL algorithm | Message digest(SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512),XOF(SHAKE128,SHAKE256),encryption, decryption(AES,ECB,CBC,OFB,CFB,CTR,GCTR,IAPM,XTS),message authentication(AESCMAC)", "SIB\\_HAL algorithm | Random number generation using the DRBG." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5229", "Certificate Number": "5229", "Vendor Name": "Xage Security, Inc.", "Module Name": "Xage Cryptographic Module for OpenSSL", "Module Type": "Software", "Validation Date": "04/07/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5229.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5229", "module_name": "Xage Cryptographic Module for OpenSSL", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Xage Cryptographic Module for OpenSSL is a standards-based cryptographic library that delivers core cryptographic functions for the Xage Fabric platform and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CCM | A4481 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB1 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme | SP 800-56A Rev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responder | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4481 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4481 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF SP800-108 | A4481 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "KTS-IFC | A4481 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responder | SP 800-56B Rev.2", "AES-CMAC | A4481 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "HMAC-SHA-1 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4481 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A4481 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "Hash DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90A Rev.1", "HMAC DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90A Rev.1", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5228", "Certificate Number": "5228", "Vendor Name": "Ericsson Enterprise Wireless", "Module Name": "Ericsson Cryptographic Module v3", "Module Type": "Software", "Validation Date": "04/07/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5228.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5228", "module_name": "Ericsson Cryptographic Module v3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Ericsson Cryptographic Module v3 is a general-purpose cryptographic library incorporated into the NCX series and E3000 series enterprise routers to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "DRBG", "HMAC", "SHA" ], "algorithms_detailed": [ "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90ARev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90ARev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5227", "Certificate Number": "5227", "Vendor Name": "Akeyless Security Ltd.", "Module Name": "Akeyless FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "04/07/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5227.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5227", "module_name": "Akeyless FIPS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Akeyless FIPS Cryptographic Module is a general-purpose cryptographic library integrated into the Akeyless family of products, providing FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CCM | A4481 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB1 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme | SP 800-56A Rev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4481 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4481 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF SP800-108 | A4481 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "KTS-IFC | A4481 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responder | SP 800-56B Rev.2", "AES-CMAC | A4481 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "HMAC-SHA-1 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "Hash DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90A Rev.1", "HMAC DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90A Rev.1", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5226", "Certificate Number": "5226", "Vendor Name": "Progress Software Corporation", "Module Name": "Progress LoadMaster FIPS Object Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "04/07/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5226.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5226", "module_name": "Progress LoadMaster FIPS Object Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Progress LoadMaster FIPS Object Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A3548 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A3548 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "AES-GMAC | A3548 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "AES-KW | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "Counter DRBG | A3548 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP800-90ARev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH Component SP800-56Ar3 (CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A3548 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A3548 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A3548 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DER Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,Feedback Supported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256 Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskapg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factor Scheme-KTS-OAEP-basic-KAS Role-initiator,responder | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP800-135Rev.1", "DSA PQGGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA PQGVer \\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA SigGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigVer using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IG C.C and IG C.B Resolution(bullet point #3)", "AES | AES KW,KWP(Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,UsageofHKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage of HMACwithkeylengthlessthan112bitsforMACgeneration", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5225", "Certificate Number": "5225", "Vendor Name": "OPSWAT, Inc.", "Module Name": "OPSWAT Cryptographic Module", "Module Type": "Software", "Validation Date": "04/07/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5225.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5225", "module_name": "OPSWAT Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The OPSWAT Cryptographic Module is a general-purpose cryptographic library incorporated in Inquest and MetaDefender Managed File Transfer, Kiosk, and Core to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CCM \\| A4481 \\| Key Length - 128, 192, 256 \\| SP 800-38C", "AES-CFB1 \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-CFB128 \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-CFB8 \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-CTR \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-ECB \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-GCM \\| A4481 \\| Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 \\| SP 800-38D", "AES-KW \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38F", "AES-KWP \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38F", "AES-OFB \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-XTS Testing Revision 2.0 \\| A4481 \\| Direction - Decrypt, Encrypt Key Length - 128, 256 \\| SP 800-38E", "KAS-ECC CDH-Component SP800-56A3 (CVL) \\| A4481 \\| Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521", "KAS-ECC-SSC Sp800-56Ar3 \\| A4481 \\| Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - ephemeralUnified - KAS Role - initiator, responder", "KAS-FFC-SSC Sp800-56Ar3 \\| A4481 \\| Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 | Scheme - | SP 800-56A Rev. 3 | * * * | dhEphem - KAS Role - initiator, responder", "KAS-IFC-SSC A4481 Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 A4481 Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512", "KDA OneStep SP800-56Cr2 A4481 Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 A4481 MAC Salting Methods - default, random KDX Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 SP 800-56C Rev. 2", "KDF ANS 9.42 (CVL) A4481 KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key Data Length - Key Data Length: 8-4096 Increment 8 SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) A4481 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 Key Data Length - Key Data Length: 128, 4096 SP 800-135 Rev. 1", "KDF SP800-108 A4481 KDF Mode - Counter, Feedback Supported Lenghts - Supported Lenghts: 8, 72, 128, 776, 3456, 4096 SP 800-108 Rev. 1", "KDF SSH (CVL) A4481 Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. 1", "PBKDF A4481 Iteration Count - Iteration Count: 1-10000 Increment 1 Password Length - Password Length: 8-128 Increment 8 SP 800-132", "TLS v1.2 KDF RFC7627 (CVL) A4481 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. 1 | * * *", "TLS v1.3 KDF (CVL) \\| A4481 \\| HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE \\| SP 800-135 | Rev. 1", "DSA KeyGen (FIPS186- | 4) \\| A4481 \\| L - 2048, 3072 | N - 224, 256 \\| FIPS 186-4", "DSA PQGGen (FIPS186- | 4) \\| A4481 \\| L - 2048, 3072 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer (FIPS186- | 4) \\| A4481 \\| L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen (FIPS186- | 4) \\| A4481 \\| Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186- | 4) \\| A4481 \\| Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "EDDSA KeyGen \\| A4481 \\| Curve - ED-25519, ED-448 \\| FIPS 186-5", "EDDSA KeyVer \\| A4481 \\| Curve - ED-25519, ED-448 \\| FIPS 186-5 | Safe Primes Key | Generation \\| A4481 \\| Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 \\| SP 800-56A | Rev. 3 | Safe Primes Key | Verification \\| A4481 \\| Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 \\| SP 800-56A | Rev. 3", "RSA KeyGen (FIPS186- | 4) \\| A4481 \\| Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard \\| FIPS 186-4", "KTS-iFC \\| A4481 \\| Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2- | prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role – initiator, responder \\| SP 800-56B Rev. | 2 | * * * | | Algorithm | CAVP Cert | Properties | Reference | | | --- | --- | --- | --- | | | Key Transport Method - | | | | | | Key Length - 1024 | | | |", "AES-CMAC \\| A4481 \\| Direction - Generation, Verification | Key Length - 128, 192, 256 \\| SP 800-38B", "AES-GMAC \\| A4481 \\| Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "HMAC-SHA-1 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-224 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-256 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-384 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-512 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-512/224 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA2-512/256 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA3-224 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA3-256 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA3-384 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1", "HMAC-SHA3-512 \\| A4481 \\| Key Length - Key Length: 112-2048 Increment 8 \\| FIPS 198-1 | KMAC-128 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "SHA-1 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | * * *", "SHA2-384 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA2-512 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA2-512/224 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA2-512/256 \\| A4481 \\| Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA3-224 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA3-256 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA3-384 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHA3-512 \\| A4481 \\| Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8", "SHAKE-128 \\| A4481 \\| Output Length - Output Length: 16-65536 Increment 8 FIPS 202", "SHAKE-256 \\| A4481 \\| Output Length - Output Length: 16-65536 Increment 8 FIPS 202", "Counter DRBG \\| A4481 \\| Prediction Resistance - Yes Mode - AE5-128, AE5-192, AE5-256 Derivation Function Enabled - No, Yes", "Hash DRBG \\| A4481 \\| Prediction Resistance - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "HMAC DRBG \\| A4481 \\| Prediction Resistance - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "ECDSA SigGen (FIPS186-4) \\| A4481 \\| Component - No, Yes Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "ECDSA SigVer (FIPS186-4) \\| A4481 \\| Component - No Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P- | * * * | 384, P-521", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "DSA SigGen (FIPS186-4) A4481 L- 2048, 3072 | N- 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "DSA SigVer (FIPS186-4) A4481 L- 1024, 2048, 3072 | N- 160, 224, 256", "EDDSA SigGen A4481 Curve - ED-25519, ED-448 FIPS 186-5", "EDDSA SigVer A4481 Curve - ED-25519, ED-448 FIPS 186-5", "RSA SigGen (FIPS186-4) A4481 Signature Type - ANSI X9.31, PKC5 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 FIPS 186-4", "RSA SigGen (FIPS186-5) A4481 Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss FIPS 186-5", "RSA Signature Primitive", "(CVL) A4481 Private Key Format - crt FIPS 186-4", "RSA SigVer (FIPS186-4) A4481 Signature Type - ANSI X9.31, PKC5 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 FIPS 186-4", "RSA SigVer (FIPS186-5) A4481 Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss FIPS 186-5 | Name Properties Implementation Reference | CKG Section 4 KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-133 Rev. 2 | CKG Section 5 KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-133 Rev. 2 | CKG Section 6.2 KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-133 Rev. 2", "Hash DRBG with SHA3-256, SHA3-512 KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-90A Rev. 1", "HMAC DRBG with SHA3-256, SHA3-512 KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-90A Rev. 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | * * * | Non-Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5224", "Certificate Number": "5224", "Vendor Name": "Koninklijke Philips N.V.", "Module Name": "Philips FIPS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "04/04/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5224.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5224", "module_name": "Philips FIPS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Philips FIPS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "HMAC", "KAS", "KDF", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBCCS1 | A3548 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536Increment8 | SP 800-38A", "AES-CBCCS2 | A3548 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536Increment8 | SP 800-38A", "AES-CBCCS3 | A3548 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-65536Increment8 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256TagLength-112,128,32,48,64,80,96IVLength-IVLength:56-104Increment8PayloadLength-PayloadLength:0-256Increment8AADLength-AADLength:0-524288Increment8 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,VerificationKeyLength-128,192,256MACLength-MACLength:128MessageLength-MessageLength:0-524288Increment8 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256PayloadLength-PayloadLength:8-128Increment8Supports Counter larger than maximum value-NoIncremental Counter-YesCounter Tests Performed-Yes | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1KeyLength-128,192,256TagLength-104,112,120,128,32,64,96IVLength-IVLength:96-1024Increment8PayloadLength-PayloadLength:0-65536Increment | SP 800-38D", "AES-GMAC | A3548 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-KW | A3548 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096Increment 128 | SP 800-38F", "AES-KWP | A3548 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 8-4096Increment 8 | SP 800-38F", "AES-OFB | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536Increment 128Tweak Mode - HexData Unit Length Matches Payload Length - Yes | SP 800-38E", "CounterDRBG | A3548 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - No,YesAdditional Input - Additional Input:0-256 Increment256, Additional Input:256, Additional Input:320,Additional Input:384Entropy Input - Entropy Input:128-256 Increment128, Entropy Input:256, Entropy Input:256-512Increment 128, Entropy Input:320, Entropy Input:384Nonce - Nonce:0, Nonce:128Personalization String Length - Personalization StringLength:0-256 Increment 256, Personalization StringLength:256, Personalization String Length:320,Personalization String Length:384Returned Bits - 256 | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072N-224,256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSASigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSASigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesSupports Reseed-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512Entropy Input-Entropy Input:128-256 Increment 64,Entropy Input:192-256 Increment 64,Entropy Input:256-320 Increment 64,Entropy Input:256-65536Increment 64 | SP 800-90A Rev.1", "HMAC DRBG | A3548 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384,SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256,SHA3-512Entropy Input - Entropy Input: 160-256 Increment 32,Entropy Input: 192-256 Increment 64, Entropy Input:256-512 Increment 64, Entropy Input: 256-65536Increment 64, Entropy Input: 384-512 Increment 64,Entropy Input: 512-1024 Increment 64Nonce - Nonce: 128, Nonce: 128-160 Increment 32,Nonce: 64, Nonce: 96Personalization String Length - Personalization StringLength: 0-192 Increment 64, Personalization StringLength: 0-256 Increment 128, Personalization StringLength: 0-65536 Increment 128Additional Input - Additional Input: 0-256 Increment128, Additional Input: 192Returned Bits - 160, 224, 256, 384, 512 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3548 | MAC - MAC: 32-160 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | MAC-MAC:32-512 Increment 8Key Length-Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECCCDH-ComponentSP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECCSSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-FFCSSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rskpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responderFixed Public Exponent-010001 | SP 800-56A Rev.3", "KDA HKDFSP800-56Cr2 | A3548 | Fixed Info Pattern-algorithmld", "KDA OneStepSP800-56Cr2 | A3548 | Auxiliary Function Methods-Auxiliary Function Name-SHA-1MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDA TwoStep SP800-56Cr2 | A3548 | MAC Salting Methods - default, random", "KDF Mode - feedback", "MAC Modes - HMAC-SHA-1, HMAC-SHA2-224,", "HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512,", "HMAC-SHA2-512/224, HMAC-SHA2-512/256,", "HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512", "The KDF supports an empty IV - Yes", "The KDF requires an empty IV - Yes", "Uses Hybrid Shared Secret - No | SP 800-", "KDF ANS 9.42(CVL) | A3548 | KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512", "OID - AES-128-KW, AES-192-KW, AES-256-KW | SP 800-", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,", "SHA2-512", "Shared Info Length - Shared Info Length: 0, 1024", "KDF KMAC Sp800-108r1 | A3548 | Key Derivation Key Length - Key Derivation Key Length: 112-4096 Increment 8" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5223", "Certificate Number": "5223", "Vendor Name": "Utimaco IS GmbH", "Module Name": "u.trust Anchor", "Module Type": "Hardware", "Validation Date": "04/01/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5223.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5223", "module_name": "u.trust Anchor", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/31/2031", "overall_level": 3, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "MultiChipEmbed", "description": "u.trust Anchor is a new generation of HSM, comprising all traditional hardware security features and introducing containerized HSMs (cHSMs). Each cHSM provides secure cryptographic services such as signing and verification of data, encryption or decryption, hashing, on-board random number generation and secure key generation, key storage and key management functions in a tamper-protected multi-tenant environment. The HSM delivers a highly elastic HSM architecture that scales rapidly on demand and enables service providers to deliver HSM as a Service (HSMaaS) in multiple use cases.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6713 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6714 | Direction - Decrypt, Encrypt | Key Length - 256 | SP 800-38A", "AES-CCM | A6713 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CMAC | A6713 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A6714 | Direction - Generation, Verification | Key Length - 256 | SP 800-38B", "AES-ECB | A6713 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6713 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6714 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.2 | Key Length - 256 | SP 800-38D", "AES-GMAC | A6713 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6713 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A6713 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6713 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "DSA SigVer | (FIPS186-4) | A6713 | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-", "384, SHA2-512 | FIPS 186-4", "ECDSA KeyGen | (FIPS186-5) | A6713 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - extra bits | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A6714 | Curve - P-521 | Secret Generation Mode - extra bits | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A6716 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - extra bits | FIPS 186-5 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "ECDSA KeyGen | (FIPS186-5) | A6717 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - extra bits | FIPS 186-5", "ECDSA KeyVer | (FIPS186-4) | A6713 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, | K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6716 | Curve - P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6717 | Curve - P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-5) | A6713 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6714 | Curve - P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6716 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6717 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6713 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384,", "SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Component - No | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6714 | Curve - P-256, P-521", "Hash Algorithm - SHA2-256 | Component - No | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6716 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-5) | A6717 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6713 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, | K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | FIPS 186-4 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A6716 | Component - No | Curve - P-192, P-224, P-256, P-384, P-521", "384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3- | 512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A6717 | Component - No | Curve - P-192, P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-5) | A6713 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521", "SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6714 | Curve - P-256, P-521", "Hash Algorithm - SHA2-256 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6716 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-5) | A6717 | Curve - P-224, P-256, P-384, P-521", "EDDSA KeyGen | A6713 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A6716 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A6713 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A6716 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A6713 | Curve - ED-25519, ED-448 | PreHash - Yes | Pure - Yes | FIPS 186-5", "EDDSA SigGen | A6716 | Curve - ED-25519, ED-448 | PreHash - Yes | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A6713 | Curve - ED-25519, ED-448 | PreHash - Yes | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A6716 | Curve - ED-25519, ED-448 | PreHash - Yes | Pure - Yes | FIPS 186-5", "Hash DRBG | A6714 | Prediction Resistance - No", "Mode - SHA2-512 | SP 800-90A | Rev. 1 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "Hash DRBG | A6715 | Prediction Resistance - No", "Mode - SHA2-512 | SP 800-90A | Rev. 1", "HMAC-SHA-1 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6714 | Key Length - Key Length: 256-8192 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A6713 | Key Length - Key Length: 112-8192 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A6713 | Domain Parameter Generation Methods - B-233, B-283, | B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, | P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A6714 | Domain Parameter Generation Methods - P-521 | Scheme - | ephemeralUnified - | KAS Role - responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A6716 | Domain Parameter Generation Methods - P-224, P-256, | P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A6717 | Domain Parameter Generation Methods - P-224, P-256, | P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - responder | SP 800-56A | Rev. 3 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "KDA OneStep | SP800-56Cr2 | A6713 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A6714 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.63", "(CVL) | A6713", "SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF SP800- | 108 | A6713", "KDF Mode - Feedback | Supported Lengths - Supported Lengths: 8-512 | Increment 8 | SP 800-108 | Rev. 1", "KDF SP800- | 108 | A6714", "KDF TLS (CVL) | A6713", "TLS Version - v1.2", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "KTS-IFC | A6713 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg2-crt | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A6714 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg2-crt | Scheme -", "KTS-OAEP-basic - | KAS Role - responder | Key Transport Method - | Key Length - 256 | SP 800-56B | Rev. 2", "KTS-IFC | A6716 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg2-crt | Scheme -", "KTS-IFC | A6717 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg2-crt | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "RSA KeyGen | (FIPS186-5) | A6713 | Key Generation Mode - probableWithProbableAux | Modulo - 2048, 3072, 4096, 6144, 8192 | Primality Tests - 2pow100 | Private Key Format - crt | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6714 | Key Generation Mode - probableWithProbableAux | Modulo - 2048, 3072, 4096, 6144, 8192 | Primality Tests - 2pow100 | Private Key Format - crt | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6716 | Key Generation Mode - probableWithProbableAux | Modulo - 2048, 3072, 4096, 6144, 8192 | Primality Tests - 2pow100 | Private Key Format - crt | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6717 | Key Generation Mode - probableWithProbableAux | Modulo - 2048, 3072, 4096, 6144, 8192 | Primality Tests - 2pow100 | Private Key Format - crt | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6713 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6716 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6717 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-2) | A6713 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 1536, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-2) | A6716 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 1536, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-2) | A6717 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 1536, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6713 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6716 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6717 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-5) | A6713 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6714 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6716 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Document No.: 2020-0031 | Document version: 2.3.6 | CAVP | Cert", "RSA SigVer | (FIPS186-5) | A6717 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-224 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-256 | A1563 | Message Length - Message Length: 0-65528 Increment | 8 | FIPS 180-4", "SHA2-256 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-256 | A6714 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-384 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-512 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-512 | A6714 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA2-512 | A6715 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 180-4", "SHA3-224 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 202", "SHA3-256 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 202", "SHA3-384 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 202", "SHA3-512 | A6713 | Message Length - Message Length: 0-65536 Increment | 8 | FIPS 202", "SHAKE-256 | A6713 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 | Name | Implementation | CKG | Key Type:Symmetric and | Asymmetric | N/A | NIST SP 800-133r2 and IG D.G | per Section 4 example 1, | Sections 5.1, 5.2, and 6.1. | Document No.: 2020-0031 | Document version: 2.3.6 | Name | Implementation", "DSA sigVer FIPS", "186-4 with SHA- | 3", "Mode:SHA3-224, SHA3-256,", "SHA3-384, SHA3-512 | Key Length:1024/160, | 2048/224, 2048/256 or | 3072/256 | N/A | FIPS 186-4", "RSA sigVer | FIPS186-4 with", "SHA-3", "SHA3-384, SHA3-512 | Key Length:1024 | N/A | FIPS 186-4 | Non-Approved, Allowed Algorithms:", "ECDSA (Key Generation and Signature Generation and Verification) with secp256k1 curve | listed in Table 6 may only be used in blockchain-related applications. | Name | Implementation | EC Diffie-Hellman", "(Shared Secret | Computation) | Curves:brainpoolP224r1, | brainpoolP256r1, brainpoolP320r1, | brainpoolP384r1, brainpoolP512r1, | brainpoolP224t1, brainpoolP256t1, | brainpoolP320t1, brainpoolP384t1, | brainpoolP512t1 | u.trust Anchor - 32 | bit yay crypto | library | NIST FIPS | 140-3 IG D.F | Scenario 3 | EC Diffie-Hellman | (Key Agreement) | Curves:brainpoolP224r1, | brainpoolP256r1, brainpoolP320r1, | brainpoolP384r1, brainpoolP512r1, | brainpoolP224t1, brainpoolP256t1, | brainpoolP320t1, brainpoolP384t1, | brainpoolP512t1 | u.trust Anchor - 32 | bit yay crypto | library | NIST FIPS | 140-3 IG D.F | Scenario 3", "ECDSA (Signature | Verification) | Curve:brainpoolP320t1 | u.trust Anchor - 64 | bit yay crypto | library | NIST FIPS | 140-3 IG C.A | Resolution 1a | and NIST SP | 800-186", "ECDSA (Key | Generation, | Generation and | Verification) | Curve:secp256k1 | u.trust Anchor - 32 | bit yay crypto | library | NIST FIPS | 140-3 IG C.A | Resolution 1b", "ECDSA (Key | Generation, | Generation and | Verification) | yay32++ secp256k1 | Curve:secp256k1 | u.trust Anchor - 32 | bit yay crypto | library with Silex | (yay32++) | NIST FIPS | 140-3 IG C.A | Resolution 1a | Document No.: 2020-0031 | Document version: 2.3.6 | Name | Implementation", "ECDSA (Key | Generation, | Generation and | Verification) | yay32++ Brainpool | Curves:brainpoolP224r1, | brainpoolP256r1, brainpoolP320r1, | brainpoolP384r1, brainpoolP512r1, | brainpoolP224t1, brainpoolP256t1, | brainpoolP320t1, brainpoolP384t1, | brainpoolP512t1 | u.trust Anchor - 32 | bit yay crypto | library with Silex | (yay32++) | NIST FIPS | 140-3 IG C.A | Resolution 1a | and NIST SP | 800-186", "ECDSA (Key | Generation, | Generation and | Verification) yay32+ | Curves:brainpoolP224r1, | brainpoolP256r1, brainpoolP320r1, | brainpoolP384r1, brainpoolP512r1, | brainpoolP224t1, brainpoolP256t1, | brainpoolP320t1, brainpoolP384t1, | brainpoolP512t1 | u.trust Anchor - 32 | bit yay crypto | library with EXAR | (yay32+) | NIST FIPS | 140-3 IG C.A | Resolution 1a | and NIST SP | 800-186 | Non-Approved, Allowed Algorithms with No Security Claimed: | The module also implements algorithms (listed in Table 7) that may be used in Approved | mode of operation but is not a security function per IG 2.4.A. In accordance with IG 2.4.A | example 1, these algorithms are used to obfuscate stored CSPs. These algorithms are not | used for security-relevant purposes, and no security is claimed. | Name | Caveat | Use and Function | AES_CBC-CS3-256 | (SP 800-38A) | Obfuscation | Obfuscation of encrypted data stored in cHSM file system. This | is allowed per IG 2.4.A example 1. | AES_CTR-256 (SP | 800-38A) | Obfuscation | Obfuscation of public keys and data stored in glad user backups | (yay64 implementation). This is allowed per IG 2.4.A example 1. | AES_XTS-256 (SP | 800-38E) | Obfuscation | Obfuscation of encrypted data stored in cHSM file system. This | is allowed per IG 2.4.A example 1.", "PBKDF (SP 800- | 132) | Derivation | Derivation of operator's password. This is allowed per IG 2.4.A | example 2. | Non-Approved, Not Allowed Algorithms: | If a container runs the non-approved cHSM firmware ‘Security Server’, the container provides | the non-approved, not allowed algorithms listed in Table 8 in addition to the Approved | cryptographic algorithms listed in Table 4. | Name | Use and Function", "RSA Signature (non- | compliant) | Key Generation, Signature Generation/Verification, Key Wrapping (key sizes | 512 - 1024); Key Generation: mechanisms other than", "CXI_MECH_KEYGEN_FIPS_PRIME; Sign/Verify: no padding; Sign: SHA-1, | ANSI X9.31; Key Wrapping: PKCS#1 v1.5", "RSA Encryption (non- | compliant) | Encryption/Decryption (key sizes 512-16384) | Document No.: 2020-0031 | Document version: 2.3.6 | Name | Use and Function", "DSA Signature (non- | compliant) | Key Generation, Signature Generation, DH and Domain Parameter", "Generation (NIST FIPS 186-4); SHA-224 (Domain Parameter Generation", "with SHA-224 is only possible for key length 2048/224), SHA-256, SHA-384,", "SHA-512 | EC Cryptography (non- | compliant) | Key Generation, Signature Generation/Verification, Encryption/Decryption,", "ECDH, Message Authentication (key sizes shorter than 224 bits, curves", "secp224k1, sect239k1, P-192, K-163, B-163, Sign: SHA-1, signing with | deterministic k according to DCC - compliant to GBCS, not NIST FIPS 186- | 5) | EC Encryption with | ECIES | Encryption/Decryption (all available curves)", "ECDSA with K-/B- | curves: K-233, K-283, K- | 409, K-571, B-233, B- | 283, B-409, B-571", "Message Authentication, ECDSA Key Generation, Signature Generation,", "Derive Key (Shared Secret Computation) | FRP256v1 Curve", "ECDSA Key Generation, Signature Generation/Verification, Key Derivation | Montgomery Curves: | Curve448, Curve25519", "Key Generation, ECDH | secp256k1 Curve | Message Authentication, Key Derivation | MD5, MDC-2, RIPEMD- | 160 (non-compliant) | Hashing | FFC Key Agreement | Diffie-Hellman key agreement based on FFC", "KDF (non-compliant)", "DES | Encryption/Decryption, (Un-)Wrapping, Key Derivation, Split Key, Message | Authentication", "TDES in CBC and ECB | modes | Encryption/Decryption, (Un-)Wrapping, Key Derivation, Split Key, Message | Authentication via 3-key (24 bytes) and 2-key (16 bytes) constructions", "TDES MAC | (Un-)Wrapping, Key Derivation, Split Key, Message Authentication via 3-key | (24 bytes) and 2-key (16 bytes) constructions", "TDES ANSI retail MAC", "AES CTR mode (non- | compliant) | Encryption/Decryption, (Un-)Wrapping in yay32 implementation", "AES GCM mode (non- | compliant) | Encryption/Decryption, Wrapping. Non-compliant to requirements of IG C.H | scenario 4.", "AES GMAC with | external initial IV (non- | compliant)", "AES CBC MAC (non- | compliant) | Document No.: 2020-0031 | Document version: 2.3.6 | Name | Use and Function", "AES CBC with 0 IV (non- | compliant) | Import DB Entry, Restore User, Encryption/Decryption, Wrapping | ECC point | multiplication | according to TR-03111", "Shared Secret Computation on curves P-224, P-256, P-384, P-521, K-233, | K-283, K-409, K-571, B-233, B-283, B-409, B-571, brainpoolP224r1/ 224t1/ | 256r1/ 256t1/ 320r1/ 320t1/ 384r1/ 384t1/ 512r1/ 512t1, secp256k1, | FRP256v1 | Chinese Algorithms | SM2, SM3, SM4 | according to IETF | drafts | Cryptographic functions with algorithm specifier CXI_KEY_ALGO_CUSTOM" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5222", "Certificate Number": "5222", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung TCG Opal SSC Cryptographic Sub-Chip", "Module Type": "Hardware", "Validation Date": "04/01/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5222.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5222", "module_name": "Samsung TCG Opal SSC Cryptographic Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/31/2031", "overall_level": 2, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "SingleChip", "description": "The sub-chip is contained within the Samsung SoC. The SoC is implemented within a TCG Opal SED.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-GCM | A5788 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.2 | Key Length - 256 | SP 800-38D | Samsung TCG Opal SSC Cryptographic Sub-Chip | FIPS 140-3 Non-Proprietary Security Policy | ©2026 Samsung Electronics Co.,Ltd., and atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "Counter DRBG | A5787 | Prediction Resistance - No", "Mode - AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "ECDSA KeyGen (FIPS186-5) | A5788 | Curve - P-384 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA SigGen (FIPS186-5) | A5788 | Curve - P-384", "Hash Algorithm - SHA2-384 | Component - Yes | FIPS 186-5", "ECDSA SigVer (FIPS186-5) | A5788 | Curve - P-384", "Hash Algorithm - SHA2-384 | FIPS 186-5", "HMAC-SHA2-256 | A5788 | Key Length - Key Length: 8-512 Increment | 8 | FIPS 198-1", "HMAC-SHA2-384 | A5788 | Key Length - Key Length: 8-1024 | Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5788 | Domain Parameter Generation Methods - | P-384 | Scheme - | staticUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF SP800-56Cr2 | A5788 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret | Length: 224-8192 Increment 8 | HMAC Algorithm - SHA2-384 | SP 800-56C | Rev. 2", "KDA OneStepNoCounter | SP800-56Cr2 | A5788 | Key Length - Key Length: 384 | SP 800-56C | Rev. 2", "KDF SP800-108 | A5788", "KDF Mode - Counter | Supported Lengths - Supported Lengths: | 256 | SP 800-108 | Rev. 1", "SHA2-256 | A5788 | Message Length - Message Length: 8-65536 | Increment 8 | FIPS 180-4", "SHA2-384 | A5788 | Message Length - Message Length: 8-65536 | Increment 8 | FIPS 180-4 | Samsung TCG Opal SSC Cryptographic Sub-Chip | FIPS 140-3 Non-Proprietary Security Policy | ©2026 Samsung Electronics Co.,Ltd., and atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Implementation | Asymmetric | CKG | Key | Type:Asymmetric | N/A | Key Generation Compliant with SP 800- | 133Rev2 section 4 example 1 | Symmetric | CKG | Key | Type:Symmetric | N/A | Key Generation Compliant with SP 800- | 133Rev2 section 4 example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | The module does not implement any non-approved algorithms that could be used in an approved mode of | operation. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms that could be used in an approved mode of | operation. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "AES-XTS | Used for Decrypt Firmware to decrypt FW provided by H-Core. Used for Verify", "Decrypt Firmware together with ECDSA signature verification to decrypt and | verify signature of FW provided by H-Core", "RSA Encrypt", "Used for Get Dump Key to encrypt the AES-XTS dump key", "ECDSA verification", "with AES XTS | decryption", "Used for Verify Decrypt Firmware together with AES-XTS decryption to verify a | signature of and encrypted FW provided by H-Core | Samsung TCG Opal SSC Cryptographic Sub-Chip | FIPS 140-3 Non-Proprietary Security Policy | ©2026 Samsung Electronics Co.,Ltd., and atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5221", "Certificate Number": "5221", "Vendor Name": "IBM Corporation", "Module Name": "IBM ClevOS 3 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "04/01/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5221.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5221", "module_name": "IBM ClevOS 3 OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/31/2031", "overall_level": 1, "caveat": "When operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The IBM ClevOS 3 OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6907 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A6911 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A6912 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A6907 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A6911 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A6912 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS2 | A6907 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS2 | A6911 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A6907 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A6911 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A6912 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6907 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6911 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6912 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A6907 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A6911 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A6912 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6907 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6911 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6912 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6907 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6911 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6912 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6907 | Direction - Generation Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A6911 | Direction - Generation Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A6912 | Direction - Generation Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A6907 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6911 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6912 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6907 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6911 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6912 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6895 | Direction - Decrypt, Encrypt IV Generation - External, Internal | SP 800-38D", "AES-GCM | A6896 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6897 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6898 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6899 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6900 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6908 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6913 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GCM | A6914 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GMAC | A6895 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A6896 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A6897 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A6898 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A6899 | Direction- Decrypt, Encrypt IV Generation- External Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A6900 | Direction- Decrypt, Encrypt IV Generation- External Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A6908 | Direction- Decrypt, Encrypt IV Generation- External Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A6913 | Direction- Decrypt, Encrypt IV Generation- External Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A6914 | Direction- Decrypt, Encrypt IV Generation- External Key Length-128,192,256 | SP 800-38D", "AES-KW | A6907 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KW | A6911 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KW | A6912 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A6907 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A6911 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A6912 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A6907 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-OFB | A6911 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-OFB | A6912 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6907 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6911 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6912 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A6905 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A6901 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6902 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6903 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6904 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6909 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6916 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,K-571Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-4) | A6901 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6902 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6903 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6904 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6909 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6916 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571 | FIPS 186-4", "ECDSA KeyVer(FIPS186-5) | A6901 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6902 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6903 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6904 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6909 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6916 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6901 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6902 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6903 | Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6904 | Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6909 | Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6910 | Curve-P224,P256,P384,P521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6916 | Curve-B233,B283,B409,B571,K233,K283,K409,K571Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6917 | Curve-B233,B283,B409,B571,K233,K283,K409,K571Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No,Yes | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A6901 | Component-NoCurve-P192Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6902 | Component-NoCurve-P192Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6903 | Component-NoCurve-P192Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6904 | Component-NoCurve-P192Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6909 | Component-NoCurve-P192Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6910 | Component - NoCurve - P-192Hash Algorithm - SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6916 | Component - NoCurve - B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6917 | Component - NoCurve - B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571Hash Algorithm - SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A6901 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6902 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6903 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6904 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6909 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6910 | Curve - P-224,P-256,P-384,P-521Hash Algorithm - SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6916 | Curve - B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6917 | Curve - B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571Hash Algorithm - SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "Hash DRBG | A6905 | Prediction Resistance - No,YesMode - SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC DRBG | A6905 | Prediction Resistance - No,YesMode - SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC-SHA-1 | A6901 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6901 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6902 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6903 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6904 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6909 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6910 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6910 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6910 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6910 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A6901 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A6902 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A6903 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A6904 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - | SP 800-56A Rev. 3", "KAS-ECC-SSCSp800-56Ar3 | A6909 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A6919 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192SchemedhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A6918 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A6915 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A6915 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A6901 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A6902 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A6903 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A6904 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A6909 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A6910 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:112-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6901 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6902 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6903 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6904 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6909 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A6910 | Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A6906 | Derived Key Length-Derived Key Length:256 | SP800-108Rev.1", "KDF SP800-108 | A6906 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:112-4096Increment8 | SP800-108Rev.1", "KDF SSH(CVL) | A6901 | Cipher-AE5-128,AE5-192,AE5-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A6902 | Cipher-AE5-128,AE5-192,AE5-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A6903 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A6904 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A6909 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A6901 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "PBKDF | A6902 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "PBKDF | A6903 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "PBKDF | A6904 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "PBKDF | A6909 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "PBKDF | A6910 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A6901 | Key Generation Mode-probableWithProbableAuxModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A6902 | Key Generation Mode-probableWithProbableAuxModulo-2048,3072,4096,6144,8192 | FIPS186-5", "RSA KeyGen(FIPS186-5) | A6903 | Key Generation Mode-probableWithProbableAuxModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A6904 | Key Generation Mode-probableWithProbableAuxModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A6909 | Key Generation Mode-probableWithProbableAuxModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA SigGen(FIPS186-5) | A6901 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A6902 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A6903 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A6904 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A6909 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A6910 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigVer(FIPS186-2) | A6901 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-2) | A6902 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-2) | A6903 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-2) | A6904 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-2) | A6909 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-4) | A6901 | Signature Type-PKCS1.5,PKCSPSSModulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A6902 | Signature Type-PKCS1.5,PKCSPSSModulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A6903 | Signature Type-PKCS1.5,PKCSPSSModulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A6904 | Signature Type-PKCS1.5,PKCSPSSModulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A6909 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6901 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6902 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6903 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,psss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6904 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,psss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6909 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,psss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6910 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,psss | FIPS 186-5", "SHA-1 | A6901 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A6902 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A6903 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A6904 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A6909 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6901 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6902 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6903 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6904 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6909 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6901 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6902 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6903 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6904 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6909 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6901 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6902 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6903 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6904 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6909 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6901 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6902 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6903 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6904 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A6909 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A6901 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A6902 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A6903 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A6904 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A6909 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A6901 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A6902 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A6903 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A6904 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A6909 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A6910 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-256 | A6910 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-384 | A6910 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-512 | A6910 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A6910 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A6910 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A6901 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Rev.1 | SP800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A6902 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Rev.1 | SP800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A6903 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Rev.1 | SP800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A6904 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Rev.1 | SP800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A6909 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Rev.1 | SP800-135Rev.1", "TLS v1.3KDF(CVL) | A6918 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP800-135Rev.1", "AES GCM (external IV) | Encryption", "DSA | Signature Generation,Signature Verification,Key Pair Generation,Key Pair Verification", "ECDSA with curveP-192,B-163,K-163 | Key Pair Generation,Signature Generation", "ECDSA(pre-hashed message) | Signature Verification(pre-hashed message)", "RSA primitive | Asymmetric Encryption,Asymmetric Decryption", "RSA-OAEP | Asymmetric Encryption,Asymmetric Decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5220", "Certificate Number": "5220", "Vendor Name": "JISA Softech Private Limited", "Module Name": "LS2 HSM Family", "Module Type": "Hardware", "Validation Date": "04/01/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5220.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5220", "module_name": "LS2 HSM Family", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/5/2029", "overall_level": 3, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "MultiChipEmbed", "description": "The LS2 HSM module is a multi-chip Cryptographic Module with firmware and installed in Host CryptoBind HSM and CryptoBind DSS. It consists of multiple firmware components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5219", "Certificate Number": "5219", "Vendor Name": "JISA Softech Private Limited", "Module Name": "NITROXIII CNN35XX-NFBE HSM Family", "Module Type": "Hardware", "Validation Date": "03/31/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5219.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5219", "module_name": "NITROXIII CNN35XX-NFBE HSM Family", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/29/2029", "overall_level": 3, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "MultiChipEmbed", "detail_available": true, "description": "The NITROXIII CNN35XX-NFBE HSM Family module is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed inside CryptoBind HSM and CryptoBind DSS to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a CryptoBind HSM & CryptoBind DSS network appliance to provide cryptographic operations. The module’s functions are accessed over the PCIe interface via an API defined by the module inside CryptoBind HSM and CryptoBind DSS." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5218", "Certificate Number": "5218", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1]", "Module Type": "Software", "Validation Date": "03/30/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5218.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5218", "module_name": "Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/29/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple corecrypto Kernel Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-CBC | A6392 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6393 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6398 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6399 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6398 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6399 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6392 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6393 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6398 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6399 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6398 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6399 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-OFB | A6391 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A6394 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS | Testing Revision | 2.0 | A6392 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing Revision | 2.0 | A6393 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A6391 | Prediction Resistance - No", "Mode - AES-128, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A6394 | Prediction Resistance - No", "Counter DRBG | A6398 | Prediction Resistance - No", "Counter DRBG | A6399 | Prediction Resistance - No", "ECDSA KeyGen | (FIPS186-4) | A6395 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A6396 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A6397 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-5) | A6395 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A6396 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A6397 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer | (FIPS186-4) | A6395 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6396 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6397 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-5) | A6395 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6396 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6397 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen | (FIPS186-4) | A6395 | Component - No | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "Hash Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA3-224, SHA3-256,", "SHA3-384, SHA3-512", "ECDSA SigGen | (FIPS186-4) | A6396 | Component - No | Curve - P-224, P-256, P-384, P-521", "SHA3-384, SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A6397 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-5) | A6395 | Curve - P-224, P-256, P-384, P-521", "SHA2-384, SHA2-512 | Component - No | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6396 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-5) | A6397 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6395 | Component - No | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA-1, SHA2-224, SHA2-", "256, SHA2-384, SHA2-512, SHA3-224, SHA3-", "256, SHA3-384, SHA3-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A6396 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6397 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-5) | A6395 | Curve - P-224, P-256, P-384, P-521", "SHA2-384, SHA2-512 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6396 | Curve - P-224, P-256, P-384, P-521", "SHA2-384, SHA2-512 | FIPS 186-5 | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "ECDSA SigVer | (FIPS186-5) | A6397 | Curve - P-224, P-256, P-384, P-521", "HMAC DRBG | A6395 | Prediction Resistance - No", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-", "384, SHA2-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A6396 | Prediction Resistance - No", "HMAC DRBG | A6397 | Prediction Resistance - No", "HMAC-SHA-1 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA-1 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA-1 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA-1 | A6400 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6400 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6400 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6400 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1 | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA2- | 512 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6400 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6395 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6396 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6397 | Key Length - Key Length: 8-262144 Increment | 8 | FIPS 198-1", "KDA HKDF | SP800-56Cr2 | A6395 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "256, SHA2-384, SHA2-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A6396 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "KDA HKDF | SP800-56Cr2 | A6397 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "KDA HKDF | SP800-56Cr2 | A6400 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "KDF SP800-108 | A6397", "KDF Mode - Counter | Supported Lengths - Supported Lengths: 8- | 4096 Increment 8 | SP 800-108 | Rev. 1", "RSA SigGen | (FIPS186-4) | A6395 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6396 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6397 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-5) | A6395 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6396 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6397 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-4) | A6395 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "RSA SigVer | (FIPS186-4) | A6396 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6397 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-5) | A6395 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6396 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6397 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "SHA-1 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6400 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6400 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6400 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6400 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4 | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA2-512 | A6400 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6395 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6396 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6397 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4 | The table below lists all the Vendor-Affirmed Algorithms supported by the module. | Name Properties | Implementation Reference | CKG | Key | Type:Asymmetric | N/A | NIST SP800-133r2 Section 4: Using the | Output of a Random Generator, Example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | The table below lists all the Non-Approved, Not Allowed Algorithms supported by the module. | Name | Use and Function", "ANSI X9.63 KDF | Hash based Key Derivation Function | Blowfish | Encryption/Decryption | CAST5 | Encryption/Decryption Key Sizes: 40 to 128 bits in 8-bit increments", "DES | Encryption/Decryption Key Size: 56-bits", "ECDSA | PKG: Curve P-192; PKV: Curve P-192; compact point | representation of points; Signature Generation: Curve P-192; | Signature Verification: Curve P-192 | Ed25519 | Key Generation, Signature Generation, Signature Verification | Integrated Encryption | Scheme on elliptic | curves | Encryption/Decryption | MD2 | Message Digest size: 128-bit | MD4 | Message Digest size: 128-bit | MD5 | OMAC (One-Key CBC | MAC) | MAC Generation/Verification | Apple corecrypto Module v18.3 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Use and Function | RC2 | Encryption/Decryption | RC4 | Encryption/Decryption | RIPEMD", "RSA Digital Signature | PKCS#1 v1.5 and PSS; Signature Generation Key Size < 2048; | Signature Verification Key Size < 1024", "RSA Key Wrapping | OAEP, PKCS#1 v1.5 and PSS schemes", "Triple-DES [SP 800-67] Encryption/Decryption | RFC6637 | Key Derivation Function" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5217", "Certificate Number": "5217", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v18.3 [Intel, User, Software, SL1]", "Module Type": "Software", "Validation Date": "03/30/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5217.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5217", "module_name": "Apple corecrypto Module v18.3 [Intel, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/29/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple corecrypto User Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6489 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-CBC | A6490 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6496 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6491 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6492 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6497 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6498 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6499 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6497 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6498 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6499 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6489 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6490 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-ECB | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6498 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6499 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6491 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6492 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6497 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6498 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6499 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS | Testing | Revision 2.0 | A6489 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing | Revision 2.0 | A6490 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing | Revision 2.0 | A6491 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-XTS | Testing | Revision 2.0 | A6492 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing | Revision 2.0 | A6497 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A6491 | Prediction Resistance - No", "Mode - AES-128, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A6492 | Prediction Resistance - No", "Counter DRBG | A6497 | Prediction Resistance - No", "Counter DRBG | A6498 | Prediction Resistance - No", "Counter DRBG | A6499 | Prediction Resistance - No", "ECDSA | KeyGen | (FIPS186-4) | A6493 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA | KeyGen | (FIPS186-4) | A6494 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA | KeyGen | (FIPS186-4) | A6495 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA | KeyGen | (FIPS186-4) | A6497 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA | KeyGen | (FIPS186-5) | A6493 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA | KeyGen | (FIPS186-5) | A6494 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA | KeyGen | (FIPS186-5) | A6495 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA | KeyGen | (FIPS186-5) | A6497 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer | (FIPS186-4) | A6493 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "ECDSA KeyVer | (FIPS186-4) | A6494 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6495 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6497 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-5) | A6493 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6494 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6495 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6497 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen | (FIPS186-4) | A6493 | Component - No | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-", "384, SHA2-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A6494 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-4) | A6495 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-4) | A6497 | Component - No | Curve - P-224, P-256, P-384, P-521", "384, SHA2-512, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-5) | A6493 | Curve - P-224, P-256, P-384, P-521", "384, SHA2-512 | Component - No | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A6494 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-5) | A6495 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-5) | A6497 | Curve - P-224, P-256, P-384, P-521", "384, SHA3-512 | Component - No | FIPS 186-5 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A6493 | Component - No | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A6494 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6495 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6497 | Component - No | Curve - P-224, P-256, P-384, P-521", "SHA2-384, SHA2-512, SHA3-224, SHA3-256,", "SHA3-384, SHA3-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-5) | A6493 | Curve - P-224, P-256, P-384, P-521", "384, SHA2-512 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6494 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-5) | A6495 | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-5) | A6497 | Curve - P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-5", "HMAC DRBG | A6493 | Prediction Resistance - No", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-", "384, SHA2-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A6494 | Prediction Resistance - No", "HMAC DRBG | A6495 | Prediction Resistance - No", "HMAC DRBG | A6497 | Prediction Resistance - No", "HMAC-SHA-1 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA2- | 224 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6493 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6494 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6495 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA3- | 224 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A6497 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A6500 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A6497 | Domain Parameter Generation Methods - P-224, | P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A6497 | Domain Parameter Generation Methods - MODP- | 2048, MODP-3072, MODP-4096, MODP-6144, | MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A6493 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A6494 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "KDA HKDF | SP800-56Cr2 | A6495 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "KDA HKDF | SP800-56Cr2 | A6497 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA3-384, SHA3-512 | SP 800-56C | Rev. 2 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "KDA HKDF | SP800-56Cr2 | A6500 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256,", "SHA3-384, SHA3-512 | SP 800-56C | Rev. 2", "KDF SP800- | 108 | A6493", "KDF Mode - Counter | Supported Lengths - Supported Lengths: 8-4096 | Increment 8 | SP 800-108 | Rev. 1", "KDF SP800- | 108 | A6494", "KDF SP800- | 108 | A6495", "KDF SP800- | 108 | A6497", "PBKDF | A6493 | Iteration Count - Iteration Count: 1000-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 1 | SP 800-132", "PBKDF | A6494 | Iteration Count - Iteration Count: 1000-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 1 | SP 800-132", "PBKDF | A6495 | Iteration Count - Iteration Count: 1000-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 1 | SP 800-132", "PBKDF | A6497 | Iteration Count - Iteration Count: 1000-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 1 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A6493 | Key Generation Mode - B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A6494 | Key Generation Mode - B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A6495 | Key Generation Mode - B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A6497 | Key Generation Mode - B.3.6 | Modulo - 2048, 3072, 4096 | FIPS 186-4 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | Primality Tests - Table C.2 | Private Key Format - Standard", "RSA KeyGen | (FIPS186-5) | A6493 | Key Generation Mode - | probableWithProbableAux | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6494 | Key Generation Mode - | probableWithProbableAux | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6495 | Key Generation Mode - | probableWithProbableAux | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA KeyGen | (FIPS186-5) | A6497 | Key Generation Mode - | probableWithProbableAux | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-4) | A6493 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6494 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6495 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6497 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-5) | A6493 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6494 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6495 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6497 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-4) | A6493 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6494 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6495 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6497 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-5) | A6493 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "RSA SigVer | (FIPS186-5) | A6494 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6495 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6497 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5 | Safe Primes | Key Generation | A6497 | Safe Prime Groups - MODP-2048, MODP-3072, | MODP-4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA-1 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-224 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-256 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-384 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA2-512 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6493 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6494 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6495 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA2-512/256 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 180-4", "SHA3-224 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-224 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-256 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-256 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-384 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-384 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-512 | A6497 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHA3-512 | A6500 | Message Length - Message Length: 0-32768 | Increment 8 | FIPS 202", "SHAKE-128 | A6500 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "SHAKE-256 | A6500 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202 | The table below lists all the Vendor-Affirmed Algorithms supported by the module. | Name Properties | Implementation Reference | CKG | Key | Type:Asymmetric | N/A | NIST SP800-133r2 Section 4: Using the | Output of a Random Generator, Example 1 | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | The table below lists all the Non-Approved, Allowed Algorithms with No Security Claimed. | Name Caveat | Use and Function | MD5 | Allowed in Approved mode with no | security claimed per IG 2.4.A. Digest | Size: 128-bit", "Message Digest (used as part of the TLS | key establishment scheme v1.0, v1.1 only) | Non-Approved, Not Allowed Algorithms: | The table below lists all the Non-Approved, Not Allowed Algorithms supported by the module. | Name | Use and Function", "ANSI X9.63 KDF | Hash based Key Derivation Function | Blowfish | Encryption/Decryption | CAST5 | Encryption/Decryption Key Sizes: 40 to 128 bits in 8-bit increments", "DES | Encryption/Decryption Key Size: 56-bits | Diffie-Hellman", "Shared Secret Computation using key size < 2048", "ECDSA | PKG: Curve P-192; PKV: Curve P-192; compact point | representation of points; Signature Generation: Curve P-192; | Signature Verification: Curve P-192 | EC Diffie-Hellman", "Shared Secret Computation using curves < P-224 | Ed25519 | Key Generation, Signature Generation, Signature Verification, | X25519 Key Agreement | Integrated Encryption | Scheme on elliptic | curves | Encryption/Decryption | MD2 | Message Digest size: 128-bit | MD4 | Message Digest size: 128-bit | MD5", "Message Digest size: 160-bit (except in the TLS 1.0/1.1 context) | OMAC (One-Key CBC | MAC) | MAC Generation | RC2 | Encryption/Decryption Key Sizes 8 to 1024-bits | RC4 | Encryption/Decryption Key Sizes 8 to 4096-bits | RFC6637 | Key Derivation Function | RIPEMD | Message Digest size: 160-bits", "RSA Keygen | ANSI X9.31 Key Pair Generation; keys < 2048-bits", "RSA Digital Signature | PKCS#1 v1.5 and PSS; Signature Generation Key Size < 2048; | Signature Verification Key Size < 1024", "RSA Key Wrapping | OAEP, PKCS#1 v1.5 and PSS schemes", "Triple-DES [SP 800-67] | Encryption/Decryption; CBC, CTR, CFB64, ECB, CFB8, OFB | HPKE (Hybrid Public | Key Encryption) | [RFC9180] | Hybrid encryption scheme | Apple corecrypto Module v18.3 [Intel, User, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5216", "Certificate Number": "5216", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v14.0 [Apple silicon, User, Software, SL1]", "Module Type": "Software", "Validation Date": "03/30/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5216.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5216", "module_name": "Apple corecrypto Module v14.0 [Apple silicon, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/29/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple Cryptographic Module for Apple silicon user space environment is a software cryptographic module running on a multi-chip standalone hardware device.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5983 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5985 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5986 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A5984 | KeyLength-128,192,256 | SP800-38C", "AES-CCM | A5986 | KeyLength-128,192,256 | SP800-38C", "AES-CCM | A5987 | KeyLength-128,192,256 | SP800-38C", "AES-CFB128 | A5983 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A5984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB8 | A5984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB8 | A5986 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A5986 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A5984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A5986 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A5987 | Direction-Decrypt,Encrypt | SP800-38A", "AES-ECB | A5983 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5984 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5986 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5987 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A5984 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5986 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5987 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A5984 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5986 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A5983 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5984 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5986 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5983 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5984 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5986 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A5984 | Prediction Resistance - No Mode - AES-128, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A5986 | Prediction Resistance - No Mode - AES-128, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A5987 | Prediction Resistance - No Mode-AES-128,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A5986 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5988 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5986 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5988 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5986 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5988 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5986 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5988 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A5986 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5988 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5986 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5988 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5986 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5988 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5989 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5986 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5988 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5986 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5988 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5986 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5986 | Domain Parameter Generation Methods-MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192 Scheme dhEphem-KAS Role - initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A5988 | Derived Key Length-2048 Shared Secret Length-Shared Secret Length:224-8192 Increment 8 HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56C Rev.2", "KDF SP800-108 | A5986 | KDF Mode-Counter Supported Lengths-Supported Lengths:8-4096 Increment 8 | SP 800-108 Rev.1", "KDF SP800-108 | A5988 | KDF Mode-CounterSupported Lengths-Supported Lengths:8-4096 Increment 8 | SP 800-108Rev.1", "PBKDF | A5986 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5988 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A5986 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5988 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5986 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5988 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5986 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5988 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A5986 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA-1 | A5988 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-224 | A5986 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-224 | A5988 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A5986 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A5988 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A5989 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-384 | A5986 | Message Length-Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-384 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS180-4", "SHA2-512 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS180-4", "SHA2-512 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS180-4", "SHA2-512/256 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS180-4", "SHA2-512/256 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS180-4", "SHA3-224 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-224 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-256 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-256 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-384 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-384 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-512 | A5986 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHA3-512 | A5988 | Message Length - Message Length:0-32768Increment8 | FIPS202", "SHAKE-128 | A5988 | Output Length - Output Length:16-65536Increment8 | FIPS202", "SHAKE-256 | A5988 | Output Length - Output Length:16-65536Increment8 | FIPS202", "ANSI X9.63 KDF | Hash based Key Derivation Function", "DES | Encryption/Decryption Key Size:56-bits", "Diffie-Hellman | Shared Secret Computation using key size<2048", "ECDSA | PKG:Curve P-192;PKV:Curve P-192;compact point representation of points;Signature Generation:Curve P-192 or using MD2,MD4,MD5,RIPEMD,Keccak message digest;Signature Verification:Curve P-192 or using MD2,MD4,MD5,RIPEMD,Keccak message digest", "EC Diffie-Hellman | Shared Secret Computation using curves= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5212", "Certificate Number": "5212", "Vendor Name": "Ovation Systems Ltd", "Module Name": "Ovation FIPS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5212.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5212", "module_name": "Ovation FIPS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Ovation FIPS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A3548 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/S256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH Component SP800-56Ar3 (CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A3548 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A3548 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A3548 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskapg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responder | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP800-135Rev.1", "DSA PQGGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer \\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer \\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigVer using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IG C.C and IG C.B Resolution (bullet point #3)", "AES | AES KW,KWP(Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,Usage ofHKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage ofHMACwithkeylengthlessthan112bitsforMACgeneration", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs withPRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5211", "Certificate Number": "5211", "Vendor Name": "N-able Technologies Inc.", "Module Name": "N-able FIPS Cryptographic Module Java 140-3", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5211.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5211", "module_name": "N-able FIPS Cryptographic Module Java 140-3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The N-able Cryptographic Module for Java is a software-based, multi-platform cryptographic module designed to provide FIPS-approved security functions for products developed and deployed by N-able Technologies Inc. The module delivers a validated set of NIST-approved cryptographic algorithms through a Java-based provider architecture. It is engineered to support secure, compliant cryptographic operations across a broad array of N-able product environments, including cloud-hosted and on-premises solutions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG, Hash DRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,k-233,k-283,k-409,k-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | Key Generation,Key Verification,Signature Generation,Signature Verification", "ECDSA | A6047 | Curves/Key sizes:P-192,k-163,B-163⁵ | \\[FIPS 186-4\\] | Key Verification,Signature Verification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, usingPseudorandomFunctions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline IterationModeTypes:CMAC-basedKBKDFwithAES(128,192,256)HMAC-basedKBKDFwithSHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific$^8$ | CVL A6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be usedalong withKAS-SSC", "KDF, ExistingApplication-Specific$^8$ | CVL A6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1(Asymmetric seeds from DRBG)", "• Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5210", "Certificate Number": "5210", "Vendor Name": "Kaseya US LLC", "Module Name": "Kaseya FIPS Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5210.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5210", "module_name": "Kaseya FIPS Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Kaseya Cryptographic Module for Java is a software-based cryptographic module that provides validated, FIPS 140-3 compliant cryptographic services to the Kaseya product ecosystem. The module is implemented using SafeLogic's CryptoComply library and supports approved algorithms for encryption, hashing, key generation, random number generation, TLS operations, and secure data protection. Across Kaseya's platforms, the module serves as the central cryptographic provider, protecting data in transit and at rest, enforcing strong cryptographic controls, and supporting secure communications between clients, services, and APIs. The module is product-agnostic and integrated consistently across Kaseya's SaaS, on-premises, and hybrid solutions to ensure a unified, validated cryptographic foundation. Products that utilize this module inherit FIPS-validated cryptographic functionality while maintaining product-specific operations outside the cryptographic boundary.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes: CBC, CFB8, CFB128,CTR, ECB, FF1, OFBKey sizes: 128, 192, 256 bits | AES \\[FIPS 197,SP 800-38A\\],AES FF1 FormatPreservingEncryption \\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing (CS) | A6047 | Modes: CBC-CS1, CBC-CS2,CBC-CS3Key sizes: 128, 192, 256 bits | \\[Addendum toSP 800-38A,Oct 2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38D\\] | Generation,Authentication", "AES KW, KWP(KTS: KeyWrapping UsingAES²2 | A6047 | Modes: AES KW, KWPKey sizes: 128, 192, 256 bits(key establishmentmethodology providing 128,192 or 256 bits of encryptionstrength) | \\[SP 800-38F\\] | Key Wrapping", "DRBG, CounterDRBG | A6047 | AES 128, AES 192, AES 256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "DRBG, Hash DRBG | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA2-512,SHA-512/224, SHA2-512/256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "DRBG, HMACDRBG | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA2-512,SHA-512/224, SHA2-512/256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "ECDSA | A6047 | Curves/Key sizes: P-224, P-256,P-384, P-521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes: P-192, K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512,SHA-512/224, SHA-512/256,SHA3-224, SHA3-256, SHA3-384, SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224, P-256, P-384, P-521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571ephemeralUnified, fullMqv,fullUnified, onePassDh,onePassMqv, onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP 800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048, ffdhe3072,ffdhe4096, ffdhe6144,ffdhe8192, MODP-2048,MODP-3072, MODP-4096,MODP-6144, MODP-8192dhHybrid1, MQV2, dhEphem,dhHybrid, OneFlow, MQV1,dhOneFlow, dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP 800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with, and without, keyconfirmation.Key sizes: 2048, 3072, 4096providing between 112 and 152bits of encryption strength | \\[SP 800-56Br2,Section 7.2.1\\] | Key Agreement", "KDA, HKDF | A6047 | PRFs: HMAC-SHA-1, HMACSHA-224, HMAC-SHA-256,HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384,SHA3-512, HMAC-SHA-1,HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512, KMAC-128, KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256,HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512, CMAC-AES128, CMAC-AES192, CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, usingPseudorandomFunctions | A6047 | Modes: Counter Mode,Feedback Mode, Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128, 192, 256)HMAC-based KBKDF with SHA-1, SHA-224, SHA-256, SHA-384,SHA-512, SHA3-224, SHA3-256,SHA3-384, SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224, SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be usedalong with KAS-SSC", "KDF, ExistingApplication-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | SNMP KDFPassword Length: 64, 8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | SRTP KDFAES: 128, 192, 256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific}8 | CVLA6047 | SSH KDFAES: 128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific}8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Secific8 | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with, and without,key confirmation.Key sizes: 2048, 3072, 4096providing between 112 and 152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section 7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options: PBKDF with Option 1aTypes: HMAC-based KDF usingSHA-1, SHA-224, SHA-256, SHA-384, SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | SignatureVerification", "RSA | A6047 | Key sizes: 1024, 2048, 3072,40969 | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | SignatureVerification", "RSA | A6047 | Key sizes: 1024, 1536, 2048,3072, 4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | SignatureVerification", "RSA DecryptionPrimitive | CVLA6047 | Key size: 2048 | \\[SP 800-56Br2\\] | ComponentTest", "RSA SignaturePrimitive | CVLA6047 | Key size: 2048 | \\[FIPS 186-4\\] | ComponentTest", "SHA-3, SHAKE | A6047 | SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,SHAKE256 | \\[FIPS 202\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHA-3 DerivedFunctions | A6047 | Types: cSHAKE-128, cSHAKE-256, KMAC-128, KMAC-256,ParallelHash-128, ParallelHash-256, TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHS | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512,SHA-512/224, SHA-512/256 | \\[FIPS 180-4\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "CKG | Used for thegeneration ofsymmetric keys andasymmetric seeds | OtherCryptographic keygeneration | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generatedseed is an unmodified output from aDRBG:• Section 5.1 (Asymmetricseeds from DRBG)Section 6.1 (DirectGeneration of Symmetrickeys from DRBG)", "MD5 within TLS | MD5 within TLS Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES (non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS (non-compliant11) | non-compliant key agreement methods", "DSA (non-compliant1²2) | non-FIPS digest signatures using DSA", "ECDSA (non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption - AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14 using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF (non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF (non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF (non-compliant) | PKCS#5 PBE key derivation scheme", "RSA (non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS (non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher", "DataEncryption | Used to encrypt data | Flag | Key, | Ciphertext | AES CBC, AES | AES Encryption Key | CO /User | E", "Plaintext | CFB8, AESCFB128, AESCTR, AESECB, AES FF1,AES OFB,AES CBC-CS1,AES CBC-CS2,AES CBC-CS3,AES CCM,AES GCM", "DataDecryption | Used to decrypt data | Flag | Key,Ciphertext | Plaintext | AES CBC, AESCFB8, AESCFB128, AESCTR, AESECB, AES FF1,AES OFB,AES CBC-CS1,AES CBC-CS2,AES CBC-CS3,AES CCM,AES GCM | AES Decryption Key | CO /User | E", "MACCalculation | Used to calculate dataintegrity codes withCMAC, GMAC | Flag | Key,Message | MAC | AES CMAC,AES GMAC | AES AuthenticationKey | CO/User | E", "SignatureGeneration | Used to generate digitalsignatures | Flag | Key,Message | Signature | DSA, ECDSA,RSA | DSA Signing Key,EC Signing Key,RSA Signing Key | CO /User | E", "SignatureVerification | Used to verify digitalsignatures | Flag | Key,MessageSignature | Boolean | DSA, ECDSA,RSA | DSA VerificationKey,EC Verification Key,RSA VerificationKey | CO /User | E", "DRBG (SP 800-90Ar1) output | Used to generate random numbers, IVs and keys | Flag | N/A | Data | Counter DRBG Hash DRBG HMAC DRBG | AES Encryption Key, AES Decryption Key, AES Authentication Key, AES Wrapping Key, DH Agreement Private Key, DH Agreement Public Key, DRBG Seed, Internal State V and C value, and DRBG Key, DSA Signing Key, EC Agreement Private Key, EC Agreement Public Key, EC Signing Key, HMAC | CO/ G User E CO / User", "DRBG Seed,Internal State Vand C value,and DRBG Key", "MessageHashing | Used to generate amessage digest, SHAKEoutput | Flag | Message | Hash | SHS, SHA-3,SHAKE, SHA-3 DerivedFunctions(cSHAKE,TupleHash,ParallelHash) | N/A | CO /User | N/A", "KeyedMessageHashing | Used to calculate dataintegrity codes with HMACand KMAC | Flag | Key,Message | Hash | HMAC,SHA-3DerivedFunctions(KMAC) | HMACAuthentication Key,KMACAuthentication Key | CO /User | E", "TLS KeyDerivationFunction | Used to calculate a valuesuitable to be used for amaster secret in TLS | Flag | TLSParameters | Data | HKDF,ExistingApplication-Specific (TLSKDF) | TLS KDF SecretValue | CO /User | E", "SSHDerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | SSHParameters | Data | ExistingApplication-Specific (SSHKDF) | SSH KDF SecretValue | CO /User | E:", "X9.63DerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | X9.63Parameters | Data | ExistingApplication-Specific(X9.63 KDF) | DH AgreementPrivate Key,EC AgreementPrivate Key,RSA Signing KeyX9.63 KDF SecretValue | CO /UserCO /User | G", "IKEv2DerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | IKEv2Parameters | Data | ExistingApplication-Specific(IKEv2 KDF) | IKEv2 KDF SecretValue | CO /User | E", "SRTPDerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | SRTPParameters | Data | ExistingApplication-Specific(SRTP KDF) | SRTP KDF SecretValue | CO /User | E", "PBKDF | Used to generate a keyusing an encoding of apassword and a messagehash | Flag | Password, | Data | KDF | HMACAuthentication Key,KMACAuthentication Key | CO /UserCO /User | GE", "HMACAuthentication Key,KMACAuthentication Key,PBKDF Secret Value", "KeyAgreementSchemes | Used to calculate keyagreement values | Flag | Key | Data | KAS-ECC,KAS-FFC,KAS-IFC,Safe Primes | AES EncryptionKey,AES DecryptionKey,AES AuthenticationKey,AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key | CO /UserCO /User | GE", "DH AgreementPrivate Key,EC AgreementPrivate Key,RSA Key TransportPrivate Key", "KeyWrapping | Used to encrypt a keyvalue | Flag | Wrappingkey, Key | Wrappedkey | AES KW, AESKWP, KTS-IFC | AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key,RSA Key TransportPrivate Key | CO /User | E", "KeyUnwrapping | Used to decrypt a keyvalue | Flag | Unwrapping key,Wrappedkey | Key | AES KW, AESKWP, KTS-IFC | AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key,RSA Key TransportPublic Key | CO /User | E", "KeyGeneration | Used to generate a keypair | Flag | KeyGenerationParameters | Key Pair | RSA KeyGen,DSA KeyGen,ECDSAKeyGen, CKG | DRBG Output,DSA Signing Key,EC Signing Key,RSA Signing Key,DSA VerificationKey,EC Verification Key,RSA VerificationKey | CO /User | E", "EntropyCallback | Gathers entropy in apassive manner from auser-provided function | Flag | N/A | Randombits | DRBG, CKG | DRBG Seed,Internal State Vand C value,and DRBG Key | CO /User | G", "DRBGHealth Tests | Used to perform checks ofincoming entropy againstSection 4.4 of SP 800-90B | Flag | N/A | N/A | DRBG | N/A | CO /User | N/A", "SSP ExportOperation | Returns a CSP as data thatcan be used for lateroutput | Flag | SSP | Data | N/A | AES EncryptionKey,AES DecryptionKey,AES AuthenticationKey,AES Wrapping Key,DH AgreementPrivate Key,DH AgreementPublic Key, | CO /User | R", "RSA Signing Key,RSA Key TransportPrivate Key,RSA Key TransportPublic Key", "DataEncryption | Used to encrypt data | Flag | Triple-DES | CO / User", "DataDecryption | Used to decrypt data | Flag | Triple-DES | CO / User", "MACCalculation | Used to calculate data integrity codeswith CMAC | Flag | Triple-DES CMAC | CO / User", "DRBG (SP800-90Ar1)output | Used to generate random numbers,IVs and keys | Flag | ctrDRBG-Triple-DES | CO / User", "KeyAgreementSchemes | Used to calculate key agreementvalues | Flag | Triple-DES | CO / User", "KeyWrapping | Used to encrypt a key value | Flag | Triple-DES KW | CO / User", "KeyUnwrapping | Used to decrypt a key value | Flag | Triple-DES KW | CO / User", "AES Encryption | 128, 192, 256 | AES CBC, | DRBG20 | Import²1, | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESencryption23", "Key | bits | AES CFB8, | Export²22", "AESCFB128,AES CTR,", "AES ECB,", "AES FF1,", "AES OFB,", "AES CBC-", "CCM, AES", "AES DecryptionKey | 128, 192, 256bits | AES CBC, | DRBG20 | Import²21, | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESdecryption", "AES CFB8,AESCFB128,AES CTR, | Export22", "AESAuthenticationKey | 128, 192, 256bits | AES CMAC,AES GMAC,CKGA6047 | DRBG20 | Import²2,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESCMAC/GMAC", "AES WrappingKey | 128, 192, 256bits | AES KW,AES KWP,CKGA6047 | DRBG20 | Import²21,Export²22 | N/A | N/A | destroy() servicecall or hostplatform powercycle | AES(128/192/256)key wrappingkey for KTS", "DH AgreementPrivate Key | 112, 128, 152,176, 200 bits | KAS-FFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Diffie-Hellman(ffdhe andMODP) keyagreementMay be pairedwith DHAgreementPublic Key", "DH AgreementPublic Key | 112, 128, 152,176, 200 bits | KAS-FFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | Diffie-Hellman(ffdhe andMODP) keyagreementMay be pairedwith DHAgreementPrivate Key", "DSA SigningKey | 112, 128 bits | DSASignatureGeneration,CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | DSA signaturegenerationMay be pairedwith DSAVerificationKey", "DSAVerificationKey | 80, 112, 128bits | DSASignatureVerification,CKGA6047 | DRBG20 | Import²1,Export²22 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | DSA signatureverificationMay be pairedwith DSASigning Key", "EC AgreementPrivate Key | 112, 128, 192,256 bits | KAS-ECC,CKGA6047 | DRBG20 | Import²1,Export²22 | N/A | N/A | destroy() servicecall or hostplatform powercycle | EC keyagreementMay be pairedwith ECAgreementPublic Key", "EC AgreementPublic Key | 112, 128, 192,256 bits | KAS-ECC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | EC keyagreementMay be pairedwith ECAgreementPrivate Key", "HMACAuthenticationKey | 112-256 bits | HMAC-SHA-1, HMAC-SHA-2,HMAC-SHA-3, CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Keyed-HashCalculation", "RSA SigningKey | 112, 128, 152bits | RSASignatureGeneration,CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | RSA signaturegenerationMay be pairedwith RSAVerificationKey", "RSAVerificationKey | 80, 112, 128,152 bits | RSASignatureVerification,CKGA6047 | DRBG20 | Import²1,Export22 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | RSA signatureverificationMay be pairedwith RSASigning Key", "RSA KeyTransportPrivate Key24 | 112, 128, 152bits | KTS-IFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | RSA keytransport anddecryptionMay be pairedwith RSAPublic KeyTransport Key", "RSA KeyTransportPublic Key24 | 112, 128, 152bits | KTS-IFC,CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | RSA keytransportMay be pairedwith RSA KeyTransportPrivate Key", "IKEv2 KDFSecret Value | 112, 128, 192,256 bits | KDF IKEv2A6047 | Generated asoutput of anIKEv2agreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "PBKDF SecretValue | 112-256 bits | PBKDFA6047 | Generated asoutput of aPBE key and aPRF | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "SRTP KDFSecret Value | 128, 192, 256bits | KDF SRTPA6047 | Generated asoutput of anSRTPagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "SSH KDF SecretValue | 80, 112, 128,192, 256 bits | KDF SSHA6047 | Generated asoutput of anSSHagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "TLS PremasterSecret Value | 384 bits | KDF TLSA6047 | Protocolversion (2bytes) and 46bytes from aDRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Used to derivekeys using TLSKDF", "TLS KDF SecretValue | 112, 128, 192,256 bits | KDF TLSA6047 | Generated asoutput of TLSagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "X9.63 KDFSecret Value | 112, 128, 192,256 bits | KDF ANS9.63A6047 | Generated asoutput of anagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "CTR DRBG Seed | 128, 192, 256bits | N/A | N/A | Fromexternalentropysource | N/A | N/A | Immediatelyafter use or hostplatform powercycle | Internal use", "CTR DRBG VValue | 128 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "CTR DRBG Key | 128, 192, 256bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "Hash DRBG VValue | 112, 128, 192,256 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "Hash DRBG CValue | 112, 128, 192,256 bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "HMAC DRBGSeed | 112, 128, 192,256 bits | N/A | N/A | Fromexternalentropysource | N/A | N/A | Immediatelyafter use or hostplatform powercycle | Internal use", "HMAC DRBG VValue | 112, 128, 192,256 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "HMAC DRBGKey | 112, 128, 192,256 bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "DRBG Output | 128, 192, 256bits | N/A | DRBG | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Used as seedforasymmetrickeygeneration orfor symmetrickeygeneration", "AES ECB | Encryption KAT (128 bits)", "AES ECB | Decryption KAT (128 bits)", "AES CCM | Encryption KAT (128 bits)", "AES CCM | Decryption KAT (128 bits)", "AES CMAC | Generation KAT (128 bits)", "AES CMAC | Verification KAT (128 bits)", "AES GCM | Encrypt KAT (128 bits)", "AES GCM | Decrypt KAT (128 bits)", "HASH DRBG | SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "HMAC DRBG | HMAC-SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "CTR DRBG | AES CTR 256 bits KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "DSA | Signature Generation KAT (2048 bits)", "DSA | Signature Verification KAT (2048 bits)", "ECDSA | Signature Generation KAT (P-256)", "ECDSA | Signature Verification KAT (P-256)", "HMAC-SHA2-256 | HMAC-SHA2-256 KAT", "HMAC-SHA2-512 | HMAC-SHA2-512 KAT", "HMAC-SHA3-256 | HMAC-SHA3-256 KAT", "KAS-ECC | Primitive \"Z\" Computation KAT (P-256)", "KAS-ECC | Primitive \"Z\" Computation KAT (B-233)", "KAS-FFC | Primitive \"Z\" Computation KAT (ffdhe2048)", "KBKDF | KBKDF KAT (Counter, Feedback, Double Pipeline)", "KDA OneStep | KDA OneStep KAT", "KDA TwoStep | KDA TwoStep KAT", "PBKDF | PBKDF KAT (HMAC-SHA2-256)", "RSA | Signature Generation KAT (2048 bits)", "RSA | Signature Verification KAT (2048 bits)", "RSA Encryption | RSA Encryption KAT SP 800-56Br2 (2048 bits)", "RSA Decryption | RSA Decryption KAT SP 800-56Br2 (2048 bits)", "SHA-1 | SHA-1 KAT", "SHA2-256 | SHA2-256 KAT", "SHA2-512 | SHA2-512 KAT", "SHA-3 | SHA-3 KAT (cSHAKE-128)", "SHAKE256 | SHAKE256 KAT", "ANS 9.63 KDF | ANS 9.63 KDF KAT", "IKEv2 KDF | IKEV2 KDF KAT", "SNMP KDF | SNMP KDF KAT", "SRTP KDF | SRTP KDF KAT", "SSH KDF | SSH KDF KAT", "TLS 1.0 KDF | TLS 1.0 KDF KAT", "TLS 1.1 KDF | TLS 1.1 KDF KAT", "TLS 1.2 KDF | TLS 1.2 KDF KAT", "DSA | DSA Pairwise Consistency Test", "ECDSA | ECDSA Pairwise Consistency Test", "RSA | RSA Pairwise Consistency Test", "CryptoServicesPermission | tIsNullDigestEnabled | No | Only required for TLS digestcalculations.", "CryptoServicesPermission | tIsPKCS15KeyWrapEnabled | No | Only required if TLS is usedwith RSA encryption.", "FIPS 180-4 | Secure Hash Standard (SHS)", "FIPS 198-1 | The Keyed-Hash Message Authentication Code (HMAC)", "FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions", "PKCS#1 v2.1 | RSA Cryptography Standard", "AES | Advanced Encryption Standard", "CVL | Component Validation List", "DES | Data Encryption Standard", "DRBG | Deterministic Random Bit Generator", "DSA | Digital Signature Algorithm", "ECDSA | Elliptic Curve Digital Signature Algorithm", "EdDSA | Edwards Curve DSA using Ed25519, Ed448", "HMAC | (Keyed) Hashed Message Authentication Code", "KAS | Key Agreement Scheme", "KDF | Key Derivation Function", "PBKDF | Password-Based Key Derivation Function", "RSA | Rivest Shamir Adleman", "SHA | Secure Hash Algorithm", "TLS | Transport Layer Security" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5209", "Certificate Number": "5209", "Vendor Name": "Kloudfuse Inc", "Module Name": "Kloudfuse Java Cryptographic Module", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5209.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5209", "module_name": "Kloudfuse Java Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "Kloudfuse Java Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HashDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific$^8$ | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific$^8$ | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from aDRBG:Section5.1(Asymmetric seeds from DRBG)Section6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$ ^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$ ^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$ ^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$ ^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5208", "Certificate Number": "5208", "Vendor Name": "Lightware Visual Engineering Plc.", "Module Name": "Lightware Crypto Core", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5208.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5208", "module_name": "Lightware Crypto Core", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Lightware Crypto Core is a standards-based cryptographic engine for embedded Linux systems. The module delivers core cryptographic functions to the embedded systems of Taurus product family's hardware devices and features robust algorithm support. Lightware Crypto Core offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA HKDFSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A4593 | MAC Salting Methods-default,randomKDF Mode-feedsDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A5173 | MAC Salting Methods-default,randomKDF Mode-feedsDerived Key Length-2048 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4593 | KDF Type - DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type - DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification, Key Generation, Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5207", "Certificate Number": "5207", "Vendor Name": "Forescout Technologies", "Module Name": "Forescout OpenSSL FIPS Module", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5207.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5207", "module_name": "Forescout OpenSSL FIPS Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Forescout OpenSSL FIPS Module is a cryptographic module that is integrated into Forescout products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA HKDFSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A4593 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A5173 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5206", "Certificate Number": "5206", "Vendor Name": "Veeam Software", "Module Name": "Veeam Cryptographic Module", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5206.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5206", "module_name": "Veeam Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "The Veeam Cryptographic Module provides cryptographic functions for the Veeam Cloud (Veeam Backup for Microsoft 365) and Veeam Data Cloud - Vault. These functions are used for protecting data in transit and at rest using standards based and trusted algorithms.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification, Key Generation, Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5205", "Certificate Number": "5205", "Vendor Name": "CyberArk Software Ltd.", "Module Name": "CyberArk Cryptographic Module", "Module Type": "Software", "Validation Date": "03/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5205.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5205", "module_name": "CyberArk Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "CyberArk Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support. CyberArk Cryptographic Module offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B163,B233,B283,B409,B571,K163,K233,K283,K409,K571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5204", "Certificate Number": "5204", "Vendor Name": "WinMagic Corp", "Module Name": "WinMagic Cryptographic Module for Windows", "Module Type": "Software", "Validation Date": "03/23/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5204.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5204", "module_name": "WinMagic Cryptographic Module for Windows", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/22/2031", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "The WinMagic Cryptographic Module for Windows 1.0 is a software library, designed to run as a multi-chip standalone embodiment on Windows platform. The module leverages cryptographic services for the WinMagic software products.", "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "KTS", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6384 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A6384 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "HMAC DRBG | A6384 | Prediction Resistance - NoMode - SHA2-256 | SP 800-90ARev. 1", "HMAC-SHA2-256 | A6384 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-384 | A6384 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-512 | A6384 | Key Length - Key Length: 256 | FIPS 198-1", "PBKDF | A6384 | Iteration Count - Iteration Count: 8192-12288 Increment 1Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "SHA2-256 | A6384 | Message Length - Message Length: 0-51200 Increment 8 | FIPS 180-4", "SHA2-384 | A6384 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A6384 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "Block Cipher | BC-UnAuth | UnauthenticatedBlock Ciphers | bits:256 | AES-CBC:(A6384)AES-EB:(A6384)", "Secure Hash | SHA | Secure HashFunctions | SHA2-256:(A6384)SHA2-384:(A6384)SHA2-512:(A6384)", "MessageAuthentication | MAC | Hash-BasedMessageAuthenticationCodes(generation andverification) | HMAC-SHA2-256: (A6384)HMAC-SHA2-384: (A6384)HMAC-SHA2-512: (A6384)", "DeterministicRandom BitGenerator | DRBG | SP 800-90Ar1\"Recommendationfor RandomNumberGeneration UsingDeterministicRandom BitGenerators\" | SHA2-256:(A6384)HMAC DRBG:(A6384)", "Password-Based KeyDerivation | PBKDF | SP 800-132\"Recommendationfor Password-Based KeyDerivation: Part 1:StorageApplications\" | HMAC-SHA2-256: (A6384)PBKDF:(A6384)", "Key Transport | KTS-Wrap | Non-authenticatedBC with Hash-Based MAC | bits:256 | AES-CBC:(A6384)HMAC-SHA2-256: (A6384)", "Symmetric KeyGeneration | CKG | SP 800-133r2Section 6.2\"Derivation ofSymmetric Keys\" | bits:256 | HMAC-SHA2-256: (A6384)HMAC DRBG:(A6384)", "WinMagic CPU Jitter Entropy Source | Non- Physical | Windows 11 Enterprise on Intel Core i7-8550U (Kaby Lake) - Windows 11 Pro on SnapDragon X Elite X1E-78- 100 (ARMv8.7-A) | 256 bits | 256 bits | SHA3-256: A6411", "RandomByteGenerator | Generatesrandom bytesusing the DRBG | Successfulcompletion | Requestednumberof bytes | StatusreturnRandombytes | Deterministic RandomBitGenerator | Crypto Officer-DRBG\\_ENT: G,E", "KeyGenerator | Generates asymmetric keyusing the DRBG | Successfulcompletion(status =0) | None | StatusreturnSymmetric key | SymmetricKeyGeneration | Crypto Officer- AES\\_KEY:G,E", "DataEncryptionDecryption | Encrypts ordecrypts datausing asymmetric blockcipher | Successfulcompletion(status =0) | Key,AESmode,inputdata | StatusreturnCiphertext orplaintext | BlockCipher | Crypto Officer- AES\\_KEY:W,E", "KeyTTransport | Exports orimports a keyprotected bykey wrapping. | Successfulcompletion(status =0) | Wrapping key,ey towrap orunwrap | StatusreturnWrappedorunwrapped key | KeyTransport | Crypto Oficer- AES\\_KEY:R,W,E", "Zeroize | Zeroize SSPstored in volatilememory of GPCby invoking\"C\\_Finalize()\"API or power-cycling | Successfulcompletion(status =0) | Reference to astructure(s)containing SSPs | Statusreturn | None | Cryptofficer- AES\\_KEY:Z-HMAC\\_KEY:ZDRBG\\_ENT: Z-DRBG\\_SEED: ZDRBG\\_STATE: ZPBKDF\\_KM:Z", "AES\\_KEY | Key used forsymmetricencryptionwith AES | 256 -256 | Symmetric Key -CSP | Deterministic RandomBitGenerator | KeyTransport | Block Cipher", "HMAC\\_KEY | Key used inHMACalgorithm | 256 -256 | Symmetric Key -CSP | Deterministic RandomBitGenerator | KeyTransport | MessageAuthentication", "DRBG\\_ENT | Entropycollectedfrom moduleES | 1152 -256 | EntropyInput -CSP | Deterministic RandomBitGenerator", "DRBG\\_SEED | Entropy-based valueused forDRBGinstantiation | 1048 -256 | Seed -CSP | Deterministic RandomBitGenerator | Deterministic RandomBitGenerator", "DRBG\\_STATE | Internalvalues (K,V)ofHMAC\\_DRBG | 64 - 256 | InternalState -CSP | Deterministic RandomBitGenerator | Deterministic RandomBitGenerator", "PBKDF\\_KM | Derived keymaterial | 256 -256 | Symmetric Key -CSP | Password-Based KeyDerivation | Password-Based KeyDerivation", "AES\\_KEY | InputKeyEntryKeyExport | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset", "HMAC\\_KEY | InputKeyEntry | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset", "DRBG\\_ENT | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset", "DRBG\\_SEED | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset | DRBG\\_ENT:DerivedFrom", "DRBG\\_STATE | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset | DRBG\\_SEED:Derived From", "PBKDF\\_KM | Output | SSPsRAM:Plaintext | While inuse | FreeservicecontextModulereset", "HMAC-SHA2-256 (A6384) | Key: 256 | KAT | SW/FWIntegrity | CKR\\_OK orCKRT\\_HMACSHA | Verifies MACof SDUser.dIl", "HMACDRBG(A6384) | HMAC-SHA2-256 | KAT | CAST | CKR\\_OK or CKRT\\_PRNG | Instantiate,Generate | Runs atpower-onprior tointegritytest", "AES-CBC(A6384)ncrypt | 256 bits | KAT | CAST | CKR\\_OK orCKRT\\_SELF\\_TEST\\_ENCRYPT | Encrypt | Runs atpower-onprior tointegritytest", "AES-CBC(A6384)Decrypt | 256 bits | KAT | CAST | CKR\\_OK orCKRT\\_SELF\\_TEST\\_DECRYPT | Decrypt | Runs atpower-onprior toiintegrityttest", "SHA2-256(A6384) | KAT | CAST | CKR\\_OK orCKRT\\_HASH\\_SHA | Digest | Runs atpower-onprior tointegritytest", "SHA2-384(A6384) | KAT | CAST | CKR\\_OK orCKRT\\_HASH\\_SHA | Digest | Runs atpower-onprior toi integritytest", "SHA2-512(A6384) | KAT | CAST | CKR\\_OK orCKRT\\_HASH\\_SHA | Digest | Runs atpower-onprior tointegritytest", "HMAC-SHA2-256(A6384) | 256 bits | KAT | CAST | CKR\\_OK orCKRT\\_HMAC\\_SHA | MessageAuthentication | Runs atpower-onprior tointegritytest", "HMAC-SHA2-384(A6384) | 256 bits | KAT | CAST | CKR\\_OK orCKRT\\_HMAC\\_SHA | MessageAuthentication | Runs atpower-onprior tointegritytest", "HMAC-SHA2-512(A6384) | 256 bits | KAT | CAST | CKR\\_OK orCKRT\\_HMAC\\_SHA | MessageAuthentication | Runs atpower-onprior tointegritytest", "PBKDF(A6384) | Salt: 224bitsCount:9954Key: 256bits | KAT | CAST | CKR\\_OK orCKRT\\_PBKDF | PasswordBased KeyDerivation | Runs atpower-onprior tointegritytest", "HMAC-SHA2-256 (A6384) | KAT | SW/FW Integrity | On startup | Manually", "HMAC DRBG(A6384) | KAT | CAST | On-Demand | Manually", "AES-CBC(A6384) Encrypt | KAT | CAST | On-Demand | Manually", "AES-CBC(A6384) Decrypt | KAT | CAST | On-Demand | Manually", "SHA2-256(A6384) | KAT | CAST | On-Demand | Manually", "SHA2-384(A6384) | KAT | CAST | On-Demand | Manually", "SHA2-512(A6384) | KAT | CAST | On-Demand | Manually", "HMAC-SHA2-256 (A6384) | KAT | CAST | On-Demand | Manually", "HMAC-SHA2-384 (A6384) | KAT | CAST | On-Demand | Manually", "HMAC-SHA2-512 (A6384) | KAT | CAST | On-Demand | Manually", "PBKDF (A6384) | KAT | CAST | On-Demand | Manually" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5203", "Certificate Number": "5203", "Vendor Name": "OVH SAS", "Module Name": "OVHCloud OKMS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "03/21/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5203.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5203", "module_name": "OVHCloud OKMS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The OVHCloud OKMS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A3548 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A3548 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "DSA KeyGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "DSA PQGGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-", "384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A3548 | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-", "256, SHA2-384, SHA2-512, SHA2-512/224,", "SHA2-512/256 | FIPS 186-4", "DSA SigGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256", "DSA SigVer | (FIPS186-4) | A3548 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A3548 | Curve - B-163, B-233, B-283, B-409, B-571, K- | 163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521", "384, SHA2-512, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-163, B-233, B-283, B-409, B-571, K- | 163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521", "SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-", "512/256, SHA3-256, SHA3-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A3548 | Prediction Resistance - Yes", "512/256, SHA3-256, SHA3-512 | SP 800-90A | Rev. 1 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "KAS-ECC CDH- | Component | SP800-56Ar3", "(CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B- | 233, B-283, B-409, B-571, K-233, K-283, K- | 409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB, | FC, ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP- | 3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, | rsakpg1-crt, rsakpg1-prime-factor, rsakpg2- | basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "KDA HKDF | SP800-56Cr2 | A3548 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A3548 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A3548 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.42", "(CVL) | A3548", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 | Increment 8 | SP 800-135 | Rev. 1", "KDF ANS 9.63", "384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A3548 | Derived Key Length - Derived Key Length: 112- | 4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A3548", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, | 128, 776, 3456, 4096 | SP 800-108 | Rev. 1", "KDF SSH (CVL) | A3548", "Cipher - AES-128, AES-192, AES-256", "256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1 | KMAC-128 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | SP 800-185 | KMAC-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | SP 800-185", "KTS-IFC | A3548 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, | rsakpg1-crt, rsakpg1-prime-factor, rsakpg2- | basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | SP 800-56B | Rev. 2 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | Key Transport Method - | Key Length - 1024", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A3548 | Key Generation Mode - B.3.3, B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2, Table C.3 | Private Key Format - Standard | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, | PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA Signature", "Primitive (CVL) | A3548 | Private Key Format - CRT | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, | PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, | MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, | MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA3-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A3548 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "SHAKE-256 | A3548 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "TLS v1.2 KDF", "RFC7627 (CVL) | A3548", "Hash Algorithm - SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF", "(CVL) | A3548 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | The Module implements the Approved cryptographic functions listed in Table 5. | Name | Implementation", "DSA | PQGGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGGen using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3)", "DSA | PQGVer | [FIPS 186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGVer using", "DSA | SigGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:SigGen using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3) | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Implementation", "DSA | SigVer | [FIPS186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:SigVer using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3) | CKG - | Section 4 | and 5.1 | Key Type :Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.1: Key Pairs for | Digital Signature | Schemes | CKG - | Section 4 | and 5.2 | Key Type:Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.2: Key Pairs for Key | Establishment | CKG - | Section 4 | and Section | 6.1 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 6.1: Direct Generation | of Symmetric Keys | CKG - | Section 6.2 | Key Type:Symmetric | N/A | NIST SP 800-133r2 | Section 6.2: Derivation | of Symmetric keys | CKG - | Section 6.3 | Key Type:Symmetric | N/A | NIST SP 800-133rev2, | Section 6.3: Symmetric | Keys Produced by | Combining Multiple | Keys and Other Data | CKG – | Section 4 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Random bits | returned to the calling | application | Non-Approved, Allowed Algorithms: | Name Properties | Implementation", "AES", "AES KW, KWP | (Cert.#A3548):Symmetric key | unwrapping | OpenSSL Project | OpenSSL 3.x FIPS | Provider | Per IG D.G | Additional | Comment 5 | OVHCloud OKMS Provider based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | OVH SAS 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Non-Approved, Allowed Algorithms with No Security Claimed: | Name Caveat Use and | Function | N/A | N/A | N/A | The module does not support any Non-Approved Algorithms Allowed in the Approved Mode of Operation with No | Security Claimed. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, | Encryption, Decryption | Ed448", "SHAKE256, Ed448 provides 224 bits of security, Digital Signature | Generation | Ed25519", "SHA2-512, Ed25519 provides 128 bits of security, Digital Signature | Generation | X448 | Provides 224 bits of security, Key Agreement | X25519 | Provides 128 bits of security, Key Agreement", "ECDSA SigVer | Component | Provides between 80 and 256 bits for security, Curves: B-163, B-233, | B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSA | SigGen/SigVer", "Provides >= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5202", "Certificate Number": "5202", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1]", "Module Type": "Software", "Validation Date": "03/19/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5202.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5202", "module_name": "Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/18/2031", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple corecrypto Kernel Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6208 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6209 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-CBC | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6204 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A6205 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6204 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6205 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6204 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6205 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6208 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6209 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6204 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6205 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6210 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A6211 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "AES-XTS Testing | Revision 2.0 | A6208 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A6209 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A6204 | Prediction Resistance - No", "Mode - AES-128, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A6205 | Prediction Resistance - No", "Counter DRBG | A6210 | Prediction Resistance - No", "Counter DRBG | A6211 | Prediction Resistance - No", "ECDSA KeyGen | (FIPS186-4) | A6201 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing | Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A6202 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing | Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A6212 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing | Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6201 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6202 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A6212 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A6201 | Component - No | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A6202 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigGen | (FIPS186-4) | A6212 | Component - No | Curve - P-224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A6201 | Component - No | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA-1, SHA2-224,", "SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4 | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A6202 | Component - No | Curve - P-224, P-256, P-384, P-521", "SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A6212 | Component - No | Curve - P-224, P-256, P-384, P-521", "HMAC DRBG | A6201 | Prediction Resistance - No", "Mode - SHA-1, SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A6202 | Prediction Resistance - No", "HMAC DRBG | A6212 | Prediction Resistance - No", "HMAC-SHA-1 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6207 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6207 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6207 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6207 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1 | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA2-384 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6207 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6201 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6202 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6212 | Key Length - Key Length: 8-262144 | Increment 8 | FIPS 198-1", "KDF SP800-108 | A6202", "KDF Mode - Counter | Supported Lengths - Supported Lengths: | 8-4096 Increment 8 | SP 800-108 | Rev. 1", "RSA SigGen | (FIPS186-4) | A6201 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6202 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A6212 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6201 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6202 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A6212 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA-1 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA-1 | A6207 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA-1 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-224 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-224 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-224 | A6207 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-224 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4 | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA2-256 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-256 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-256 | A6207 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-256 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-384 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-384 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-384 | A6207 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-384 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512 | A6207 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512/256 | A6201 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512/256 | A6202 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "SHA2-512/256 | A6212 | Message Length - Message Length: 0- | 32768 Increment 8 | FIPS 180-4", "TDES-ECB | A6203 | Direction - Decrypt, Encrypt | SP 800-67 | Rev. 2 | The table below lists all the Vendor-Affirmed Algorithms supported by the module. | Name Properties | Implementation Reference | CKG | Key | Type:Asymmetric | N/A | NIST SP800-133r2 Section 4: Using the | Output of a Random Generator, Example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Apple corecrypto Module v14.0 [Intel, Kernel, Software, SL1] | FIPS 140-3 Non-Proprietary Security Policy | Apple Inc. 2026 | This document may be reproduced and distributed only in its original entirety without revision. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | The table below lists all the Non-Approved, Not Allowed Algorithms supported by the module. | Name | Use and Function", "ANSI X9.63 KDF | Hash based Key Derivation Function | Blowfish | Encryption/Decryption | CAST5 | Encryption/Decryption Key Sizes: 40 to 128 bits in 8-bit increments", "DES | Encryption/Decryption Key Size: 56-bits", "ECDSA | PKG: Curve P-192; PKV: Curve P-192; compact point | representation of points; Signature Generation: Curve P-192; | Signature Verification: Curve P-192 | Ed25519 | Key Generation, Signature Generation, Signature Verification", "HKDF [SP800- | 56Crev2] | Key Derivation Function | Integrated Encryption | Scheme on elliptic | curves | Encryption/Decryption | MD2 | Message Digest size: 128-bit | MD4 | Message Digest size: 128-bit | MD5 | OMAC (One-Key CBC | MAC) | MAC Generation/Verification | RC2 | Encryption/Decryption | RC4 | Encryption/Decryption | RIPEMD", "RSA Digital Signature | PKCS#1 v1.5 and PSS; Signature Generation Key Size < 2048; | Signature Verification Key Size < 1024", "RSA Key Wrapping | OAEP, PKCS#1 v1.5 and PSS schemes", "Triple-DES [SP 800-67] Encryption | RFC6637 | Key Derivation Function" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5201", "Certificate Number": "5201", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v14.0 [Intel, User, Software, SL1]", "Module Type": "Software", "Validation Date": "03/19/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5201.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5201", "module_name": "Apple corecrypto Module v14.0 [Intel, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/18/2031", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple corecrypto User Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6189 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6190 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6194 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6195 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6199 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6200 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A6189 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6190 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6195 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6196 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6197 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A6189 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A6190 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A6195 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A6189 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A6190 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A6195 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A6195 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A6189 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6190 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6195 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6196 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6197 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6189 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6190 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6195 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6196 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6197 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6199 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-ECB | A6200 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-GCM | A6189 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A6190 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A6195 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A6196 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A6197 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-KW | A6189 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38F", "AES-KW | A6190 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38F", "AES-KW | A6195 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38F", "AES-OFB | A6189 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-OFB | A6190 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-OFB | A6195 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6189 | Direction - Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6190 | Direction - Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6195 | Direction - Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6199 | Direction - Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A6200 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A6189 | Prediction Resistance - No Mode - AES-128,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A6190 | Prediction Resistance - No Mode - AES-128,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A6195 | Prediction Resistance - No Mode - AES-128,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A6196 | Prediction Resistance - No Mode - AES-128,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "Counter DRBG | A6197 | Prediction Resistance - No Mode - AES-128,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A6191 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A6192 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A6193 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A6195 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6191 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6192 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6193 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A6195 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A6191 | Component-No Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A6192 | Component-No Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A6193 | Component-No Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A6195 | Component-No Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6191 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6192 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6193 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6195 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC DRBG | A6191 | Prediction Resistance-NoMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A6192 | Prediction Resistance-NoMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A6193 | Prediction Resistance-NoMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A6195 | Prediction Resistance-NoMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A6191 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A6192 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A6193 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A6195 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A6198 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6191 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6192 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6193 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6195 | Key Length-Key Length:8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6191 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6192 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6193 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6191 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6192 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6193 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6191 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6192 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6193 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6191 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6192 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6193 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A6195 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A6198 | Key Length - Key Length: 8-262144 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A6195 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6198 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6195 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6198 | Key Length - Key Length: 8-262144 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A6195 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-FFC Component | A6195 | Function-Full Public Key Validation Scheme-dhEphem-KAS Role-Initiator, Responder Shared Secret Computation | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A6195 | Domain Parameter Generation Methods-MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192 Scheme-dhEphem-KAS Role-initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A6191 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A6192 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A6193 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A6195 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56C Rev.2", "KDF SP800-108 | A6191 | KDF Mode-Counter Supported Lengths-Supported Lengths:8-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A6192 | KDF Mode - CounterSupported Lengths - Supported Lengths:8-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A6193 | KDF Mode - CounterSupported Lengths - Supported Lengths:8-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A6195 | KDF Mode - CounterSupported Lengths - Supported Lengths:8-4096 Increment 8 | SP 800-108Rev.1", "PBKDF | A6191 | Iteration Count - Iteration Count:1000-10000Increment1PasswordLength - PasswordLength:8-128Increment1 | SP 800-132", "PBKDF | A6192 | Iteration Count - Iteration Count:1000-10000Increment1PasswordLength - PasswordLength:8-128Increment1 | SP 800-132", "PBKDF | A6193 | Iteration Count - Iteration Count:1000-10000Increment1PasswordLength - PasswordLength:8-128Increment1 | SP 800-132", "PBKDF | A6195 | Iteration Count - Iteration Count:1000-10000Increment1PasswordLength - PasswordLength:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A6191 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A6192 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A6193 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A6195 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A6191 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A6192 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A6193 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A6195 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6191 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6192 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6193 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6195 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A6191 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA-1 | A6192 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA-1 | A6193 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA-1 | A6195 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA-1 | A6198 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-224 | A6191 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-224 | A6192 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-224 | A6193 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-224 | A6195 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-224 | A6198 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-256 | A6191 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-256 | A6192 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-256 | A6193 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-256 | A6195 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-256 | A6198 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-384 | A6191 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-384 | A6192 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4", "SHA2-384 | A6193 | Message Length - Message Length:0-32768 Increment8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5200", "Certificate Number": "5200", "Vendor Name": "Ctrl IQ, Inc.", "Module Name": "Rocky Linux 8 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "03/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5200.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5200", "module_name": "Rocky Linux 8 OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/17/2031", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6738,A6739,A6740 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A6738,A6739,A6740 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A6738,A6739,A6740 | Direction-GenerationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A6741,A6742,A6743,A6744,A6745,A6746,A6747,A6748,A6749 | Direction-Decrypt,EncryptIV Generation-External,InternalKeyLength-128,192,256IV Generation Mode-8.2.1,8.2.2 | SP 800-38D", "AES-GMAC | A6741,A6742,A6743,A6744,A6745,A6746,A6747,A6748,A6749 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP 800-38D", "AES-KW | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A6738,A6739,A6740 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6738,A6739,A6740 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A6738,A6739,A6740 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A6750,A6752,A6754,A6756,A6758 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6750,A6752,A6754,A6756,A6758 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6750,A6752,A6754,A6756,A6758 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6760 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 Component-No,Yes | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6750,A6752,A6754,A6756,A6758 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A6760 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "EDDSA KeyGen | A6763 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A6763 | Curve-ED-25519,ED-448 PreHash-No Pure-Yes | FIPS 186-5", "EDDSA SigVer | A6763 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "HMAC-SHA-1 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6750,A6752,A6754,A6756,A6758 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A6760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A6760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A6760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A6760 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A6750,A6752,A6754,A6756,A6758 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A6762 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A6761 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A6751,A6753,A6755,A6757,A6759 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A6750,A6752,A6754,A6756,A6758 | TLS Version-v1.0/1.1 | SP 800-135Rev.1", "PBKDF | A6750,A6752,A6754,A6756,A6758,A6760 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A6750,A6752,A6754,A6756,A6758 | Key Generation Mode-probableModulo-2048,3072,4096,6144,8192Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A6750,A6752,A6754,A6756,A6758,A6760 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A6750,A6752,A6754,A6756,A6758,A6760 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A6750,A6752,A6754,A6756,A6758 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A6750,A6752,A6754,A6756,A6758 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A6760 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A6760 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A6760 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A6760 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A6760 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A6760 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A6750,A6752,A6754,A6756,A6758 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A6761 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "MD5 | Only allowed as the PRF in TLSv1.0 and v1.1 per IG2.4.A | Message digest used in TLSv1.0/v1.1 KDF only", "AES-GCM with external IV | Authenticated encryption", "HMAC with less than 112-bit keys, SipHash | Message authentication code (MAC)", "Diffie-Hellman with domain parameters other than safe primes | Key pair generation; Diffie-Hellman public key validation; Shared secret computation", "DSA with any key sizes | Digital signature verification", "EC Diffie-Hellman with P-192 curve, K curves, B curves and non-NIST curves | Shared secret computation", "ECDSA with P-192 curve, K curves, B curves and non-NIST curves | Key pair generation; Digital signature generation; Digital signature verification", "HKDF standalone | Key derivation as a standalone service", "PBKDF with non-approved message digest algorithms or using input parameters not meeting requirements stated in section 2.7.3 | Key derivation", "RSA with keys smaller than 2048 bits | Key pair generation; Digital signature generation; Digital signature verification", "RSA encryption with any key sizes | Key encapsulation", "RSA decryption with any key sizes | Key un-encapsulation", "SHA-1 | Digital signature generation; Digital signature verification" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5199", "Certificate Number": "5199", "Vendor Name": "HP Inc", "Module Name": "HP Anyware Cryptographic Module", "Module Type": "Software", "Validation Date": "03/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5199.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5199", "module_name": "HP Anyware Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The HP Anyware Cryptographic Module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4308 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A4308 | KeyLength-128,192,256 | SP800-38C", "AES-CMAC | A4308 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A4308 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4308 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4308 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4308 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-OFB | A4308 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "DSA KeyGen(FIPS186-4) | A4308 | L-2048N-256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4308 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-ExtraBits | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4308 | Curve-P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4308 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4308 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "Hash DRBG | A4308 | Prediction Resistance-NoMode-SHA2-256 | SP800-90ARev.1", "HMAC-SHA-1 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "HMAC-SHA3-512 | A4308 | Key Length-Key Length:112-1024 Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4308 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4308 | Domain Parameter Generation Methods-ffdhe2048Scheme-dhEphem-KAS Role-initiator,responder | SP800-56ARev.3", "KDF SSH(CVL) | A4308 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4308 | TLS Version-v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4308 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4308 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4308 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA3-224 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-256 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-384 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-512 | A4308 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A4308 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4308 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "CKG-1 | Asymmetric:RSA Asymmetric:ECDSA | Linux 4.4(Ubuntu16.04LTS)with an [IntelCorei5-5300UCPU@2.30GHzx4withPAA](mailto:IntelCorei5-5300UCPU@2.30GHzx4withPAA);Linux4.4(Ubuntu16.04 LTS)with [anIntelCorei5-5300UCPU@2.30GHzx4withoutPAA](mailto:anIntelCorei5-5300UCPU@2.30GHzx4withoutPAA) | SP800-133r25.1\"KeyPairsforDigitalSignatureSchemes\"", "CKG-3 | Symmetric:AES Symmetric:HMAC | Linux4.4(Ubuntu16.04LTS)with [anIntelCorei5-5300UCPU@2.30GHzx4withPAA](mailto:anIntelCorei5-5300UCPU@2.30GHzx4withPAA);Linux4.4(Ubuntu16.04 LTS)with [anIntelCorei5-5300UCPU@2.30GHzx4withoutPAA](mailto:anIntelCorei5-5300UCPU@2.30GHzx4withoutPAA) | SP800-133r26.2\"Derivation ofSymmetricKeys\"", "DRBG | DRBG | Deterministic Random Byte Generator | SHA2-256:(A4308)A4308:Hash DRBG:(A4308)A4308:", "Message Authentication | MAC | Hash-Based Message Authentication Codes, | HMAC-SHA-1:(A4308)A4308:HMAC-SHA2-224:(A4308)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5198", "Certificate Number": "5198", "Vendor Name": "HP Inc.", "Module Name": "HP Endpoint Security Controller Cryptographic Library", "Module Type": "Hardware", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5198.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5198", "module_name": "HP Endpoint Security Controller Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/29/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "SingleChip", "description": "HP Endpoint Security Controller Cryptographic Library implementation providing cryptographic services.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4659 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5276 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4659 | Direction- Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5276 | Direction- Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4659 | Direction- Decrypt, EncryptIV Generation-InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5276 | Direction- Decrypt, EncryptIV Generation-Internal | SP 800-38D", "AES-GMAC | A4659 | Direction-Decrypt,EncryptIV Generation-InternalIV GenerationMode-8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5276 | Direction-Decrypt,EncryptIV Generation-InternalIV GenerationMode-8.2.2KeyLength-128,192,256 | SP800-38D", "AES-OFB | A4659 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5276 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "ECDSA KeyGen(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS186-5", "ECDSA KeyGen(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Component-No,Yes | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Component-No,Yes | FIPS186-5", "ECDSA SigVer(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-5", "ECDSA SigVer(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-5", "Hash DRBG | A4659 | Prediction Resistance-No,YesMode-SHA2-512 | SP800-90ARev.1", "Hash DRBG | A5276 | Prediction Resistance - No, Yes Mode-SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A4659 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5276 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4659 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5276 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4659 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5276 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4659 | Domain Parameter Generation Methods-P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5276 | Domain Parameter Generation Methods-P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56A Rev.3", "KDF SP800-108 | A4659 | KDF Mode-Counter,Double Pipeline Iteration,Feedback Supported Lenghts-Supported Lenghts:8-4096 Increment8 | SP 800-108 Rev.1", "KDF SP800-108 | A5276 | KDF Mode-Counter,Double Pipeline Iteration,Feedback Supported Lenghts-Supported Lenghts:8-4096 Increment8 | SP 800-108 Rev.1", "KTS-IFC | A4659 | Modulo-2048,3072 Key Generation Methods-rsakpg1-basic,rskapg2-basic Scheme-KTS-OAEP-basic-KAS Role initiator, responder Key Transport Method-Key Length-1024 | SP 800-56B Rev.2", "KTS-IFC | A5276 | Modulo-2048,3072 Key Generation Methods-rsakpg1-basic,rskapg2-basic Scheme-KTS-OAEP-basic | SP 800-56B Rev.2", "RSA SigGen(FIPS186-5) | A4659 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5276 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A4659 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5276 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA2-256 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "CKG(ECDSA/ECDH) | Type:Asymmetric | N/A | CKG for asymmetric keys as per SP 800-133Rev2 section4 example1 with no post processing on theU value" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5197", "Certificate Number": "5197", "Vendor Name": "ZOLL Medical Corporation", "Module Name": "ZOLL Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5197.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5197", "module_name": "ZOLL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The ZOLL Cryptographic Module provides cryptographic functionality for the R Series and AED product families.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5196", "Certificate Number": "5196", "Vendor Name": "Kaseya US LLC", "Module Name": "Kaseya FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5196.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5196", "module_name": "Kaseya FIPS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Kaseya Cryptographic Module is a software-based cryptographic module that provides validated, FIPS 140-3-compliant cryptographic services to the Kaseya product ecosystem. The module is implemented using SafeLogic's CryptoComply library and supports approved algorithms for encryption, hashing, key generation, random number generation, TLS operations, and secure data protection. Across Kaseya's platforms, the module serves as the central cryptographic provider, protecting data in transit and at rest, enforcing strong cryptographic controls, and supporting secure communications between clients, services, and APIs. The module is product-agnostic and integrated consistently across Kaseya's SaaS, on-premises, and hybrid solutions to ensure a unified, validated cryptographic foundation. Products that utilize this module inherit FIPS-validated cryptographic functionality while maintaining product-specific operations outside the cryptographic boundary.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rsaikpg2-basic,rsaikpg2-crt,rsaikpg2-prime-factorScheme- | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5195", "Certificate Number": "5195", "Vendor Name": "Mirantis, Inc.", "Module Name": "Mirantis Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5195.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5195", "module_name": "Mirantis Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Mirantis Cryptographic Module delivers core cryptographic functions for Mirantis platforms and features robust algorithm support. Mirantis Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted and verified implementation.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance - YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A5173 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4593 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme- | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA HKDFSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A4593 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A5173 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DER", "Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DER", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP800-56BRev.2", "KTS-IFC | A5173 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5194", "Certificate Number": "5194", "Vendor Name": "Hammerspace", "Module Name": "Hammerspace Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5194.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5194", "module_name": "Hammerspace Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Hammerspace Cryptographic Module is a software library that provides cryptographic services to the Hammerspace platform.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme- | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5193", "Certificate Number": "5193", "Vendor Name": "Altus, Inc.", "Module Name": "ClioConnect Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5193.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5193", "module_name": "ClioConnect Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "ClioConnect Cryptographic Module is a standards-based cryptographic engine for communication between servers and IoT medical carts. The module delivers core cryptographic functions to IoT- enabled medical carts and features robust algorithm support. ClioConnect Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation. The module ensures secure data transfer using an encrypted protocol between carts, workstations, and web servers.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B163,B233,B283,B409,B571,K163,K233,K283,K409,K571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5192", "Certificate Number": "5192", "Vendor Name": "Tellabs Enterprise, Inc.", "Module Name": "Tellabs Optical LAN OLT Cryptographic Module V3.0", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5192.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5192", "module_name": "Tellabs Optical LAN OLT Cryptographic Module V3.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Tellabs Optical LAN OLT Cryptographic Module is a standards-based cryptographic engine for the Tellabs Optical LAN Optical Line Terminal. The module delivers core cryptographic functions for securing communication via secure sockets in accordance with FIPS 140-3.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | FIPS 140-3 Non-Proprietary Security Policy: Tellabs Optical LAN OLT Cryptographic Module V3.0 | Document Version 1.0 | ©Tellabs Enterprise, Inc. | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5191", "Certificate Number": "5191", "Vendor Name": "Greymatter.io Inc.", "Module Name": "Greymatter.io Cryptographic Module", "Module Type": "Software", "Validation Date": "03/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5191.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5191", "module_name": "Greymatter.io Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Greymatter.io Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Document Version 1.0 | ©Greymatter.io Inc. | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | Document Version 1.0 | ©Greymatter.io Inc. | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | Document Version 1.0 | ©Greymatter.io Inc. | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5189", "Certificate Number": "5189", "Vendor Name": "xFusion Digital Technologies Co., Ltd.", "Module Name": "xFusion Cryptographic Library", "Module Type": "Software", "Validation Date": "03/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5189.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5189", "module_name": "xFusion Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/11/2031", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "xFusion Cryptographic Library is a software library that provides algorithms, protocols, and services compliant with the FIPS 140-3 standard for xFusion product API.", "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A6648 | Direction | - | decrypt, | encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A6648 | Direction | - | decrypt, | encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A6648 | Direction | - | decrypt, | encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6648 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6648 | Direction | - | Generation, | Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6648 | Direction | - | Decrypt, | Encrypt | IV | Generation | - | External, | Internal | IV | Generation | Mode | - | 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A6648 | Direction | - | Decrypt, | Encrypt | IV | Generation | - | External, | Internal | IV | Generation | Mode | - | 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS | Testing | Revision 2.0 | A6648 | Direction | - | Decrypt, | Encrypt | Key Length - 128, 256 | SP 800-38E | xFusion Cryptographic Library FIPS 140-3 Non-Proprietary Security Policy | CAVP | Cert", "Counter DRBG | A6648 | Prediction | Resistance | - | Yes | Mode | -", "AES-128,", "AES-192,", "AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "ECDSA | KeyGen | (FIPS186-5) | A6648 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, | P-224, | P-256, | P-384, | P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA | KeyVer | (FIPS186-5) | A6648 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA | SigGen | (FIPS186-5) | A6648 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, | P-224, | P-256, | P-384, | P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3- | 256,", "SHA3-384,", "SHA3-512 | Component - No, Yes | FIPS 186-5", "ECDSA | SigVer | (FIPS186-5) | A6648 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, | P-224, | P-256, | P-384, | P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-", "256, SHA3-384, SHA3-512 | FIPS 186-5", "Hash DRBG | A6648 | Prediction | Resistance | - | Yes", "Mode - SHA-1, SHA2-256, SHA2-512, SHA3-256, SHA3- | 512 | SP 800-90A | Rev. 1", "HMAC DRBG | A6648 | Prediction | Resistance | - | Yes", "HMAC-SHA-1 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 | xFusion Cryptographic Library FIPS 140-3 Non-Proprietary Security Policy | CAVP | Cert", "HMAC-SHA3-512 | A6648 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC | CDH- | Component | SP800-56Ar3 (CVL) | A6648 | Function - Full Public Key Validation, Key Pair | Generation, | Partial | Public | Key | Validation | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, | K-571, P-224, P-256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A6648 | Domain Parameter Generation Methods - B-233, B-283, | B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, | P-384, | P-521 | Scheme | - | ephemeralUnified | - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A6648 | Domain Parameter Generation Methods - ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- | 2048, MODP-3072, MODP-4096, MODP-6144, MODP- | 8192 | Scheme | - | dhEphem | - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF SP800- | 56Cr2 | A6648 | Derived | Key | Length | - | 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment | 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-", "384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-", "224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C | Rev. 2", "KDA | OneStep | SP800-56Cr2 | A6648 | Derived | Key | Length | - | 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDF | ANS | 9.42", "(CVL) | A6648", "KDF | Type | - | DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-", "384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3- | 224,", "SHA3-256,", "SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "KDF | ANS | 9.63", "SHA3-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF SP800-108 | A6648", "KDF | Mode | - | Counter, | Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, | 3456, 4096 | SP 800-108 | Rev. 1 | xFusion Cryptographic Library FIPS 140-3 Non-Proprietary Security Policy | CAVP | Cert", "KDF SSH (CVL) | A6648 | -", "AES-256", "384, SHA2-512 | SP 800-135 | Rev. 1 | KMAC-128 | A6648 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment | 8 | SP 800-185 | KMAC-256 | A6648 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment | 8 | SP 800-185", "KTS-IFC | A6648 | Modulo | - | 2048, | 3072, | 4096, | 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, | rsakpg1-prime-factor, | rsakpg2-basic, | rsakpg2-crt, | rsakpg2-prime-factor | Scheme | -", "KTS-OAEP-basic | -", "KAS | Role | - | initiator, | responder | Key | Transport | Method | - | Key Length - 1024 | SP 800-56B | Rev. 2", "PBKDF | A6648 | Iteration Count - Iteration Count: 1-10000000 Increment | 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA | KeyGen | (FIPS186-5) | A6648 | Key Generation Mode - probableWithProbableAux", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2- | 384,", "SHA2-512,", "SHA2-512/224,", "SHA2-512/256 | Modulo | - | 2048, | 3072, | 4096, | 6144, | 8192 | Primality | Tests | - | 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA | SigGen | (FIPS186-5) | A6648 | Modulo | - | 2048, | 3072, | 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA | SigVer | (FIPS186-4) | A6648 | Type | - | PKCS | 1.5, | PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA | SigVer | (FIPS186-5) | A6648 | Modulo | - | 2048, | 3072, | 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Safe Primes Key | Generation | A6648 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, | ffdhe8192, | MODP-2048, | MODP-3072, | MODP-4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A6648 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, | ffdhe8192, | MODP-2048, | MODP-3072, | MODP-4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | xFusion Cryptographic Library FIPS 140-3 Non-Proprietary Security Policy | CAVP | Cert", "SHA-1 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-224 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-256 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-384 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-512 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-512/224 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA2-512/256 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4", "SHA3-224 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 202", "SHA3-256 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 202", "SHA3-384 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 202", "SHA3-512 | A6648 | Message Length - Message Length: 0-65536 Increment 8 FIPS 202", "SHAKE-128 | A6648 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A6648 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TLS | v1.2", "KDF", "RFC7627 (CVL) | A6648", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF (CVL) | A6648", "HMAC | -", "SHA2-256,", "SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | The table above lists the approved security functions (or cryptographic algorithms) of the module, | including specific key lengths employed for approved services, and implemented modes or methods of | operation of the algorithms.", "Note: When the HMAC algorithm is used, the “hmac_flag” parameter shall be set to 1.", "Note 2: RSA FIPS 186-4 signature verification is only allowed for legacy use.", "Note 3: KAS-ECC CDH-Component (CVL) shall only be used within the context of an SP 800-56Arev3 KAS. | The table below lists the vendor-affirmed algorithms that are allowed in the approved mode of operation. | Name Properties | Implementation Reference | CKG | Key | Type:Symmetric | and | Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, | example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | xFusion Cryptographic Library FIPS 140-3 Non-Proprietary Security Policy | The module does not implement any Non-Approved Algorithms Allowed in the Approved Mode of | Operation. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any Non-Approved Algorithms Allowed in the Approved Mode of | Operation with no security claimed. | Non-Approved, Not Allowed Algorithms: | N/A for this module. | The module does not implement either non-approved allowed algorithms with no security claimed or | non-approved and not allowed algorithms in the Approved mode of operation." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5188", "Certificate Number": "5188", "Vendor Name": "CGI Federal, Inc.", "Module Name": "CGI Momentum™ C++ Cryptographic Module", "Module Type": "Software", "Validation Date": "03/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5188.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5188", "module_name": "CGI Momentum™ C++ Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "CGI Momentum™ C++ Cryptographic Module implements wide array of cryptographic algorithms. CGI Momentum™ product suite uses this module for low level crypto function thus providing data at rest encryption, transport level encryption, PKI key management, digital signature generation and other crypto operations through a trusted and verified implementation.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Document Version 1.0 | ©CGI Federal, Inc. | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | Document Version 1.0 | ©CGI Federal, Inc. | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | Document Version 1.0 | ©CGI Federal, Inc. | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5187", "Certificate Number": "5187", "Vendor Name": "Splunk LLC", "Module Name": "Splunk Cryptographic Module", "Module Type": "Software", "Validation Date": "03/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5187.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5187", "module_name": "Splunk Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Splunk Cryptographic Module is a general purpose cryptographic module integrated in Splunk's products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIVGeneration-External,InternalIVGenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme- | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5186", "Certificate Number": "5186", "Vendor Name": "Kloudfuse Inc.", "Module Name": "Kloudfuse Cryptographic Module", "Module Type": "Software", "Validation Date": "03/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5186.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5186", "module_name": "Kloudfuse Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "Kloudfuse Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Document Version 1.0 | ©Kloudfuse Inc | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | Document Version 1.0 | ©Kloudfuse Inc | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | Document Version 1.0 | ©Kloudfuse Inc | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5185", "Certificate Number": "5185", "Vendor Name": "Zetetic, LLC", "Module Name": "SQLCipher Cryptographic Module", "Module Type": "Software", "Validation Date": "03/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5185.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5185", "module_name": "SQLCipher Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The SQLCipher Cryptographic Module is a cryptographic engine that integrates with SQLCipher, enhancing encrypted database operations with a trusted security layer. SQLCipher provides full database encryption and data integrity protection for local storage at rest. This module guarantees that all data stored and retrieved through SQLCipher is encrypted, decrypted, and verified using a reliable implementation for applications demanding high levels of data security.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B163,B233,B283,B409,B571,K163,K233,K283,K409,K571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnifiedKAS Role - initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnifiedKAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MMODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2", "KDA HKDF SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 | SP 800-56C Rev. 2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5184", "Certificate Number": "5184", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module 18.3 [Apple silicon, User, Software, SL1]", "Module Type": "Software", "Validation Date": "03/11/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5184.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5184", "module_name": "Apple corecrypto Module 18.3 [Apple silicon, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Apple Cryptographic Module for Apple silicon user space environment", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6507 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6508 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6509 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A6510 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A6508 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6510 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A6511 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A6507 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A6508 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A6510 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A6508 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A6510 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A6510 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A6508 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6510 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CTR | A6511 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A6507 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A6508 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A6510 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A6511 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A6508 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A6510 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A6511 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-KW | A6508 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KW | A6510 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A6507 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A6508 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A6510 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A6507 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTSTestingRevision2.0 | A6508 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTSTestingRevision2.0 | A6510 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A6508 | Prediction Resistance-NoMode-AES-128,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A6510 | Prediction Resistance-NoMode-AES-128,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A6511 | Prediction Resistance-NoMode-AES-128,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-5) | A6510 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A6512 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6510 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A6512 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6510 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A6512 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A6510 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6512 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A6510 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384, | FIPS 186-5" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5183", "Certificate Number": "5183", "Vendor Name": "Corelight, Inc.", "Module Name": "Corelight Cryptographic Module", "Module Type": "Software", "Validation Date": "03/11/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5183.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5183", "module_name": "Corelight Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Corelight Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5182", "Certificate Number": "5182", "Vendor Name": "Radio IP Software", "Module Name": "Radio IP Software Cryptographic Module", "Module Type": "Software", "Validation Date": "03/11/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5182.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5182", "module_name": "Radio IP Software Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Radio IP Software FIPS Cryptographic Module is a standards-based cryptographic engine for servers, mobiles and appliances. The module delivers core cryptographic functions to server and mobile platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Document Version 1.0 | ©Radio IP Software | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | Document Version 1.0 | ©Radio IP Software | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | Document Version 1.0 | ©Radio IP Software | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5181", "Certificate Number": "5181", "Vendor Name": "Quantum Corporation", "Module Name": "Quantum Corporation Cryptographic Module", "Module Type": "Software", "Validation Date": "03/11/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5181.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5181", "module_name": "Quantum Corporation Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "The Quantum Corporation Cryptographic Module is a standards-based cryptographic engine used for both data in flight encryption and data at rest encryption.", "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction - Decrypt, EncryptKey Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction - Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - YesMode-AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance - YesMode-AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme dhEphem-KAS Role initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme dhEphem-KAS Role initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme- | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A4593 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA-1 | A5173 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-224 | A4593 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A5173 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-256 | A4593 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A5173 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5180", "Certificate Number": "5180", "Vendor Name": "Fujitsu Limited", "Module Name": "Fujitsu Enterprise Postgres Cryptographic Module", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5180.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5180", "module_name": "Fujitsu Enterprise Postgres Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "Fujitsu Enterprise Postgres Cryptographic Module is the FIPS validated cryptographic library for Fujitsu Enterprise Postgres. This cryptographic library is used for communication data encryption and Transparent Data Encryption to provide enhanced data protection through robust cryptographic algorithms.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B163,B233,B283,B409,B571,K163,K233,K283,K409,K571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme dhEphem-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme dhEphem-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification, Key Generation, Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5179", "Certificate Number": "5179", "Vendor Name": "Verkada, Inc.", "Module Name": "Verkada Cryptographic Module", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5179.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5179", "module_name": "Verkada Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Verkada Cryptographic Module is a software toolkit which provides various cryptographic functions to support the Verkada Command Platform.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "AES-CBC-CS1 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4593 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5173 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "AES-CTR | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "AES-OFB | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A4593 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing | Revision 2.0 | A5173 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A5173 | Prediction Resistance - Yes", "DSA KeyGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA KeyGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A4593 | L - 2048 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512,", "SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A5173 | L - 2048 | N - 224, 256", "DSA PQGVer | (FIPS186-4) | A4593 | L - 1024, 2048 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer | (FIPS186-4) | A5173 | L - 1024, 2048 | N - 160, 224, 256", "DSA SigVer | (FIPS186-4) | A4593 | L - 1024, 2048, 3072 | N - 160, 224, 256 | FIPS 186-4 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "512, SHA2-512/224, SHA2-512/256", "DSA SigVer | (FIPS186-4) | A5173 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A4593 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen | (FIPS186-4) | A5173 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A4593 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A5173 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4593 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A5173 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P- | 224, P-256, P-384, P-521", "ECDSA SigVer | (FIPS186-4) | A4593 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "ECDSA SigVer | (FIPS186-4) | A5173 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K- | 409, K-571, P-192, P-224, P-256, P-384, P-521", "384, SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve - ED-25519, ED-448 | PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve - ED-25519, ED-448 | PreHash - No | Pure - Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "Hash DRBG | A5173 | Prediction Resistance - Yes", "HMAC DRBG | A4593 | Prediction Resistance - Yes", "HMAC DRBG | A5173 | Prediction Resistance - Yes", "HMAC-SHA-1 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "HMAC-SHA2- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "HMAC-SHA3- | 256 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4593 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5173 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - B-233, B-283, B-409, B- | 571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4593 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5173 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4593 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | SP 800-56A | Rev. 3 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "384, SHA3-512 | SP 800-56C | Rev. 2", "KDA HKDF | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-", "KDA OneStep | SP800-56Cr2 | A4593 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5173 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A4593 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5173 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | SP 800-56C | Rev. 2 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert | Shared Secret Length - Shared Secret Length: 224-8192 | Increment 8", "KDF ANS 9.42", "(CVL) | A4593", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5173", "KDF ANS 9.63", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A4593 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5173 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A4593", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5173", "KDF SSH (CVL) | A4593", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A5173", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1 | KMAC-128 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert | KMAC-128 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A4593 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "KTS-IFC | A5173 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "PBKDF | A4593 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A4593 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "RSA KeyGen | (FIPS186-4) | A5173 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4593 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A5173 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Generation | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A4593 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5173 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, | MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "SHA2-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Document Version 1.0 | ©Verkada, Inc. | CAVP | Cert", "SHA3-512 | A5173 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHAKE-128 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4593 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5173 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TDES-CBC | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-CBC | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A4593 | Direction - Decrypt | SP 800-67 | Rev. 2", "TDES-ECB | A5173 | Direction - Decrypt | SP 800-67 | Rev. 2", "TLS v1.2 KDF", "RFC7627 (CVL) | A4593", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "RFC7627 (CVL) | A5173", "TLS v1.3 KDF", "(CVL) | A4593 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "(CVL) | A5173 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | 2.5.2 Vendor-Affirmed Algorithms | The module implements the following vendor affirmed algorithms that are approved for use in | Approved mode. | Document Version 1.0 | ©Verkada, Inc. | Name | Implementation | CKG | Key Type:Symmetric | and Asymmetric | N/A | SP 800-133r2 and IG D.H: Per Section 4, example 1 | CKG | (XTS) | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H: Per Section 6.3, approved", "method 1. Applicable to AES-XTS compliant to IG C.I | because Key_1 and Key_2 are concatenated prior to | usage. | 2.5.3 Non-Approved, Allowed Algorithms | Non-Approved, Allowed Algorithms: | The module implements the following algorithms that are allowed for use in Approved mode. | Name | Implementation | EC Diffie-Hellman | with non-NIST | recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : SSP Agreement | CryptoComply | 140-3 FIPS | Provider | Allowed per IG D.F, | scenario 3 (per IG | C.A, category 1a and | SP 800-186 Appendix | H.1)", "ECDSA with non- | NIST recommended | curves | Curves: brainpoolP224r1 (strength 112 | bits) brainpoolP256r1 (strength 128 bits) | brainpoolP320r1 (strength 160 bits) | brainpoolP384r1 (strength 192 bits) | brainpoolP512r1 (strength 256 bits) | : Signature Generation, Signature | Verification, Key Generation, Key | Verification | CryptoComply | 140-3 FIPS | Provider | Allowed per IG C.A, | category 1a (per SP | 800-186 Appendix | H.1) | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | The module does not implement any non-approved algorithms with no security claimed. | 2.5.5 Non-Approved, Not Allowed Algorithms | Non-Approved, Not Allowed Algorithms: | Document Version 1.0 | ©Verkada, Inc. | N/A for this module. | The module does not implement any non-approved, not allowed algorithms." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5178", "Certificate Number": "5178", "Vendor Name": "Safran Trusted 4D Inc.", "Module Name": "SecureSyncGuard", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5178.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5178", "module_name": "SecureSyncGuard", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "SecureSyncGuard is a standards-based cryptographic engine, enabling secured and trusted network time distribution, within Safran's assured Timing portfolio. SecureSyncGuard provides core cryptographic functions for authentication, encryption, secure communication and key management. SecureSyncGuard is used by supported Safran products, including SecureSync 2400 and VersaSync.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction - Decrypt, EncryptKey Length - 128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction - Decrypt, EncryptKey Length - 128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,3072N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1- SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128bits) brainpoolP320r1(strength 160bits) brainpoolP384r1(strength 192bits) brainpoolP512r1(strength 256bits):Signature Generation,SignatureVerification,KeyGeneration,KeyVerification | CryptoComply140-3FIPSProvider | Allowed per IG C.A,category1a(perSP800-186AppendixH.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5177", "Certificate Number": "5177", "Vendor Name": "Minimus", "Module Name": "Minimus Cryptographic Module", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5177.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5177", "module_name": "Minimus Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "Minimus FIPS Cryptographic Module is a standards-based cryptographic engine for containers, VMs, and apps that run on cloud native platforms like Docker and Kubernetes.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux,Unix,Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A4593 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-XTS TestingRevision2.0 | A5173 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,N-160,224,256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MMODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rsakpg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2", "KDA HKDF SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 | SP 800-56C Rev. 2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5176", "Certificate Number": "5176", "Vendor Name": "Druva Inc.", "Module Name": "Druva FIPS 140-3 Cryptographic Module", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5176.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5176", "module_name": "Druva FIPS 140-3 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Druva FIPS 140-3 Cryptographic Module provides cryptographic functions that support Druva’s products and services. The module delivers core cryptographic functions and features robust algorithm support.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.a | 3.0.1-FIPS 140-3 | Compiled as a static library, tested on iOS and iPadOS | HMAC-SHA-256", "fips.dll | 3.0.0-FIPS 140-3 | Compiled for Windows | HMAC-SHA-256", "fips.dylib | 3.0.0-FIPS 140-3 | Compiled for MacOS | HMAC-SHA-256", "fips.so | 3.0.0-FIPS 140-3 | Compiled for Linux, Unix, Android | HMAC-SHA-256", "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction - decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction - Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4593 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-ECB | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-ECB | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-GCM | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1,8.2.2Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1,8.2.2Key Length - 128,192,256 | SP 800-38D", "AES-GMAC | A4593 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1,8.2.2Key Length - 128,192,256 | SP 800-38D", "AES-GMAC | A5173 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1,8.2.2Key Length - 128,192,256 | SP 800-38D", "AES-KW | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38F", "AES-KW | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38F", "AES-KWP | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38F", "AES-KWP | A5173 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction-Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction-Decrypt, EncryptKey Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction-Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS 186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5173 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4593 | L-1024,2048,N-160,224,256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MMODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192", "KDA HKDF", "KDA OneStep", "KDA TwoStep", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role - initiator, responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "PBKDF | A5173 | Iteration Count - Iteration Count:1-10000 Increment 1Password Length - Password Length:8-128 Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5, PKCSPSSModulo -2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo -1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification, Key Generation, Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A, category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5175", "Certificate Number": "5175", "Vendor Name": "DataKrypto Inc.", "Module Name": "DataKrypto Module for FHEnom", "Module Type": "Software", "Validation Date": "03/10/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5175.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5175", "module_name": "DataKrypto Module for FHEnom", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The DataKrypto Module for FHEnom is a cryptographic engine for DataKrypto's fully homomorphic encryption SDKs, including FHEnom, FHEnom for AI, and FHEnom for Images. DataKrypto Module for FHEnom delivers cryptographic services to host applications through a C language Application Programming Interface (API).", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4593 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5173 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4593 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5173 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB1 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4593 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A5173 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4593 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5173 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GCM | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A4593 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-GMAC | A5173 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP800-38D", "AES-KW | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KW | A5173 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A4593 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-KWP | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4593 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-OFB | A5173 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4593 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5173 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4593 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Counter DRBG | A5173 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A4593 | L-2048N-224,256 | FIPS186-4", "DSA KeyGen(FIPS186-4) | A5173 | L-2048N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4593 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A5173 | L-2048N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4593 | L-1024,2048N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128 bits) brainpoolP320r1(strength 160 bits) brainpoolP384r1(strength 192 bits) brainpoolP512r1(strength 256 bits):Signature Generation, Signature Verification,Key Generation,Key Verification | CryptoComply140-3 FIPSProvider | Allowed per IG C.A,category 1a(per SP 800-186 Appendix H.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5174", "Certificate Number": "5174", "Vendor Name": "N-able Technologies Inc.", "Module Name": "N-able Cryptographic Module", "Module Type": "Software", "Validation Date": "03/09/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5174.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5174", "module_name": "N-able Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/26/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "MultiChipStand", "detail_available": true, "description": "The N-able Cryptographic Module is a standards-based cryptographic engine for N-able Take Control. The module delivers core cryptographic functions which are used in the context of remote control sessions.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "DSA SigVer(FIPS186-4) | A5173 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4593 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5173 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4593 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5173 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4593 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5173 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4593 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5173 | Component - NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "EDDSA KeyGen | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyGen | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4593 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A5173 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigGen | A4593 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigGen | A5173 | Curve-ED-25519,ED-448PreHash-Yes | FIPS 186-5", "EDDSA SigVer | A4593 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "EDDSA SigVer | A5173 | Curve-ED-25519,ED-448PreHash-NoPure-Yes | FIPS 186-5", "Hash DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4593 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5173 | Prediction Resistance-YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4593 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5173 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4593 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5173 | Key Length - Key Length:8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521SchemeephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4593 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5173 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MMODP-2048,MMODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4593 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskapg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme | SP 800-56ARev.3", "KAS-IFC-SSC | A5173 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme-KAS1- KAS Role - initiator, responder KAS2- KAS Role - initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment8 HMAC Algorithm - SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56C Rev.2", "KDA HKDF SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment8 HMAC Algorithm - SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A4593 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment8 | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A5173 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A4593 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A5173 | MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A4593 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5173 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4593 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5173 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP800-135Rev.1", "KDF KMACSp800-108r1 | A4593 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF KMACSp800-108r1 | A5173 | Derived Key Length-Derived Key Length:112-4096 Increment8 | SP800-108Rev.1", "KDF SP800-108 | A4593 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SP800-108 | A5173 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP800-108Rev.1", "KDF SSH(CVL) | A4593 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5173 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A4593 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "KTS-IFC | A5173 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A4593 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "PBKDF | A5173 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4593 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5173 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4593 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5173 | Signature Type - PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4593 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5173 | Signature Type - ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A4593 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512/256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5173 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A4593 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5173 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHAKE-128 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-128 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4593 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5173 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "TDES-CBC | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CBC | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A4593 | Direction-Decrypt | SP 800-67Rev.2", "TDES-ECB | A5173 | Direction-Decrypt | SP 800-67Rev.2", "TLS v1.2 KDFRFC7627(CVL) | A4593 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.2 KDFRFC7627(CVL) | A5173 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4593 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5173 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "ECDSA with non-NIST recommended curves | Curves: brainpoolP224r1(strength 112bits) brainpoolP256r1(strength 128bits) brainpoolP320r1(strength 160bits) brainpoolP384r1(strength 192bits) brainpoolP512r1(strength 256bits):SignatureGeneration,SignatureVerification,KeyGeneration,KeyVerification | CryptoComply140-3FIPSProvider | Allowed per IG C.A,category1a(perSP800-186AppendixH.1)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5173", "Certificate Number": "5173", "Vendor Name": "Trend Micro Incorporated", "Module Name": "Trend Micro Crypto Core OpenSSL", "Module Type": "Software", "Validation Date": "03/06/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5173.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5173", "module_name": "Trend Micro Crypto Core OpenSSL", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trend Micro Crypto Core OpenSSL is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for Trend Micro Deep Discovery security products. It offers a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5172", "Certificate Number": "5172", "Vendor Name": "Thales Alenia Space", "Module Name": "Thales Alenia Space Cryptographic Module for Microsemi RTG4 FPGA", "Module Type": "Hardware", "Validation Date": "03/06/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5172.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5172", "module_name": "Thales Alenia Space Cryptographic Module for Microsemi RTG4 FPGA", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/5/2031", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "MultiChipEmbed", "description": "This cryptographic module has been developed by Thales Alenia Space and it has been implemented within the Near-Earth Object Surveyor (NEOS) transponder unit. The aim of this cryptographic module is to enable NASA to encrypt communications at the GCP, and decrypt and authenticate them at the transponder unit using AES-GCM.", "detail_available": true, "algorithms": [ "AES" ], "algorithms_detailed": [ "AES-GCM | A2809 | Direction - Decrypt, Encrypt | IV Generation - External | Key Length - 256 | SP 800-38D | The TASE-CM-NEOS is always operating in Approved mode; therefore, it does not support non-Approved | mode nor degraded mode. In addition, it does not support non-Approved security functions nor vendor | affirmed methods. | N/A for this module. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5171", "Certificate Number": "5171", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine", "Module Type": "Hardware", "Validation Date": "03/05/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5171.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5171", "module_name": "Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/4/2031", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "SingleChip", "description": "Nuvoton NPCT7xx TPM 2.0 Cryptographic Engine is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CFB128 | A6386 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-CTR | A6386 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-GCM | A6386 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-256 | SP800-38D", "AES-OFB | A6386 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "Counter DRBG | A6386 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-No | SP800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A6386 | Curve-P-256,P-384Secret Generation Mode-extra bits | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A6386 | Curve-P-256,P-384 | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A6386 | Curve-P-256,P-384Hash Algorithm-SHA2-256,SHA2-384Component-No,Yes | FIPS186-5", "ECDSA SigVer(FIPS186-4) | A6386 | Curve-P-256,P-384Hash Algorithm-SHA-1 | FIPS186-4", "ECDSA SigVer(FIPS186-5) | A6386 | Curve-P-256,P-384Hash Algorithm-SHA2-256,SHA2-384 | FIPS186-5", "HMAC-SHA-1 | A6386 | Key Length-Key Length:160-240 Increment8 | FIPS198-1", "HMAC-SHA2-256 | A6386 | Key Length-Key Length:160-1024 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A6386 | Key Length-Key Length:160-2048 Increment8 | FIPS198-1", "KAS-ECC Sp800-56Ar3 | A6386 | Domain Parameter Generation Methods-P256,P384Function-Key Pair Generation,Partial ValidationScheme-fullUnified-KAS Role-Initiator,ResponderKDF Methods-oneStepKdf-Key Length-1024 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A6386 | Domain Parameter Generation Methods-P256,P384Scheme-fullUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KDA HKDF Sp800-56Cr1 | A6386 | Derived Key Length-384Shared Secret Length-Shared Secret Length:384HMAC Algorithm-SHA2-384 | SP 800-56C Rev.2", "KDA OneStep Sp800-56Cr1 | A6386 | Derived Key Length-1024Shared Secret Length-Shared Secret Length:384-768Increment8 | SP 800-56C Rev.2", "KDF SP800-108 | A6386 | KDF Mode-CounterSupported Lengths-Supported Lengths:20,48 | SP 800-108Rev.1", "KTS-IFC | A6386 | Modulo-2048,3072,4096Key Generation Methods-rsakpg1-crtScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-KeyLength-384 | SP 800-56B Rev.2", "RSA KeyGen(FIPS186-5) | A6386 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-crt | FIPS 186-5", "RSA SigGen(FIPS186-5) | A6386 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,psss | FIPS 186-5", "RSA Signature Primitive(CVL) | A6386 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6386 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6386 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,psss | FIPS 186-5", "SHA-1 | A6386 | Message Length-Message Length:0-16384 Increment8 | FIPS 180-4", "SHA2-256 | A6386 | Message Length - Message Length:0-16384 Increment 8 | FIPS 180-4", "SHA2-384 | A6386 | Message Length - Message Length:0-16384 Increment 8 | FIPS 180-4", "RSA signature generation using SHA-1 | Digital signature generation", "ECDSA signature generation using SHA-1 | Digital signature generation", "ECDSA signature verification component | Digital signature verification of a message digest", "RSA Key Transport | RSA Key Transport with Non-Approved Padding schemes RSAES-PKCS-v1.5/NULL", "CKG | HMAC key generation with Key Size<112bits", "HMAC | Message Authentication Code using HMAC with Key Size<112bits", "KAS-ECC-SSC | ECC Shared Secret Computation with known seed" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5170", "Certificate Number": "5170", "Vendor Name": "Verichains", "Module Name": "BShield Cryptographic Module", "Module Type": "Software", "Validation Date": "03/05/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5170.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5170", "module_name": "BShield Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The BShield Cryptographic Module is a general-purpose library integrated into BShield, a mobile application protection solution developed by Verichains, as well as other Verichains products, to provide FIPS 140-3 validated cryptographic functions for the protection of sensitive information.", "detail_available": true, "algorithms": [ "DRBG", "HMAC", "SHA" ], "algorithms_detailed": [ "Hash DRBG with SHA3-256, SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-90A Rev. 1", "HMAC DRBG with SHA3-256, SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 NIST, SP 800-90A Rev. 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non-Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5169", "Certificate Number": "5169", "Vendor Name": "ST Engineering Urban Solutions Ltd.", "Module Name": "Vega-1 Cryptographic Module", "Module Type": "Software", "Validation Date": "03/04/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5169.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5169", "module_name": "Vega-1 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/3/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Vega-1 Cryptographic Module provides cryptography to the Vega-1 device.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5951 | - | SP 800-38A", "AES-CBC-CS1 | A5951 | - | SP 800-38A", "AES-CBC-CS2 | A5951 | - | SP 800-38A", "AES-CBC-CS3 | A5951 | - | SP 800-38A", "AES-CCM | A5951 | - | SP 800-38C", "AES-CFB1 | A5951 | - | SP 800-38A", "AES-CFB128 | A5951 | - | SP 800-38A", "AES-CFB8 | A5951 | - | SP 800-38A", "AES-CMAC | A5951 | - | SP 800-38B", "AES-CTR | A5951 | - | SP 800-38A", "AES-ECB | A5951 | - | SP 800-38A", "AES-GCM | A5951 | - | SP 800-38D", "AES-GMAC | A5951 | - | SP 800-38D", "AES-KW | A5951 | - | SP 800-38F", "AES-KWP | A5951 | - | SP 800-38F", "AES-OFB | A5951 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5951 | - | SP 800-38E", "Counter DRBG | A5951 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5951 | - | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A5951 | - | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5951 | - | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5951 | - | FIPS 186-5", "Hash DRBG | A5951 | - | SP 800-90A Rev.1", "HMAC DRBG | A5951 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A5951 | - | FIPS 198-1", "HMAC-SHA2-224 | A5951 | - | FIPS 198-1", "HMAC-SHA2-256 | A5951 | - | FIPS 198-1", "HMAC-SHA2-384 | A5951 | - | FIPS 198-1", "HMAC-SHA2-512 | A5951 | - | FIPS 198-1", "HMAC-SHA2-512/224 | A5951 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5951 | - | FIPS 198-1", "HMAC-SHA3-224 | A5951 | - | FIPS 198-1", "HMAC-SHA3-256 | A5951 | - | FIPS 198-1", "HMAC-SHA3-384 | A5951 | - | FIPS 198-1", "HMAC-SHA3-512 | A5951 | - | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A5951 | - | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5951 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5951 | - | SP 800-56A Rev.3", "KAS-IFC-SSC | A5951 | - | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A5951 | - | SP 800-56C Rev.2", "KDA OneStep SP800-56Cr2 | A5951 | - | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A5951 | - | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A5951 | - | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A5951 | - | SP 800-135 Rev.1", "KDF KMAC Sp800-108r1 | A5951 | - | SP 800-108 Rev.1", "KDF SP800-108 | A5951 | - | SP 800-108 Rev.1", "KDF SSH(CVL) | A5951 | - | SP 800-135 Rev.1", "KTS-IFC | A5951 | - | SP 800-56B Rev.2", "PBKDF | A5951 | - | SP 800-132", "RSA KeyGen(FIPS186-5) | A5951 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5951 | - | FIPS 186-5", "RSA Signature Primitive(CVL) | A5951 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5951 | - | FIPS 186-4", "RSA SigVer(FIPS186-5) | A5951 | - | FIPS 186-5", "SHA-1 | A5951 | - | FIPS 180-4", "SHA2-224 | A5951 | - | FIPS 180-4", "SHA2-256 | A5951 | - | FIPS 180-4", "SHA2-384 | A5951 | - | FIPS 180-4", "SHA2-512 | A5951 | - | FIPS 180-4", "SHA2-512/224 | A5951 | - | FIPS 180-4", "SHA2-512/256 | A5951 | - | FIPS 180-4", "SHA3-224 | A5951 | - | FIPS 202", "SHA3-256 | A5951 | - | FIPS 202", "SHA3-384 | A5951 | - | FIPS 202", "SHA3-512 | A5951 | - | FIPS 202", "SHAKE-128 | A5951 | - | FIPS 202", "SHAKE-256 | A5951 | - | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A5951 | - | SP 800-135 Rev.1", "TLS v1.3 KDF(CVL) | A5951 | - | SP 800-135 Rev.1", "AES | Cert.#A5951:key unwrapping per IG D.G | Vega 1 | Symmetric key unwrapping per IG D.G Additional Comment 5", "FIPS 186-4 RSA SigVer X9.31 | Cert.A5951:signature verification | Vega 1 | IG C.K", "FIPS 186-5 ECDSA SigVer Component | Curve(s): P-192, P-224, P-256, P-384, P-521, B-163, B-233, B-283, B-409,B-571,K-163,K-233,K-283,K-409,K-571,Function(s):SigVer", "HMAC Generate | Key length(s):<112bits for MAC generation", "HMAC DRBG/Hash DRBG | PRF(s): SHA3(all sizes)", "ED448 | PRF: SHAKE256,Function(s):SigGen,SigVer", "ED25519 | PRF: SHA2-512,Function(s):SigGen,SigVer", "TDES | Mode(s):CBC and ECB,Function(s):Encrypt,Decrypt", "FIPS 186-4 DSA | Key size(strength):L=1024,N=160(s<112);L=2048,N=224(s=112);L=2048,N=256(s=112);L=3072,N=256(s=128);Function(s):KeyGen,SigGen,SigVer,PQGVer and PQGGen(SHA-1,SHA2 and SHA3 all sizes);SigVer and PQGVer disapproved per IG C.M3.e", "FIPS 186-2 RSA Signature | Modulus:>1024 bits,Function(s):SigGen,SigVer(perIGC.M3.e.forSigVer)", "FIPS 186-2 RSA Generate Key | Modulus:>=2048 bits,Function(s):KeyGen", "KDA HKDF SP800-56Cr1 | Key length(s):<112bits", "KDA OneStep SP800-56Cr1 | PRF(s): SHAKE128and SHAKE256", "KDF ANS 9.42 | PRF(s): SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128andKECCAK-KMAC256", "KDF ANS 9.63 | PRF(s): SHA-1, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256", "RSA PKCS1.5(for KTS) | Usage of RSA PKCS1.5 Encapsulation/decapsulation in the context of SSP Transport(KTS)", "RSA Signature Primitive | RSASP with modulus 3072,4096(since RSASP2.0 is untested per CAVP Cert.#A5951)", "FIPS 186-4 RSA KeyGen X9.31,FIPS 186-4 RSA SigGen X9.31 | RSA KeyGen,SigGen perX9.31perIGC.K", "SHA-1 for SigVer | Usage of SHA-1in the context of signature verification(perIGC.M3.e)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5168", "Certificate Number": "5168", "Vendor Name": "Alcatel-Lucent Enterprise USA, Inc.", "Module Name": "Alcatel-Lucent Enterprise Cryptographic Module v3", "Module Type": "Software", "Validation Date": "03/03/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5168.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5168", "module_name": "Alcatel-Lucent Enterprise Cryptographic Module v3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The ALE Cryptographic Module v3 is a general-purpose cryptographic library incorporated into the OmniSwitch devices and other ALE products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA" ], "algorithms_detailed": [ "HMAC DRBG | A4481 | Additional Input - Additional Input: 0-256 Increment 128", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "SHA-1 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4481 | Supports Bit-Oriented Messages-NoSupports Empty Message-Yes | FIPS 202", "SHAKE-256 | A4481 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90ARev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90ARev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBC:(A4481)", "AES-CBC-CS1:(A4481)", "AES-CBC-CS2:(A4481)", "AES-CBC-CS3:(A4481)", "AES-CFB1:(A4481)", "AES-CFB128:(A4481)", "AES-CFB8:(A4481)", "AES-CTR:(A4481)", "AES-ECB:(A4481)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5167", "Certificate Number": "5167", "Vendor Name": "NEC Corporation", "Module Name": "NEC Storage Hybrid Firmware Encryption Module", "Module Type": "Firmware-hybrid", "Validation Date": "03/02/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5167.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5167", "module_name": "NEC Storage Hybrid Firmware Encryption Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/28/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "MultiChipEmbed", "description": "NEC Storage Hybrid Firmware Encryption Module provides data at rest encryption for NEC storage.", "detail_available": true, "algorithms": [ "AES", "SHA" ], "algorithms_detailed": [ "AES-ECB | A5023, A5025, A5026, A5027, A5028, A5029, A5030, | A5031, A5032, A5033, A5034, A5035, A5036, A5037, | A5038, A5039, A5040, A5041, A5042, A5043, A5044 | Direction - Decrypt, | Encrypt | Key Length - 256 | SP 800-38A", "AES-KW | A5023 | Direction - Decrypt, | Encrypt | Key Length - 256 | SP 800-38F", "AES-XTS | Testing Revision | 2.0 | A5046, A5047, A5048, A5049, A5050, A5051, A5052, | A5053 | Direction - Decrypt, | Encrypt | Key Length - 256 | SP 800-38E", "SHA2-256 | A5024 | Message Length - | Message Length: 8- | 65536 Increment 8 | FIPS 180-4 | © NEC Corporation 2024 | This document may be reproduced and distributed only in its original entirety (without revision). | N/A for this module. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5166", "Certificate Number": "5166", "Vendor Name": "Google, LLC.", "Module Name": "Titan-BPN Cryptographic Module", "Module Type": "Hardware", "Validation Date": "03/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5166.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5166", "module_name": "Titan-BPN Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/17/2031", "overall_level": 1, "caveat": "When operated in approved mode.", "module_type": "Hardware", "embodiment": "SingleChip", "description": "The module is a custom secure micro-controller. It can implement a variety of security, encryption, and cryptography protocols. The protocols are running on a secure processor on-chip, interfacing with a host using an API across a trusted SPI peripheral. It provides secure EEPROM Boot, using SPI pass-through technology that allows the module to confirm authorship of Boot Code, ensuring code-signing before code swap is completed.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "ECDSA SigVer(FIPS186-4) | A5419 | Curve - P-256Hash Algorithm - SHA2-256 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5419 | Signature Type - PKCS 1.5Modulo - 2048, 3072 | FIPS 186-4", "SHA2-256 | A5419 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-256 | A5420 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "HMAC-SHA2-256 (non-conformant) | Keyed-Hash", "HKDF-SHA2-256 (non-conformant) | Hash Key Derivation Function", "ECDSA P-256 (non-conformant) | Signature Generation, Signature Verification, Key PairGeneration", "AES-CTR (non-conformant) | Encryption, Decryption", "HMAC DRBG (non-conformant) | Random Number Generation", "Titan-BPN ChipMessage Digest | SHA | Hashing | SHA2-256:(A5420)", "Titan-BPNLibrary MessageDigest | SHA | Hashing | SHA2-256:(A5419)", "Titan-BPNLibrary FWUpdatesVerification | DigSig-SigVer | Digital SignatureVerification | ECDSA SigVer(FIPS186-4):(A5419)SHA2-256:(A5419)", "Titan-BPNLibraryEEPROM FWVerification | DigSig-SigVer | Digital SignatureVerification | RSA SigVer(FIPS186-4):(A5419)SHA2-256:(A5419)", "Titan-BPNTRNG EntropySource | ENT-CondENT-ESV | Entropy Source | SHA2-256:(A5420)", "Titan-BPN TRNGEntropy Source | Physical | Titan ChipH1B3P | 256 bits | 256 bits | SHA2-256(A5420)", "AIM Generate AlphaAttestation Key | Alpha Identity Manager (AIM)generate Alpha Attestation Key fromthe TRNG | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant) | User", "AIM Load and VerifyAlpha Attestation Key | Load and Verify Alpha AttestationKey | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant) | User", "AIM Load and VerifyAlpha Attestation Keyfrom CSR | Load and Verify Alpha AttestationKey Certificate Signing Request | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant) | User", "AIM Retrieve Aplha BindKey Counter Value | Retrieves the counter valueassociated with a specified AlphaBind Key | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant) | User", "AIM Generate Alpha BindKey | Generates a new wrapped AlphaBind Key | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant) | User", "AIM Load Alpha Bind Key | Loads an Alpha Bind Key | HKDF-SHA2-256(non-conformant)AES-CTR (non-conformant) | User", "AIM Validate Alpha BindKey | Performs validation of Alpha BindKind. Does not load the key | HKDF-SHA2-256(non-conformant)AES-CTR (non-conformant) | User", "AIM Get Version | Derives Alpha Attestation Key andbinds it to the firmware release | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant) | User", "AIM Get alias keycertificate | Retrieves Alias key certificate frominternal storage | ECDSA P-256(non-conformant)HMAC DRBG(non-conformant) | User", "AIM Get certificate signedwith alias key for AlphaAttestation Key | Retrieves Public Key, Certificatesigned with alias key for currentlyloaded Alpha Attestation Key | HMAC-SHA2-256(non-conformant)HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant)HMAC DRBG(non-conformant) | User", "Harvest HPUB | Retrieves a set of internal statesbased on per-chip identity | HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant) | User", "Get Per-boot Nonce | Retrieves the unique per-boot noncefor Titan | HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant) | User", "Alpha Unwrap ProductionIdentity | Unwraps a Production Identity blobdataset | HKDF-SHA2-256(non-conformant)EC DH P-256(non-conformant)AES-CTR (non-conformant) | User", "Alpha Production IdentityGet Loaded Tokens | Retrieves set of BIOS tokens | HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant) | User", "Alpha Signed Get Mode | Return modes support signed withAlpha Attestation Key | HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant) | User", "Alpha Get Mode | Return modes supported | HKDF-SHA2-256(non-conformant)ECDSA P-256(non-conformant)AES-CTR (non-conformant) | User", "SHA2-256(A5420) | 256-bit hash | KAT | CAST | Successfulinitializationof themodule | Hash | ModuleInitialization", "SHA2-256(A5419) | 256-bit hash | KAT | CAST | Successfulinitializationof themodule | Hash | ModuleInitialization", "RSA SigVer(FIPS186-4)(A5419) | 2048-bit | KAT | CAST | Successfulinitializationof themodule | SignatureVerification | ModuleInitialization", "SHA2-256(A5420) | KAT | CAST | On Demand | Power cycle", "SHA2-256(A5419) | KAT | CAST | On Demand | Power cycle", "ECDSA SigVer(FIPS186-4)(A5419) | KAT | CAST | On Demand | Power cycle", "RSA SigVer(FIPS186-4)(A5419) | KAT | CAST | On Demand | Power cycle" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5165", "Certificate Number": "5165", "Vendor Name": "Google, LLC.", "Module Name": "River Redux Cryptographic Module", "Module Type": "Hardware", "Validation Date": "03/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5165.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5165", "module_name": "River Redux Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/17/2031", "overall_level": 1, "caveat": "This module contains the embedded module [Titan-BPN Cryptographic Module] validated to FIPS 140-3 under Cert. #5166 operating in approved mode", "module_type": "Hardware", "embodiment": "MultiChipEmbed", "description": "The module is a Network Interface Card (NIC) housed on a host device, which is designed to support Ethernet and IP networking. The module contains cryptographic hardware and firmware support, which allows data packets to be encrypted and decrypted using AES-GCM-128 at \"line rate\", while supporting a very large number of simultaneous Security Associations.", "detail_available": true, "algorithms": [ "AES", "DRBG", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CMAC | A3409 | Direction - GenerationKey Length - 128 | SP 800-38B", "AES-CMAC | A5448 | Direction - GenerationKey Length - 128 | SP 800-38B", "AES-ECB | A3409 | Direction - EncryptKey Length - 128 | SP 800-38A", "AES-ECB | A5448 | Direction - EncryptKey Length - 128 | SP 800-38A", "AES-GCM | A3409 | Direction - Decrypt, EncryptIV Generation - ExternalKey Length - 128 | SP 800-38D", "AES-GCM | A5448 | Direction - EncryptIV Generation - ExternalKey Length - 128 | SP 800-38D", "AES-GMAC | A3409 | Direction - Decrypt, EncryptIV Generation - ExternalKey Length - 128 | SP 800-38D", "AES-GMAC | A5448 | Direction - EncryptIV Generation - ExternalKey Length - 128 | SP 800-38D", "CounterDRBG | A5448 | Prediction Resistance - NoMode - AES-128Derivation Function Enabled - No | SP 800-90ARev. 1", "KDF SP800-108 | A3409 | KDF Mode - CounterSupported Lengths - Supported Lengths:128 | SP 800-108Rev. 1", "KDF SP800-108 | A5448 | KDF Mode - CounterSupported Lengths - Supported Lengths:128 | SP 800-108Rev. 1", "SHA3-224 | A3409 | Message Length - Message Length: 8-51200 Increment 8 | FIPS 202", "RSA SigVer(FIPS186-4) | A5419 | Signature Type - PKCS 1.5Modulo - 2048, 3072 | FIPS 186-4", "SHA2-256 | A5419 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-256 | A5420 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "Crypto EngineKDF | KBKDF | Key DerivationFunction | KDF SP800-108: (A3409)AES-CMAC:(A3409)AES-EB:(A3409)", "Crypto EngineAuthenticatedEncryption | BC-Auth | AuthenticatedEncryption/Decryption | AES-GCM:(A3409)AES-GMAC:(A3409)AES-ECB:(A3409)", "Crypto EngineMessageDigest | SHA | Hashing | SHA3-224:(A3409)", "Hotplug KDF | KBKDF | Key DerivationFunction | KDF SP800-108: (A5448)AES-CMAC:(A5448)AES-ECB:(A5448)", "HotplugAuthenticatedEncryption | KTS-Wrap | AuthenticatedEncryption/Decryption | AES-GCM:(A5448)AES-GMAC:(A5448)", "HotplugSymmetric KeyGeneration | CKG | Symmetric KeyGeneration | CounterDRBG:(A5448)AES-ECB:(A5448)CKG:", "Titan-BPNLibrary FWVerification | DigSig-SigVer | Digital SignatureVerification \\[Titan-BPN CryptographicModule\\] | RSA SigVer(FIPS186-4):(A5419)SHA2-256:(A5419)", "Titan-BPN TRNG Entropy Source | ENT-Cond ENT-ESV | Entropy Source \\[Titan-BPN Cryptographic Module | SHA2-256: (A5420) | \\", "Titan-BPN TRNGEntropy Source | Physical | Titan ChipH1B3P | 256 bits | 256 bits | SHA2-256(A5420) | \\", "Derive RXSession IDand RXSession Key | InstructModule togenerate anew sessionkey basedon theMaster Key | SuccessfuIcompletion ofservice | APIcommandandparameterS | RXSession IDand RXSessionKeyderived | Cryptoenngine KDFHotplug KDF | User- MasterKey: E- RxSessionKey: G-ExportedRxSessionKey:G,R | \\", "DRBG V | NIST SP800-90A DRBGinternal state | N/A -N/A | InternalValue -CSP | HotplugSymmetricKeyGeneration | \\", "MasterKey | Used togenerateSession Keys | 128 -128 | Symmetric Key -CSP | HotplugSymmetricKeyGeneration | CryptoEngine KDFHotplug KDF | \\", "DRBG Seed | RAM:Plaintext | Until powercycling themodule | PowerCycle | \\", "DRBG V | RAM:Plaintext | Until powercycling themodule | PowerCycle | \\", "DRBG Key | RAM:Plaintext | Until powercycling themodule | PowerCycle | \\", "RSA SigVer(FIPS186-4)(A5419) | 2048/3072-bit | DigitalSignatureVerification | SW/FWIntegrity | StatusOutput | EEPROM FirmwareVerification IntegrityTest \\[Titan-BPNCryptographic Module\\] | \\", "RSA SigVer(FIPS186-4)(A5419) | 2048/3072-bit | DigitalSignatureVerification | SW/FWIntegrity | StatusOutput | Hotplug FirmwareVerification IntegrityTest \\[Titan-BPNCryptographic Module\\] | \\", "SHA3-224(A3409) | N/A | MessageDigest | SW/FWIntegrity | StatusOutput | Hotplug FirmwareIntegrity Test | \\", "AES-ECB(A3409) | 128-bitkey | KAT | CAST | SuccessfuIinitialization of themodule | Encryption | ModuleInitialization | \\", "AES-CMAC(A3409) | 128-bitkey | KAT | CAST | SuccessfuIinitialization of themodule | MAC Generation | ModuleInitialization | \\", "AES-GCM(A3409) | 128-bitkey | KAT | CAST | Successfuinitialization of themodule | AuthenticatedEncryption/Decryption | ModuleInitialization | \\", "SHA3-224(A3409) | 224-bithash | KAT | CAST | Successfuinitialization of themodule | Hash | ModuleInitialization | \\", "AES-EBB(A5448) | 128-bitkey | KAT | CAST | Successfuinitialization of themodule | Encryption | ModuleInitialization | \\", "AES-CMAC(A5448) | 128-bitkey | KAT | CAST | Successfuinitialization of themodule | MAC Generation | ModuleInitialization | \\", "AES-GCM(A5448) | 128-bitkey | KAT | CAST | Successfu\\ | initialization of themodule | AuthenticatedEncryption/Decryption | ModuleInitialization | \\", "SHA2-256(A5420) | 256-bithash | KAT | CAST | SuccessfuIinitialization of themodule | Hash \\[Titan-BPNCryptographicModule\\] | ModuleInitialization | \\", "SHA2-256(A5419) | 256-bithash | KAT | CAST | Successfuinitializatio | Hash \\[Titan-BPNCryptographicModule | ModuleInitialization | \\", "RSA SigVer(FIPS186-4)(A5419) | Digital SignatureVerification | SW/FW Integrity | On Demand | Power cycle | \\", "SHA3-224(A3409) | Message Digest | SW/FW Integrity | On Demand | Power cycle | \\", "AES-ECB(A3409) | KAT | CAST | On Demand | Power cycle | \\", "AES-CMAC(A3409) | KAT | CAST | On Demand | Power cycle | \\", "KDF SP800-108(A3409) | KAT | CAST | On Demand | Power cycle | \\", "AES-GCM(A3409) | KAT | CAST | On Demand | Power cycle | \\", "SHA3-224(A3409) | KAT | CAST | On Demand | Power cycle | \\", "AES-ECB(A5448) | KAT | CAST | On Demand | Power cycle | \\", "AES-CMAC(A5448) | KAT | CAST | On Demand | Power cycle | \\", "KDF SP800-108(A5448) | KAT | CAST | On Demand | Power cycle | \\", "AES-GCM(A5448) | KAT | CAST | On Demand | Power cycle | \\", "Counter DRBG(A5448) | KAT | CAST | On Demand | Power cycle | \\", "SHA2-256(A5420) | KAT | CAST | On Demand | Power cycle | \\", "SHA2-256(A5419) | KAT | CAST | On Demand | Power cycle | \\", "RSA SigVer(FIPS186-4)(A5419) | KAT | CAST | On Demand | Power cycle | \\" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5164", "Certificate Number": "5164", "Vendor Name": "Zebra Technologies Corporation", "Module Name": "Zebra 9098 Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "02/20/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5164.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5164", "module_name": "Zebra 9098 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/19/2031", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Firmware-hybrid", "embodiment": "MultiChipStand", "description": "The Zebra 9098 Cryptographic Module implements cryptographic support for Zebra wireless devices.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ], "algorithms_detailed": [ "AES-CCM | A6540 | Key Length - 128 | SP 800-38C", "AES-ECB | A6540 | Direction - Decrypt, EncryptKey Length - 128 | SP 800-38A", "HMAC-SHA-1 | A5388 | Key Length - Key Length: 112-512 Increment 8 | FIPS 198-1", "SHA-1 | A5388 | Message Length - Message Length: 8-65536Increment 8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5163", "Certificate Number": "5163", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 24.04 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "02/20/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5163.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5163", "module_name": "Canonical Ltd. Ubuntu 24.04 GnuTLS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/19/2031", "overall_level": 1, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "The Canonical Ltd. Ubuntu 24.04 GnuTLS Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5671,A5672,A5673,A5674,A5679,A5713,A5935,A5936,A5939 | - | SP 800-38A", "AES-CCM | A5671,A5713,A5935 | - | SP 800-38C", "AES-CFB8 | A5676,A5677,A5682,A5942 | - | SP 800-38A", "AES-CMAC | A5671,A5674,A5679,A5935,A5939 | - | SP 800-38B", "AES-GCM | A5671,A5672,A5673,A5674,A5679,A5713,A5935,A5936,A5939 | - | SP 800-38D", "AES-GMAC | A5679,A5939 | - | SP 800-38D", "AES-XTS Testing Revision 2.0 | A5680,A5940 | - | SP 800-38E", "Counter DRBG | A5679,A5939 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A5679,A5939 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "HMAC-SHA-1 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 198-1", "HMAC-SHA2-224 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 198-1", "HMAC-SHA2-256 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 198-1", "HMAC-SHA2-384 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 198-1", "HMAC-SHA2-512 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5679,A5939 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5679,A5939 | - | SP 800-56A Rev.3", "KDA HKDF Sp800-56Cr1 | A5678,A5938 | - | SP 800-56C Rev.2", "KDF TLS(CVL) | A5679,A5939 | - | SP 800-135 Rev.1", "PBKDF | A5679,A5939 | - | SP 800-132", "RSA KeyGen(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "RSA SigVer(FIPS186-2) | A5679,A5939 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5679,A5939 | - | FIPS 186-4", "RSA SigVer(FIPS186-5) | A5679,A5939 | - | FIPS 186-5", "SHA-1 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 180-4", "SHA2-224 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 180-4", "SHA2-256 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 180-4", "SHA2-384 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 180-4", "SHA2-512 | A5674,A5679,A5713,A5937,A5939 | - | FIPS 180-4", "SHA3-224 | A5675,A5681,A5941 | - | FIPS 202", "SHA3-256 | A5675,A5681,A5941 | - | FIPS 202", "SHA3-384 | A5675,A5681,A5941 | - | FIPS 202", "SHA3-512 | A5675,A5681,A5941 | - | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A5679,A5939 | - | SP 800-135Rev.1", "CMAC with Triple-DES | Message authentication code (MAC)", "MD5 | Only allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.A | Message digest used in TLS 1.0/1.1 KDF only for legacy use", "DES | Symmetric encryption; Symmetric decryption", "ECDSA(with curves other thanP-256,P-384,P-512) | Key generation;Public key verification", "ECDSA(with curves other thanP-256,P-384,P-512 or hash functions other thanSHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature generation;Digital signature verification", "EC Diffie-Hellman(with curves other thanP-256,P-384,P-512) | Key agreement;Shared secret computation", "HMAC(with keys smaller than112-bits) | Message authentication code(MAC)", "HMAC(with GOST) | Message authentication code(MAC)", "PBKDF(with non-approved message digest algorithms or using input parameters not meeting requirements stated in section2.7 of the security policy) | Key derivation", "RSA(with keys smaller than2048 bits and/or hash functions other thanSHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature generation", "RSA(with keys smaller than1024 bits and/or hash functions other thanSHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature verification", "RSA(with any key sizes) | Key encapsulation;Key un-encapsulation", "SRP | Key agreement;Shared secret computation", "Triple-DES | Symmetric encryption;Symmetric decryption", "AES-GCM(when not used in the context of the TLS protocol) | Authenticated encryption;Authenticated decryption", "DSA | Key generation;Domain parameter generation;Digital signature generation;Digital signature verification", "Diffie-Hellman(with domain parameters other than safe primes) | Key agreement;Shared secret computation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5162", "Certificate Number": "5162", "Vendor Name": "Arista Networks, Inc.", "Module Name": "Arista Crypto Module Lvl2 [Software, Software IPsec]", "Module Type": "Software", "Validation Date": "02/17/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5162.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5162", "module_name": "Arista Crypto Module Lvl2 [Software, Software IPsec]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/16/2031", "overall_level": 2, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "MultiChipStand", "description": "Arista's crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A4984 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A4984 | Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4984 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4984 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-XTSTesting Revision2.0 | A4984 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "Counter DRBG | A4984 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4984 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4984 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4984 | Component-NoCurve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4984 | Component-NoCurve-P-256,P-384,P-521 | FIPS 186-4", "Hash DRBG | A4984 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4984 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4984 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4984 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4984 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4984 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4984 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4984 | Domain Parameter Generation Methods-P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4984 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192 Scheme-dhEphem-KAS Role initiator, responder | SP 800-56A Rev.3", "KDF IKEv1(CVL) | A4984 | Authentication Method-Pre-shared Key Preshared Key Length-Preshared Key Length:8-8192 Increment8 Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:1024-8192 Increment1024 | SP 800-135Rev.1", "KDF IKEv2(CVL) | A4984 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:1024-8192 Increment1024 Derived Keying Material Length-Derived Keying Material Length:256-2048 Increment128 | SP 800-135Rev.1", "KDF SP800-108 | A4984 | KDF Mode-Counter | SP 800-108Rev.1", "KDF SSH(CVL) | A4984 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "KDF TLS(CVL) | A4984 | TLS Version-v1.0/1.1 Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A4984 | Modulo-2048,3072,4096 Key Generation Methods-rsakpg2-basic Scheme-KTS-OAEP-basic-KAS Role initiator, responderKey Length-512 | SP 800-56BRev.2", "RSA KeyGen(FIPS186-4) | A4984 | Key Generation Mode-B.3.3,B.3.6 Modulo-2048,3072,4096 Primality Tests-Table C.2 Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A4984 | Signature Type-ANSI X9.31,PKCS1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4984 | Signature Type-ANSI X9.31,PKCS1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A4984 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-224 | A4984 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-256 | A4984 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-384 | A4984 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-512 | A4984 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "TLS v1.2 KDF RFC7627(CVL) | A4984 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "MD5 | Allowed per IG 2.4.A | Message digest used in TLS 1.0/1.1 KDF only", "DSA (disallowed) | KeyGen, PQGGen, PQGVer, SigGen,and SigVer", "RSA (disallowed) | Key Encryption and Decryption using PKCS#1 v1.5", "Counter DRBG(non-compliant) | Random number generation using Counter DRBG without a DF\\[algorithm disabled by module in approved mode\\]", "Triple-DES KW(non-compliant) | Key wrapping\\[algorithm disabled by module in Approved mode\\]", "DES | Encryption and Decryption\\[algorithm disabled by module in approved mode\\]", "DES-X | Encryption and Decryption\\[algorithm disabled by module in approved mode\\]", "Triple-DES | Encryption and Decryption\\[algorithm disabled by module in approved mode\\]", "Triple-DES MAC | Message Digest\\[algorithm disabled by module in approved mode\\]", "HMAC-MD5 | Keyed Hash\\[algorithm disabled by module in approved mode\\]" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5161", "Certificate Number": "5161", "Vendor Name": "Versa Networks, Inc.", "Module Name": "Versa Operating System (VOS) Cryptographic Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5161.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5161", "module_name": "Versa Operating System (VOS) Cryptographic Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Versa Operating System (VOS) Cryptographic Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled - No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,K-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length: | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,UsageofHKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage of HMACwithkeylengthlessthan112bitsforMACgeneration", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256", "Symmetric Encryption and Decryption | BC-Auth BC-UnAuth | Symmetric Encryption and Decryption | Key Length:128,192 and 256 bits Key Length(XTS):128 and 256 bits | AES-CBC:(A3548) AES-CBC-CS1:(A3548) AES-CBC-CS2:(A3548) AES-CBC-CS3:(A3548) AES-CCM:(A3548) AES-CFB1:(A3548)", "AES-CFB8:(A3548)", "AES-CMAC:(A3548)", "AES-CTR:(A3548)", "AES-ECB:(A3548)", "AES-GCM:(A3548)", "AES-GMAC:(A3548)", "AES-OFB:(A3548)", "AES-XTSTestingRevision2.0:(A3548)", "MessageDigest | SHA | Message Digest | SHA-1:(s=160)Large MessageSizes:1,2,4,8gigabytesSHA2:SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256).Large MessageSizes:1,2,4,8gigabytesSHA3:SHA3-224(s=224),SHA3-256(s=256),SHA3-384(s=384),SHA3-512(s=512).See Note 1.Large MessageSizes:1,2,4,8gigabytesSHAKE:SHAKE-128(s=128),SHAKE-256(s=256).SeeNote1. | SHA-1:(A3548)", "SHA2-224:(A3548)", "SHA2-256:(A3548)", "SHA2-384:(A3548)", "SHA2-512:(A3548)", "SHA2-512/224:(A3548)", "SHA3-224:(A3548)", "SHA3-256:(A3548)", "SHA3-384:(A3548)", "SHA3-512:(A3548)", "SHAKE-128:(A3548)", "SHAKE-256:(A3548)", "SHA2-512/256:(A3548)", "Keyed Hash | BC-AuthMAC | Keyed Hash | HMAC-SHA-1\\[FIPS198-1\\]:SHA-1(s | HMAC-SHA-1:(A3548)", "Name | Type | Description | Properties=160)HMAC-SHA2\\[FIPS198-1\\]:SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256)HMAC-SHA3\\[FIPS198-1\\]:SHA3-224(s=224),SHA3-256(s=256),SHA3-384(s=384),SHA3-512(s=512)KMAC:KMAC-128(112s128),KMAC-256(112s256).See Note 8. | AlgorithmsHMAC-SHA2-224(A3548)HMAC-SHA2-256(A3548)HMAC-SHA2-384(A3548)HMAC-SHA2-512(A3548)HMAC-SHA2-512/224(A3548)HMAC-SHA2-512/256(A3548)HMAC-SHA3-224(A3548)HMAC-SHA3-256(A3548)HMAC-SHA3-384(A3548)HMAC-SHA3-512(A3548)AES-CMAC(A3548)KMAC-128(A3548)KMAC-256(A3548)AES-GMAC(A3548)", "RSA Digital Signature Generation and Verification | DigSig-SigGen DigSig-SigVer | RSA Digital Signature Generation and Verification | Signature type:ANSIX9.31 tested with the listed moduli and the following hash algorithms:SHA2-256,SHA2-384,SHA2-512:k=2048(s ~~=112),k=3072(s~~ =128),k=4096(s~=152)Signature type:PKCS1.5 tested with the listed moduli and the following hash algorithms:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256:k=2048(s | RSA SigGen(FIPS186-4):(A3548)RSA SigVer(FIPS186-4):(A3548)", "Signature type:PKCSPSS tested with the listed moduli and the following hash algorithms:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256;k=2048(s ~=112),k=3072(s ~=128),k=4096(s ~=152)", "Signature type:ANSI X9.31 tested with the listed moduli and the following hash algorithms:SHA-1\\*,SHA2-256,SHA2-384,SHA2-512;k=1024(s112),k=2048(s ~=112),k=3072(s ~=128),k=4096(s ~=152)", "Signature type:PKCS 1.5 tested with the listed moduli and the following hash algorithms:SHA-1\\*,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256;k=1024(s112),k=2048(s ~=112),k=3072(s ~=128),k=4096(s ~=152)", "Signature type:PKCSPSS tested with the listed moduli and the following hash algorithms:SHA-1\\*,SHA2-224,SHA2-256,SHA2-384,SHA2-512,", "ECDSA Signature Generation and Signature Verification | DigSig-SigGen DigSig-SigVer | ECDSA Signature Generation and Signature Verification | SigGen(includes SigGen Component)(tested with SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512);B-233,K-233,P-224(s≈112);B-283,K-283,P-256(s≈128);B-409,K-409,P-384(s≈192);B-571,K-571,P-521(s≈256)SigVer(tested with SHA-1\\*,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512);B-163,K-163,P-192(s<112);B-233,K-233,P-224(s≈112);B-283,K-283,P-256(s≈128);B-409,K-409,P-384(s≈192);B-571,K-571,P-521(s≈256) | ECDSA SigGen(FIPS186-4):(A3548)ECDSA SigVer(FIPS186-4):(A3548)", "DSA Digital Signature Generation and Verification | DigSig-SigGen DigSig-SigVer | DSA Digital Signature Generation and Verification | SigGen(tested with SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256);SigGen using SHA2-no | DSA SigGen(FIPS186-4):(A3548)DSA SigVer(FIPS186-4):(A3548)DSA SigGen", "RSA Signature Primitive | DigSig-SigGen | Signature primitive | Private Keyformat:CRTPublic ExponentMode:Fixed:k=2048 | RSA SignaturePrimitive:(A3548)", "AsymmetricKeyPairGeneration | AsymKeyPair-KeyGenAsymKeyPair-KeyVer | Generation of asymmetric keypairs | RSA KeyGen:k=2048(s ~~=112),k=3072(s~~ =128),k=4096(s ~~=152)DSA KeyGen:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)ECDSA KeyGen:Secret GenerationMode:TestingCandidates:B-233,K-233,P-224(s~~ =112);B-283,K-283,P-256(s ~~=128);B-409,K-409,P-384(s~~ =192);B-571,K- | RSA KeyGen(FIPS186-4):(A3548)DSA KeyGen(FIPS186-4):(A3548)ECDSA KeyGen(FIPS186-4):(A3548)Safe PrimesKeyGeneration:(A3548)ECDSA KeyVer(FIPS186-4):(A3548)Safe Primes", "ECDSA KeyVer:B-163,K-163,P-192(s<112);B-233,K-233,P-224(s ~~=112);B-283,K-283,P-256(s~~ =128);B-409,K-409,P-384(s ~~=192);B-571,K-571,P-521(s~~ =256)", "DSA PQGGen(FIPS186-4),DSA PQGGen [FIPS186-4](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/VA):L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)", "DSA PQGVer(FIPS186-4),DSA PQGVer [FIPS186-4](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/VA):L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)", "Mode/Method:PQGGenusing SHA3DSA PQGVer [FIPS186-4](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5161.pdf)", "Mode/Method:PQGVer using SHA3 | KeyVerification:(A3548)", "DSA PQGVer(FIPS186-4):(A3548)", "DSA PQGGen\\[FIPS186-4\\]:()", "Mode/Method:PQGVer using SHA3", "RandomNumberGeneration | DRBG | Random NumberGeneration-Hash DRBG, | Counter DRBG\\[SP800-90Ar1\\]:AES-128(s=128),AES- | CounterDRBG:(A3548)", "Key Derivation | KBKDFPBKDF | Derive Keying Material | KDA HKDF:SHA-1(s=160),SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256),SHA3-224(s=224),SHA3-256(s=256),SHA3-384(s=384),SHA3-512(s=512)KDA OneStep:SHA-1(s=160),SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256),SHA3-224(s=224),SHA3-256(s=256),SHA3-384(s=384),SHA3-512(s=512);HMAC-SHA-1(s=160),HMAC-SHA2-224(s=224),HMAC-SHA2-256(s=256),HMAC-SHA2-384(s=384),HMAC-SHA2-512(s=512),HMAC-SHA2-512/224(s=224) | KDA HKDFSP800-56Cr2:(A3548)KDA OneStepSP800-56Cr2:(A3548)KDA TwoStepSP800-56Cr2:(A3548)KDF ANS9.42:(A3548)KDF ANS9.63:(A3548)KDF KMACSp800-108r1:(A3548)KDF SP800-108:(A3548)KDF SSH:(A3548)PBKDF:(A3548)TLS v1.2 KDFRFC7627:(A3548)TLS v1.3 KDF:(A3548)CKG - Section6.2():Key Type:Symmetric", "KAS-1 | KAS-SSC | Scheme: EphemeralUnified, KAS Role: Initiator, Responder | SP800-56Ar3 KAS-ECC-SSC per IG D.F Scenario 2 path (1):B-233, K-233, P-224, B-283, K-283, P-256, B-409, K-409, P-384, B-571, K-571, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | KAS-ECC-SSC Sp800-56Ar3: (A3548)", "KAS-2 | KAS-SSC | Scheme: dhEphem. KAS Role: Initiator, Responder | SP800-56Ar3 KAS-FFC-SSC IG D.F Scenario 2 path (1):2048, 3072, 4096, 6144, and 8192-bit key providing 112, 128, 152, 176, or 200 bits of encryption strength | KAS-FFC-SSC Sp800-56Ar3: (A3548)", "KAS-3 | KAS-SSC | Scheme: KAS1, KAS2, KAS Role: Initiator, Responder | SP800-56Br2 KAS-IFC-SSC IG D.F Scenario 1 path (1):2048, 3072, 4096, 6144, and 8192-bit key providing 112, 128, 152, 176, or 200 bits of encryption strength | KAS-IFC-SSC: (A3548)", "KTS-1 | KTS-Wrap | Key Transport in compliance with \\[SP800-38F\\] | SP 800-38F KTS (key wrapping) per IG D.G:128, 192, and | AES-KW: (A3548)", "KTS-2 | KTS-Wrap | Key Transport in compliance with\\[SP800-38F\\]when approvedAES(any mode)and approvedHMAC,KMAC,GMAC or CMACare used in combination | SP800-38FKTS(key wrapping)perIGD.G:128,192,and256-bitkeys providing128,192,or256bitsofencryptionstrength | AES-CBC:(A3548)AES-CFB1:(A3548)AES-CFB128:(A3548)AES-CFB8:(A3548)AES-CTR:(A3548)AES-ECB:(A3548)AES-OFB:(A3548)AES-XTSTestingRevision2.0:(A3548)AES-CBC-CS2:(A3548)AES-CBC-CS3:(A3548)AES-CCM:(A3548)AES-CMAC:(A3548)AES-GCM:(A3548)AES-GMAC:(A3548)AES-KW:(A3548)AES-KWP:(A3548)HMAC-SHA-1:(A3548)HMAC-SHA2-224:(A3548)HMAC-SHA2-256:(A3548)HMAC-SHA2-384:(A3548)HMAC-SHA2-512:(A3548)HMAC-SHA2-512/224:", "Name | Type | Description | Properties | Algorithms(A3548)HMAC-SHA2-512/256:(A3548)HMAC-SHA3-224:(A3548)HMAC-SHA3-256:(A3548)HMAC-SHA3-384:(A3548)HMAC-SHA3-512:(A3548)KMAC-128:(A3548)KMAC-256:(A3548)AES-CBC-CS1:(A3548)", "KTS-3 | KTS-Wrap | Key Transport in compliance with\\[SP800-38F\\]when approved using anAuthenticatedAES mode(AESCCM;AESGCM;AESGMAC;AESCMAC) | SP 800-38F KTS(key wrapping) per IGD.G:128,192,and256-bit keys providing128,192,or256bits of encryption strength | AES-CCM:(A3548)AES-CMAC:(A3548)AES-GCM:(A3548)AES-GMAC:(A3548)", "KTS-4 | KTS-Encap | Key Transport;Scheme:KTS-OAEP-basic(no key confirmation):RSA-OAEP,KeyEncapsulation,KeyUnencapsulationKey GenerationMethods:rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factor | SP 800-56Brev2KTS-IFC(key encapsulation andun-encapsulation)perIGD.G:2048,3072,4096,and6144-bitkey providing112,128,152,or176bitsof encryption strength | KTS-IFC:(A3548)", "KAS ECCCDHComponent | KAS-SSC | KAS-ECC-SSCprimitive | Curves:B-233,K-233,P-224(s ~~=112);B-283,K-283,P-256(s~~ =128);B-409,K- | KAS-ECCCDH Component", "Perform self-tests(All) | BC-AuthBC-UnAuthDigSig-SigGenDigSig-SigVerDRBGKAS-SSCKBKDFMACPBKDFSHAXOF | All self-tests executed by the module at boot | AES-ECB:(A3548)AES-GCM:(A3548)Hash DRBG:(A3548)CounterDRBG:(A3548)HMAC DRBG:(A3548)DSA SigGen(FIPS186-4):(A3548)DSA SigVer(FIPS186-4):(A3548)ECDSASigGen(FIPS186-4):(A3548)ECDSASigVer(FIPS186-4):(A3548)RSA SigGen(FIPS186-4):(A3548)RSA SigVer(FIPS186-4):(A3548)HMAC-SHA2-256:(A3548)SHA-1:(A3548)SHA3-256:(A3548)SHA2-512:(A3548)KDF ANS9.42:(A3548)KDF ANS9.63:(A3548)KAS-ECC-SSC Sp800-56Ar3:(A3548)", "Software Integrity Test | MAC | HMAC-SHA2-256 used to perform the software integrity test | Key size:256 bits | HMAC-SHA2-256:(A3548)", "Cryptographic Key Generation(CKG)-AES XTS | CKG | AES XTS Key generated to comply with the approved key generation guidelines of NIST SP 800-133rev2,Section6.3,Symmetric Keys Produced byCombining Multiple Keys and Other Data | Key size:128,256bits | CKG - Section6.3:()", "KTS-5 | KTS-Unwrap | Key Unwrapping using any non-authenticated AES mode | KTS(key unwrapping)per IGD.G:128,192,and256-bit keys providing128,192,or | AES-CBC:(A3548)AES-CFB1:(A3548)AES-CFB128:", "AES-CFB8:", "AES-CTR:", "AES-ECB:", "AES-OFB:", "AES-CBC-CS1:(A3548)", "AES-CBC-CS2:(A3548)", "AES-CBC-CS3:(A3548)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5160", "Certificate Number": "5160", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco FIPS Provider 3.1.2 based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5160.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5160", "module_name": "Cisco FIPS Provider 3.1.2 based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco FIPS Provider 3.1.2 based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length: | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | SignatureType-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA PQGVer \\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA SigGen \\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "DSA SigVer \\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL Project OpenSSL 3.x FIPS Provider | Vendor affirmed per IGC.C and IG C.B Resolution (bullet point #3)", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,Usage ofHKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage ofHMACwithkeylengthlessthan112bitsforMACgeneration", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5159", "Certificate Number": "5159", "Vendor Name": "HCL America, Inc.", "Module Name": "BigFix Encryption Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5159.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5159", "module_name": "BigFix Encryption Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The BigFix Encryption Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A3548 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A3548 | Direction - Generation, VerificationKey Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A3548 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A3548 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTS TestingRevision 2.0 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - YesMode - AES-128, AES-192, AES-256Derivation Function Enabled - No, Yes | SP 800-90ARev. 1", "DSA KeyGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component - No, YesCurve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component - No, YesCurve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256, SHA3-512 | SP 800-90ARev. 1", "HMAC DRBG | A3548 | Prediction Resistance - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256, SHA3-512 | SP 800-90ARev. 1", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "KAS-ECC CDH-ComponentS8056Ar3(CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56ARev. 3", "KAS-ECC-SSCSp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Scheme -ephemeralUnified -KAS Role - initiator, responder | SP 800-56ARev. 3", "KAS-FFC-SSCSp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB,FC, ffdhe2048, ffdhe3072, ffdhe4096,ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192Scheme -dhEphem -KAS Role - initiator, responder | SP 800-56ARev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192Key Generation Methods - rsakpg1-basic,rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factorScheme -KAS1 -KAS Role - initiator, responderKAS2 -KAS Role - initiator, responder | SP 800-56ARev. 3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: | SP 800-56CRev. 2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev. 2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev. 2", "KDF ANS 9.42(CVL) | A3548 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512Key Data Length - Key Data Length: 8-4096Increment 8 | SP 800-135Rev. 1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Key Data Length - Key Data Length: 128, 4096 | SP 800-135Rev. 1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108Rev. 1", "KDF SP800-108 | A3548 | KDF Mode - Counter, FeedbackSupported Lengths - Supported Lengths: 8, 72,128, 776, 3456, 4096 | SP 800-108Rev. 1", "KDF SSH (CVL) | A3548 | Cipher - AES-128, AES-192, AES-256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135Rev. 1", "KTS-IFC | A3548 | Modulo - 2048, 3072, 4096, 6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factorScheme -KTS-OAEP-basic -KAS Role - initiator, responderKey Transport Method -Key Length - 1024 | SP 800-56BRev. 2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment 1Password Length - Password Length: 8-128Increment 8 | SP 800-132", "RSA KeyGenFIPS186-4) | A3548 | Key Generation Mode - B.3.3, B.3.6Modulo - 2048, 3072, 4096Primality Tests - Table C.2, Table C.3Private Key Format - Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5,PKCSPSSModulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SignaturePrimitive (CVL) | A3548 | Private Key Format - CRT | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5,PKCSPSSModulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A3548 | Output Length - Output Length: 16-65536Increment 8 | FIPS 202", "SHAKE-256 | A3548 | Output Length - Output Length: 16-65536Increment 8 | FIPS 202", "TLS v1.2 KDFRFC7627 (CVL) | A3548 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135Rev. 1", "TLS v1.3 KDF(CVL) | A3548 | HMAC Algorithm - SHA2-256, SHA2-384KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135Rev. 1", "AES | AES (Any non-authenticated mode),(Cert.#A3548):Symmetric keyunwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no,Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital SignatureGeneration", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital SignatureGeneration", "ECDSA SigVerComponent | Provides between 80 and 256 bits for security, Curves: B-163, B-233,B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSASigGen/SigVer | Provides >= 80 bits of security, RSA signature generation/verificationper FIPS 186-2", "FIPS 186-2 RSAKeyGen | Provides >= 112 bits of security, RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides < 112 bits of security, Usage of HKDF with key length lessthan 112 bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC | Provides < 112 bits of security, Usage of HMAC with key length lessthan 112 bits for MAC generation", "Hash and HMACDRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5158", "Certificate Number": "5158", "Vendor Name": "Dell, Inc.", "Module Name": "Dell FIPS Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5158.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5158", "module_name": "Dell FIPS Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Dell FIPS Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction - decrypt, encryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A3548 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A3548 | Direction - Generation, VerificationKey Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A3548 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A3548 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A3548 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTS TestingRevision 2.0 | A3548 | Direction - Decrypt, EncryptKey Length - 128, 256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - YesMode - AES-128, AES-192, AES-256Derivation Function Enabled - No, Yes | SP 800-90ARev. 1", "DSA KeyGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component - No, YesCurve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component - No, YesCurve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256, SHA3-512 | SP 800-90ARev. 1", "HMAC DRBG | A3548 | Prediction Resistance - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256, SHA3-512 | SP 800-90ARev. 1", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment8 | FIPS 198-1", "KAS-ECC CDH-ComponentS8056Ar3(CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56ARev. 3", "KAS-ECC-SSCSp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Scheme -ephemeralUnified -KAS Role - initiator, responder | SP 800-56ARev. 3", "KAS-FFC-SSCSp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB,FC, ffdhe2048, ffdhe3072, ffdhe4096,ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192Scheme -dhEphem -KAS Role - initiator, responder | SP 800-56ARev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192Key Generation Methods - rsakpg1-basic,rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factorScheme -KAS1 -KAS Role - initiator, responderKAS2 -KAS Role - initiator, responder | SP 800-56ARev. 3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: | SP 800-56CRev. 2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev. 2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev. 2", "KDF ANS 9.42(CVL) | A3548 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224,SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512Key Data Length - Key Data Length: 8-4096Increment 8 | SP 800-135Rev. 1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Key Data Length - Key Data Length: 128, 4096 | SP 800-135Rev. 1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length - Derived Key Length: 112-4096 Increment 8 | SP 800-108Rev. 1", "KDF SP800-108 | A3548 | KDF Mode - Counter, FeedbackSupported Lengths - Supported Lengths: 8, 72,128, 776, 3456, 4096 | SP 800-108Rev. 1", "KDF SSH (CVL) | A3548 | Cipher - AES-128, AES-192, AES-256Hash AIgorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135Rev. 1", "KTS-IFC | A3548 | Modulo - 2048, 3072, 4096, 6144Key Generation Methods - rsakpg1-basic,rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factorScheme -KTS-OAEP-basic -KAS Role - initiator, responderKey Transport Method -Key Length - 1024 | SP 800-56BRev. 2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment 1Password Length - Password Length: 8-128Increment 8 | SP 800-132", "RSA KeyGenFIPS186-4) | A3548 | Key Generation Mode - B.3.3, B.3.6Modulo - 2048, 3072, 4096Primality Tests - Table C.2, Table C.3Private Key Format - Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5,PKCSPSSModulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SignaturePrimitive (CVL) | A3548 | Private Key Format - CRT | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5,PKCSPSSModulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length: 0-65536Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A3548 | Output Length - Output Length: 16-65536Increment 8 | FIPS 202", "SHAKE-256 | A3548 | Output Length - Output Length: 16-65536Increment 8 | FIPS 202", "TLS v1.2 KDFRFC7627 (CVL) | A3548 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135Rev. 1", "TLS v1.3 KDF(CVL) | A3548 | HMAC Algorithm - SHA2-256, SHA2-384KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135Rev. 1", "AES | AES (Any non-authenticated mode),(Cert.#A3548):Symmetric keyunwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no,Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital SignatureGeneration", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital SignatureGeneration", "ECDSA SigVerComponent | Provides between 80 and 256 bits for security, Curves: B-163, B-233,B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSASigGen/SigVer | Provides >= 80 bits of security, RSA signature generation/verificationper FIPS 186-2", "FIPS 186-2 RSAKeyGen | Provides >= 112 bits of security, RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides < 112 bits of security, Usage of HKDF with key length lessthan 112 bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC | Provides < 112 bits of security, Usage of HMAC with key length lessthan 112 bits for MAC generation", "Hash and HMACDRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5157", "Certificate Number": "5157", "Vendor Name": "Digi International Inc.", "Module Name": "Digi DAL OS based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5157.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5157", "module_name": "Digi DAL OS based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Digi DAL OS based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DSA", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "TLS v1.3 KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves:B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128和KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128和KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,Usage of HKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF withPRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage of HMACwithkeylengthlessthan112bitsforMACgeneration", "HashandHMACDRBG | Usage of HashandHMACDRBGswithPRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5156", "Certificate Number": "5156", "Vendor Name": "Veeam Software Corporation", "Module Name": "Veeam Cryptographic Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5156.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5156", "module_name": "Veeam Cryptographic Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Veeam Cryptographic Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A3548 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A3548 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A3548 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A3548 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "DSA KeyGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4", "DSA PQGGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4 | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-", "384, SHA2-512, SHA2-512/224, SHA2-512/256", "DSA PQGVer | (FIPS186-4) | A3548 | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-", "256, SHA2-384, SHA2-512, SHA2-512/224,", "SHA2-512/256 | FIPS 186-4", "DSA SigGen | (FIPS186-4) | A3548 | L - 2048, 3072 | N - 224, 256", "384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer | (FIPS186-4) | A3548 | L - 1024, 2048, 3072 | N - 160, 224, 256", "ECDSA KeyGen | (FIPS186-4) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer | (FIPS186-4) | A3548 | Curve - B-163, B-233, B-283, B-409, B-571, K- | 163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521", "384, SHA2-512, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384,", "SHA3-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A3548 | Component - No, Yes | Curve - B-163, B-233, B-283, B-409, B-571, K- | 163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521", "SHA2-512/256, SHA3-224, SHA3-256, SHA3-", "384, SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-", "512/256, SHA3-256, SHA3-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A3548 | Prediction Resistance - Yes", "HMAC-SHA-1 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1 | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment | 8 | FIPS 198-1", "KAS-ECC CDH- | Component | SP800-56Ar3", "(CVL) | A3548 | Curve - B-233, B-283, B-409, B-571, K-233, K- | 283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - B- | 233, B-283, B-409, B-571, K-233, K-283, K- | 409, K-571, P-224, P-256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods - FB, | FC, ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP- | 3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A3548 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, | rsakpg1-crt, rsakpg1-prime-factor, rsakpg2- | basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | SP800-56Cr2 | A3548 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | SP 800-56C | Rev. 2 | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert | 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-", "384, SHA3-512", "KDA OneStep | SP800-56Cr2 | A3548 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A3548 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: | 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.42", "(CVL) | A3548", "KDF Type - DER", "384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 | Increment 8 | SP 800-135 | Rev. 1", "KDF ANS 9.63", "384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A3548 | Derived Key Length - Derived Key Length: 112- | 4096 Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A3548", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, | 128, 776, 3456, 4096 | SP 800-108 | Rev. 1", "KDF SSH (CVL) | A3548", "Cipher - AES-128, AES-192, AES-256", "256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1 | KMAC-128 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | SP 800-185 | KMAC-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Key Data Length - Key Data Length: 128-1024 | Increment 8 | SP 800-185", "KTS-IFC | A3548 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, | rsakpg1-crt, rsakpg1-prime-factor, rsakpg2- | basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2 | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000 | Increment 1 | Password Length - Password Length: 8-128 | Increment 8 | SP 800-132", "RSA KeyGen | (FIPS186-4) | A3548 | Key Generation Mode - B.3.3, B.3.6 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2, Table C.3 | Private Key Format - Standard | FIPS 186-4", "RSA SigGen | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, | PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA Signature", "Primitive (CVL) | A3548 | Private Key Format - CRT | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A3548 | Signature Type - ANSI X9.31, PKCS 1.5, | PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4 | Safe Primes Key | Generation | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, | MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A3548 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, | MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202 | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | CAVP | Cert", "SHA3-256 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length: 0-65536 | Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A3548 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "SHAKE-256 | A3548 | Output Length - Output Length: 16-65536 | Increment 8 | FIPS 202", "TLS v1.2 KDF", "RFC7627 (CVL) | A3548", "Hash Algorithm - SHA2-256, SHA2-384, SHA2- | 512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF", "(CVL) | A3548 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | The Module implements the Approved cryptographic functions listed in Table 5. | Name | Implementation", "DSA | PQGGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGGen using", "SHA3 | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3)", "DSA | PQGVer | [FIPS 186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:PQGVer using", "DSA | SigGen | [FIPS 186- | 4] | Key Size, Key Strength:L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | Mode/Method:SigGen using", "DSA | SigVer | [FIPS186- | 4] | Key Size, Key Strength:L = | 1024/N = 160 (s < 112) L = | 2048/N = 224 (s = 112), L = | 2048/N = 256 (s = 112) L = | 3072/N = 256 (s = 128) | OpenSSL Project | OpenSSL 3.x | FIPS Provider | Vendor affirmed per IG | C.C and IG C.B | Resolution (bullet point | #3) | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | Name | Implementation | Mode/Method:SigVer using", "SHA3 | CKG - | Section 4 | and 5.1 | Key Type :Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.1: Key Pairs for | Digital Signature | Schemes | CKG - | Section 4 | and 5.2 | Key Type:Asymmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 5.2: Key Pairs for Key | Establishment | CKG - | Section 4 | and Section | 6.1 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Generator; Section | 6.1: Direct Generation | of Symmetric Keys | CKG - | Section 6.2 | Key Type:Symmetric | N/A | NIST SP 800-133r2 | Section 6.2: Derivation | of Symmetric keys | CKG - | Section 6.3 | Key Type:Symmetric | N/A | NIST SP 800-133rev2, | Section 6.3: Symmetric | Keys Produced by | Combining Multiple | Keys and Other Data | CKG - | Section 4 | Key Type:Symmetric | N/A | NIST SP800-133r2 | Section 4: Using the | Output of a Random | Bit Random bits | returned to the calling | application | Non-Approved, Allowed Algorithms: | Name Properties | Implementation", "AES", "AES (Any non-authenticated mode), | (Cert.#A3548):Symmetric key | unwrapping | OpenSSL Project | OpenSSL 3.x FIPS | Provider | Per IG D.G | Additional | Comment 5 | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Veeam Cryptographic Module based on the OpenSSL FIPS Provider | FIPS 140-3 Non-Proprietary Security Policy | Veeam Software Corporation. 2025 | This document may be reproduced and distributed only in its original entirety without revision. | The module does not support any Non-Approved Algorithms Allowed in the Approved Mode of Operation with No | Security Claimed. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, | Encryption, Decryption | Ed448", "SHAKE256, Ed448 provides 224 bits of security, Digital Signature | Generation | Ed25519", "SHA2-512, Ed25519 provides 128 bits of security, Digital Signature | Generation | X448 | Provides 224 bits of security, Key Agreement | X25519 | Provides 128 bits of security, Key Agreement", "ECDSA SigVer | Component | Provides between 80 and 256 bits for security, Curves: B-163, B-233, | B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P- | 224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSA | SigGen/SigVer", "Provides >= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5155", "Certificate Number": "5155", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper FIPS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5155.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5155", "module_name": "Juniper FIPS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper FIPS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance - Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled - No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192 Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192 Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factor Scheme-KAS1-KAS Role - initiator, responder KAS2-KAS Role - initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A3548 | Derived Key Length-2048 Shared Secret Length-Shared Secret Length: | SP 800-56C Rev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | SignatureType-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bitsofsecurity,Usage ofHKDFwithkeylengthlessthan112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bitsofsecurity,Usage ofHMACwithkeylengthlessthan112bitsforMACgeneration", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224,SHA2-384,SHA2-512/224andSHA2-512/256", "Symmetric Encryption and Decryption | BC-Auth BC-UnAuth | Symmetric Encryption and Decryption | Key Length:128,192 and 256 bits Key Length(XTS):128 and 256 bits | AES-CBC:(A3548) AES-CBC-CS1:(A3548) AES-CBC-CS2:(A3548) AES-CBC-CS3:(A3548) AES-CCM:(A3548) AES-CFB1:(A3548)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5154", "Certificate Number": "5154", "Vendor Name": "NetApp, Inc", "Module Name": "NetApp Cryptographic Security Module (NCSM) based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5154.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5154", "module_name": "NetApp Cryptographic Security Module (NCSM) based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NetApp Cryptographic Security Module (NCSM) based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance-Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rsakpg1-prime-factor,rskapg2-basic,rskapg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length: | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | SignatureType-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point#3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point#3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point#3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point#3)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5153", "Certificate Number": "5153", "Vendor Name": "Fidelity Center for Applied Technology, LLC", "Module Name": "FCAT Wallet Vault Cryptographic Module", "Module Type": "Software", "Validation Date": "02/11/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5153.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5153", "module_name": "FCAT Wallet Vault Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/29/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FCAT Wallet Vault Cryptographic Module is implemented within the secure context of the FCAT hardware wallet platform. The FACT Wallet is built atop the ProvenCore EAL7-certified secure OS developed by ProvenRun and operates in conjunction with a hardened version of the OpenSSL FIPS-compliant cryptographic library. The module offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, and message authentication; support for key establishment functions to secure data-at-rest and data-in-flight for the larger FCAT Wallet platform, which includes cryptographic functions supporting user-facing wallet GUI application.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5152", "Certificate Number": "5152", "Vendor Name": "HPE Aruba Networking", "Module Name": "HPE Aruba Networking AOS-CX Cryptographic Module", "Module Type": "Software", "Validation Date": "02/04/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5152.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5152", "module_name": "HPE Aruba Networking AOS-CX Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The HPE Aruba Networking AOS-CX Cryptographic Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5151", "Certificate Number": "5151", "Vendor Name": "FEITIAN Technologies Co., Ltd.", "Module Name": "FEITIAN ePass Token Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/28/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5151.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5151", "module_name": "FEITIAN ePass Token Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/27/2031", "overall_level": 3, "caveat": "The module generates SSPs (e.g., keys) whose strengths are modified by available entropy, No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "This Module is a secure portable device with advanced smart card technology, it can provide strong authentication and identification to support network login, online transactions, digital signatures, and sensitive data protection.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-ECB | A4980 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4980 | Direction-Decrypt,EncryptIV GenerationMode-8.2.2KeyLength-128,192,256 | SP800-38D", "Counter DRBG | A4980 | Prediction Resistance-YesMode-AES-128Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-5) | A4980 | Curve-P-256,P-384,P-521Secret Generation Mode-testingcandidates | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A4980 | Curve-P-256,P-384,P-521 | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A4980 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Component-Yes | FIPS186-5", "ECDSA SigVer(FIPS186-5) | A4980 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-5", "HMAC-SHA-1 | A4980 | Key Length-Key Length:8-2048Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4980 | Key Length-Key Length:8-2048Increment8 | FIPS198-1", "KAS-ECC Sp800-56Ar3 | A4980 | Domain Parameter GenerationMethods-P-256Function-Key Pair GenerationScheme ephemeralUnified-KAS Role-ResponderKDF Methods-twoStepKdf-KeyLength-256 | SP800-56ARev.3", "KDF SP800-108 | A4980 | KDF Mode-CounterSupported Lengths-Supported Lengths:8-256 Increment8 | SP800-108Rev.1", "RSA KeyGen(FIPS186-5) | A4980 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-crt | FIPS186-5", "RSA SigGen(FIPS186-5) | A4980 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigVer(FIPS186-5) | A4980 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5 | FIPS186-5", "SHA-1 | A4980 | Message Length-Message Length:160,0-65536 Increment8 | FIPS180-4", "SHA2-256 | A4980 | Message Length - Message Length: 256,0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4980 | Message Length - Message Length: 384,0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4980 | Message Length - Message Length: 512,0-65536 Increment 8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5150", "Certificate Number": "5150", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks vSRX 3.0 Virtual Firewall", "Module Type": "Software", "Validation Date": "01/28/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5150.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5150", "module_name": "Juniper Networks vSRX 3.0 Virtual Firewall", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/27/2031", "overall_level": 1, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The vSRX Virtual Firewall delivers a complete virtual firewall solution, including advanced security, robust networking, and automated virtual machine life cycle management capabilities for service providers and enterprises. vSRX empowers security professionals to deploy and scale firewall protection in highly dynamic environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A3339 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A3342 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A3343 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | Document Version 1.0 | CAVP | Cert", "AES-CTR | A3342 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "ECDSA KeyGen | (FIPS186-5) | A3342 | Curve - P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A3342 | Curve - P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A3342 | Curve - P-256, P-384, P-521", "Hash Algorithm - SHA2-256, SHA2-384,", "SHA2-512 | Component - No | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A3342 | Curve - P-256, P-384, P-521", "SHA2-512 | FIPS 186-5", "HMAC DRBG | A3335 | Prediction Resistance - Yes", "Mode - SHA2-256 | SP 800-90A | Rev. 1", "HMAC-SHA-1 | A3342 | Key Length - Key Length: 160 | FIPS 198-1", "HMAC-SHA2-256 | A3335 | Key Length - Key Length: 160, 256 | FIPS 198-1", "HMAC-SHA2-256 | A3339 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-256 | A3342 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-256 | A3343 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-512 | A3342 | Key Length - Key Length: 512 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A3342 | Domain Parameter Generation Methods - P- | 256, P-384, P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A3342 | Domain Parameter Generation Methods - FC, | MODP-2048 | Scheme - | dhEphem - | KAS Role - initiator | SP 800-56A | Rev. 3", "KDF IKEv1 (CVL) | A3343 | Authentication Method - Digital Signature,", "Pre-shared Key", "Diffie-Hellman Shared Secret Length - Diffie-", "Hellman Shared Secret Length: 256, 384, | 2048", "Hash Algorithm - SHA2-256, SHA2-384 | Preshared Key Length - Preshared Key | Length: 8-256 Increment 8 | SP 800-135 | Rev. 1", "KDF IKEv2 (CVL) | A3343", "Hellman Shared Secret Length: 256, 384, | 2048 | Derived Keying Material Length - Derived | Keying Material Length: 1136-2432 Increment | 8", "Hash Algorithm - SHA2-256, SHA2-384 | SP 800-135 | Rev. 1 | Document Version 1.0 | CAVP | Cert", "KDF SSH (CVL) | A3341", "Cipher - AES-128, AES-192, AES-256, TDES", "Hash Algorithm - SHA-1, SHA2-256, SHA2- | 384 | SP 800-135 | Rev. 1", "RSA KeyGen | (FIPS186-5) | A3342 | Key Generation Mode - probable | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A3342 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A3342 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5 | FIPS 186-5 | Safe Primes Key | Generation | A3342 | Safe Prime Groups - MODP-2048 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A3342 | Safe Prime Groups - MODP-2048 | SP 800-56A | Rev. 3", "SHA-1 | A3342 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-256 | A3335 | Message Length - Message Length: 0-51200 | Increment 8 | FIPS 180-4", "SHA2-256 | A3339 | Message Length - Message Length: 8-51200 | Increment 8 | FIPS 180-4", "SHA2-256 | A3342 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-256 | A3343 | Message Length - Message Length: 0-51200 | Increment 8 | FIPS 180-4", "SHA2-512 | A3335 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-512 | A3340 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-512 | A3342 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4 | Name | Implementation Reference | CKG - | Section | 4 | Key Type | :Symmetric | and | Asymmetric | N/A | NIST SP800-133r2 Section 4: Symmetric key | generation and Asymmetric seed generation | using an unmodified output from an Approved", "DRBG (example 1); The module supports the | following per NIST SP 800-133r2: 1. Section | 5.1: Key Pairs for Digital Signature Schemes 2. | Section 5.2: Key Pairs for Key Establishment | 3. Section 6.2.1: Derivation of symmetric keys | Document Version 1.0 | Non-Approved, Allowed Algorithms: | The module does not support any non-Approved algorithms in the Approved mode, i.e., it does | not support Non-Approved Algorithms Allowed in the Approved Mode of Operation. | Non-Approved, Allowed Algorithms with No Security Claimed: | Name | Caveat | Use and Function", "SHA2-256 (Junos 22.2R2- | S2.3 - LibMD | Implementation) | no | security | claimed | Used to store operator passwords in hashed form, | per IG 2.4.A: Use of a non-approved cryptographic", "SHA-1 (Junos 22.2R2- | S2.3 - Kernel | Implementation) | no | security | claimed | Used for an extraneous check in the Kernel, per IG | 2.4.A: Use of an approved, non-approved or | proprietary algorithm for a purpose that is not | security relevant | Non-Approved, Not Allowed Algorithms: | Name | Use and | Function", "RSA with key size less than 2048", "SSH", "ECDSA with ed25519 curve", "SSH | EC Diffie-Hellman with ed25519 curve", "SSH | ARCFOUR", "SSH | Blowfish", "SSH | CAST", "DSA (SignGen, SigVer, non-compliant) SSH", "HMAC-MD5", "HMAC-RIPEMD160", "SSH | UMAC", "SSH | In addition to the above non-Approved Algorithms Not Allowed in the Approved Mode of | Operation, all Approved algorithms supported in the Approved mode of operation are also | supported in the non-Approved mode." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5149", "Certificate Number": "5149", "Vendor Name": "Musarubra US LLC", "Module Name": "Musarubra US LLC FIPS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/27/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5149.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5149", "module_name": "Musarubra US LLC FIPS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Musarubra US LLC FIPS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3548 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance-Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072 N-224,256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rskapg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length: | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | SignatureType-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | MessageLength-MessageLength:0-65536Increment8Large MessageSizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5148", "Certificate Number": "5148", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "HPE Java Cryptographic Module", "Module Type": "Software", "Validation Date": "01/27/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5148.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5148", "module_name": "HPE Java Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The HPE Java Cryptographic Module is a cryptographic library in a Multi-Chip Stand Alone embodiment. The Module meets FIPS 140- 3 overall Software Level 1 requirements. The SW version is 2.0.0." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5147", "Certificate Number": "5147", "Vendor Name": "Broadcom Inc.", "Module Name": "VMware’s OpenSSL FIPS Provider based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/27/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5147.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5147", "module_name": "VMware’s OpenSSL FIPS Provider based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The VMware’s OpenSSL FIPS Provider based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3548 | Direction- decrypt, encrypt Key Length -128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3548 | Direction- decrypt, encrypt Key Length -128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3548 | Direction- decrypt, encrypt Key Length -128,192,256 | SP 800-38A", "AES-CCM | A3548 | Key Length -128,192,256 | SP 800-38C", "AES-CFB1 | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CFB128 | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CFB8 | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CMAC | A3548 | Direction- Generation, Verification Key Length -128,192,256 | SP 800-38B", "AES-CTR | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-ECB | A3548 | Direction- Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-GCM | A3548 | Direction- Decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3548 | Direction- Decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-KW | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3548 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3548 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3548 | Prediction Resistance-Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3548 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3548 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A3548 | L-1024, 2048, 3072N-160, 224, 256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigGen(FIPS186-4) | A3548 | L-2048, 3072N-224, 256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A3548 | L-1024, 2048, 3072N-160, 224, 256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3548 | Curve-B-163,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3548 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,K-283,k-409,k-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3548 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "Hash DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP800-90ARev.1", "HMAC DRBG | A3548 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-256,SHA3-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3548 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3548 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3548 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3548 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3548 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rsakpg1-prime-factor,rskapg2-basic,rskapg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length: | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3548 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3548 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3548 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3548 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF KMACSp800-108r1 | A3548 | Derived Key Length-Derived Key Length:112-4096Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A3548 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A3548 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3548 | Modulo-2048,3072,4096,6144Key Generation Methods-rskapg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3548 | Iteration Count - Iteration Count: 1-10000Increment1Password Length - Password Length:8-128Increment8 | SP800-132", "RSA KeyGen(FIPS186-4) | A3548 | Key Generation Mode-B.3.3,B.3.6Modulo-2048,3072,4096Primality Tests-TableC.2,TableC.3Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3548 | Private Key Format-CRT | FIPS186-4", "RSA SigVer(FIPS186-4) | A3548 | Signature Type-ANSIX9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA3-224 | A3548 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-256 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3548 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A3548 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A3548 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3KDF(CVL) | A3548 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA PQGGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA PQGVer\\[FIPS 186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGVer using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigGen\\[FIPS 186-4\\] | Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3 | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "DSA SigVer\\[FIPS186-4\\] | Key Size, Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | OpenSSL ProjectOpenSSL 3.xFIPS Provider | Vendor affirmed per IGC.C and IG C.BResolution (bullet point #3)", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521, Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >= 80 bits of security, RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >= 112 bits of security, RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides < 112 bits of security, Usage of HKDF with key length less than 112 bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC | Provides < 112 bits of security, Usage of HMAC with key length less than 112 bits for MAC generation", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384, SHA2-512/224 and SHA2-512/256", "Symmetric Encryption and Decryption | BC-Auth BC-UnAuth | Symmetric Encryption and Decryption | Key Length:128,192 and 256 bits Key Length(XTS):128 and 256 bits | AES-CBC AES-CBC-CS1 AES-CBC-CS2 AES-CBC-CS3 AES-CCM AES-CFB1 AES-CFB128 AES-CFB8 AES-CMAC", "MessageDigest | SHA | Message Digest | SHA-1:(s=160)Large MessageSizes:1,2,4,8gigabytesSHA2:SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256).Large MessageSizes:1,2,4,8gigabytesSHA3:SHA3-224(s=224),SHA3-256(s=256),SHA3-384(s=384),SHA3-512(s=512).See Note1.Large MessageSizes:1,2,4,8gigabytesSHAKE:SHAKE-128(s=128),SHAKE-256(s=256).SeeNote1. | SHA-1SHA2-224SHA2-256SHA2-384SHA2-512SHA2-512/224SHA3-224SHA3-256SHA3-384SHA3-512SHAKE-128SHAKE-256SHA2-512/256", "Keyed Hash | BC-AuthMAC | Keyed Hash | HMAC-SHA-1\\[FIPS198-1\\]:SHA-1(s=160)HMAC-SHA2\\[FIPS198-1\\]:SHA2-224(s=224),SHA2-256(s=256),SHA2-384(s=384),SHA2-512(s=512),SHA2-512/224(s=224),SHA2-512/256(s=256)HMAC-SHA3\\[FIPS198-1\\]:SHA3-224(s=224),SHA3-256(s=256),SHA3- | HMAC-SHA-1HMAC-SHA2-224HMAC-SHA2-256HMAC-SHA2-384HMAC-SHA2-512HMAC-SHA2-512/224HMAC-SHA2-512/256HMAC-SHA3-224HMAC-SHA3-", "RSA Digital Signature Generation and Verification | DigSig-SigGenDigSig-SigVer | RSA Digital Signature Generation and Verification | Signature type:ANSIX9.31 tested with the listed moduli and the following hash algorithms:SHA2-256,SHA2-384,SHA2-512:k=2048(s ~~=112),k=3072(s~~ =128),k=4096(s ~~=152)Signature type:PKCS1.5 tested with the listed moduli and the following hash algorithms:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256:k=2048(s~~ =112),k=3072(s ~~=128),k=4096(s~~ =152)Signature type:PKCSPSS tested with the listed moduli and the following hash algorithms:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256:k=2048(s ~~=112),k=3072(s~~ =128),k=4096(s~=152)Signature type:ANSIX9.31 tested with the listed moduli and the following hash algorithms:SHA-1\\*, | RSA SigGen(FIPS186-4)RSA SigVer(FIPS186-4)", "ECDSA Signature Generation and Signature Verification | DigSig-SigGen DigSig-SigVer | ECDSA Signature Generation and Signature Verification | SigGen(includes SigGen Component)(tested with SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512):B-233,K-233,P-224(s ~~=112);B-283,K-283,P-256(s~~ =128);B- | ECDSA SigGen(FIPS186-4)ECDSA SigVer(FIPS186-4)", "DSA Digital Signature Generation and Verification | DigSig-SigGen DigSig-SigVer | DSA Digital Signature Generation and Verification | SigGen(tested with SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/256);SigGen using SHA3;no ACVP testing is available:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)SigVer(tested with SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256);SigVer using SHA3;no ACVP testing is available:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128) | DSA SigGen(FIPS186-4)DSA SigVer(FIPS186-4)DSA SigGen\\[FIPS186-4\\]Key Size,Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:SigGen using SHA3DSA SigVer\\[FIPS186-4\\]Key Size,Key Strength:L=1024/N=160(s<112)L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)", "RSA Signature Primitive | DigSig-SigGen | Signature primitive | Private Key format:CRT Public Exponent Mode:Fixed:k=2048 | RSA Signature Primitive", "Asymmetric Key Pair Generation | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | Generation of asymmetric key pairs | RSA KeyGen:k=2048(s ~~=112),k=3072(s~~ =128),k=4096(s ~~=152)DSA KeyGen:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)ECDSA KeyGen:Secret Generation Mode:Testing Candidates:B-233,K-233,P-224(s~~ =112);B-283,K-283,P-256(s ~~=128);B-409,K-409,P-384(s~~ =192);B-571,K-571,P-521(s~=256)Safe Primes Key Generation,Safe Primes Key Verification:ffdhe2048(s=112),ffdhe3072(112≤s≤128),ffdhe4096(112≤s≤152),ffdhe6144(112≤s≤176),ffdhe8192(112≤s≤200),MODP-2048(s=112),MODP-3072(112≤s≤128),MODP-4096(112≤s≤152),MODP-6144(112≤s≤176),MODP-8192(112≤s≤200)ECDSA KeyVer:B-163,K-163,P-192(s<112);B-233,K-233, | RSA KeyGen(FIPS186-4) DSA KeyGen(FIPS186-4) ECDSA KeyGen(FIPS186-4) Safe Primes Key Generation ECDSA KeyVer(FIPS186-4) Safe Primes Key Verification CKG - Section 4 and 5.1 Key Type: Asymmetric CKG - Section 4 and 5.2 Key Type: Asymmetric DSA PQGGen(FIPS186-4) DSA PQGVer(FIPS186-4) DSA PQGGen\\[FIPS186-4\\] Key Size, Key Strength:L=2048/N=224(s=112),L=2048/N=256(s=112)L=3072/N=256(s=128)Mode/Method:PQGGen using SHA3 DSA PQGVer", "KAS-1 | KAS-SSC | Scheme:EphemeralUnified,KAS Role:Initiator,Responder | SP800-56Ar3KAS-ECC-SSCperIGD.FScenario2path(1):B-233,P-224,B-283,王-283,P- | KAS-ECC-SSCSp800-56Ar3", "KAS-2 | KAS-SSC | Scheme:dhEphem.KASRole:Initiator,Responder | SP800-56Ar3 KAS-FFC-SSC IG D.FScenario 2 path(1):2048,3072,4096,6144,and 8192-bitkey providing 112,128,152,176,or 200bits of encryption strength | KAS-FFC-SSC Sp800-56Ar3", "KAS-3 | KAS-SSC | Scheme:KAS1,KAS2,KASRole:Initiator,Responder | SP800-56Br2 KAS-IFC-SSC IG D.FScenario 1path(1):2048,3072,4096,6144,and 8192-bitkey providing 112,128,152,176,or 200bits of encryption strength | KAS-IFC-SSC", "KTS-1 | KTS-Wrap | Key Transport in compliance with\\[SP800-38F\\]when approved using AES KW or KWP | SP 800-38F KTS(key wrapping) per IGD.G:128,192,and256-bitkeysproviding 128,192,or256bits of encryption strength | AES-KWAES-KWP", "KTS-2 | KTS-Wrap | Key Transport in compliance with\\[SP800-38F\\]when approvedAES (any mode)和 approvedHMAC,KMAC,GMAC or CMACare used in combination | SP 800-38F KTS(key wrapping) per IGD.G:128,192,and256-bitkeysproviding 128,192,or256bits of encryption strength | AES-CBCAES-CFB1AES-CFB128AES-CFB8AES-CTRAES-ECBAES-OFBAES-XTSTestingRevision2.0AES-CBCCS2AES-CBCCS3AES-CCMAES-CMACAES-GCMAES-GMAC", "KTS-3 | KTS-Wrap | Key Transport in compliance with\\[SP800-38F\\]when approved using anAuthenticatedAES mode(AESCCM;AESGCM;AESGMAC;AESCMAC) | SP 800-38F KTS(key wrapping) per IGD.G:128,192,and256-bit keys providing128,192,or256bits of encryption strength | AES-CCMAES-CMACAES-GCMAES-GMAC", "KTS-4 | KTS-Encap | Key Transport;Scheme:KTS-OAEP-basic(no key confirmation):RSA-OAEP,KeyEncapsulation,KeyUnencapsulationKey GenerationMethods:rsakpg1-basic,rsakpg1-crt,rsakpg1-prime- | SP 800-56Brev2KTS-IFC(key encapsulation andun-encapsulation)perIGD.G:2048,3072,4096,and6144-bitkey providing112,128,152,or176bitsof encryption strength | KTS-IFC", "KAS ECC CDH Component | KAS-SSC | KAS-ECC-SSC primitive | Curves:B-233, K-233,P-224(s ~~=112);B-283,K-283,P-256(s~~ =128);B-409,K-409,P-384(s ~~=192);B-571,K-571,P-521(s~~ =256). | KAS-ECC CDH-Component SP800-56Ar3", "Perform self-tests(All) | BC-Auth BC-UnAuth DigSig-SigGen DigSig-SigVer DRBG KAS-SSC KBKDF MAC PBKDF SHA XOF | All self-tests executed by the module at boot | AES-ECB AES-GCM Hash DRBG Counter DRBG HMAC DRBG DSA SigGen(FIPS186-4)DSA SigVer(FIPS186-4)ECDSA SigGen(FIPS186-4)ECDSA SigVer(FIPS186-4)RSA SigGen(FIPS186-4)RSA SigVer(FIPS186-4)HMAC-SHA2-256 SHA-1 SHA3-256 SHA2-512 KDF ANS 9.42 KDF ANS 9.63 KAS-ECC-SSC Sp800-56Ar3 KAS-FFC-SSC Sp800-56Ar3 KAS-IFC-SSC KDA OneStep SP800-56Cr2 KDA TwoStep SP800-56Cr2 KDF SSH", "SoftwareIntegrityTest | MAC | HMAC-SHA2-256used to perform the software integrity test | Key size:256 bits | HMAC-SHA2-256", "CryptographicKeyGeneration(CKG)-AESXTS | CKG | AES XTS Key generated to comply with the approved key generation guidelines of NISTSP 800-133rev2,Section6.3,Symmetric KeysProduced byCombiningMultipleKeysandOtherData | Key size:128,256bits | CKG - Section6.3", "KTS-5 | KTS-Unwrap | Key Unwrappingusing any non-authenticatedAESmode | KTS(keyunwrapping)perIGD.G:128,192,and256-bitkeyss providing128,192,or256bitsof decryptionstrength | AES-CBCAES-CFB1AES-CFB128AES-CFB8AES-CTRAES-ECBAES-OFBAES-CBC-CS1AES-CBC-CS2AES-CBC-CS3" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5146", "Certificate Number": "5146", "Vendor Name": "Amazon Web Services, Inc", "Module Name": "AWS-LC Cryptographic Module (dynamic)", "Module Type": "Software", "Validation Date": "01/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5146.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5146", "module_name": "AWS-LC Cryptographic Module (dynamic)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/25/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5422, A5427, A5429, A5431 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A5422, A5427, A5429, A5431 | Key Length - 128 | SP 800-38C", "AES-CMAC | A5422, A5427, A5429, A5431 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B", "AES-CTR | A5422, A5427, A5429, A5431 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5422, A5423, A5427, A5428, A5429, A5430, A5431, A5432, A5435 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A5423, A5428, A5430, A5432, A5435 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 256 IV Generation Mode - 8.2.1, 8.2.2", "AES-GMAC | A5423, A5428, A5430, A5432, A5435 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 256 IV Generation Mode - 8.2.1, 8.2.2", "AES-KW | A5422, A5427, A5429, A5431 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5422, A5427, A5429, A5431 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A5422, A5427, A5429, A5431 | Direction - Decrypt, Encrypt Key Length - 256 | SP 800-38E", "Counter DRBG | A5422, A5427, A5429, A5431 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-5) | A5425, A5426, A5433, A5434 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer (FIPS186-5) | A5425, A5426, A5433, A5434 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen (FIPS186-5) | A5425, A5426, A5433, A5434 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 Component - No | FIPS 186-5", "ECDSA SigVer (FIPS186-4) | A5425, A5426, A5433, A5434 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA1 | FIPS 186-4", "ECDSA SigVer (FIPS186-5) | A5425, A5426, A5433, A5434 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A5425, A5426, A5433, A5434 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5145", "Certificate Number": "5145", "Vendor Name": "PreVeil, Inc", "Module Name": "PreVeil Cryptographic Module based on the OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5145.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5145", "module_name": "PreVeil Cryptographic Module based on the OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The PreVeil Cryptographic Module based on the OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "DSA PQGVer (FIPS186-4) | A3548 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "L - 1024, 2048, 3072 N - 160, 224, 256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "L - 2048, 3072 N - 224, 256 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "Component - No, Yes Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512", "Component - No, Yes Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512", "Prediction Resistance - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-256, SHA3-512", "KDA OneStep SP800-56Cr2 | A3548 | Derived Key Length - 2048", "KDA TwoStep SP800-56Cr2 | A3548 | MAC Salting Methods - default, random", "KDF Mode - feedback", "KDF ANS 9.42 (CVL) | A3548 | KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512", "KDF ANS 9.63 (CVL) | A3548 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512", "KDF KMAC Sp800-108r1 | A3548 | Derived Key Length - Derived Key Length: 112-4096 Increment 8", "KDF SP800-108 | A3548 | KDF Mode - Counter, Feedback", "KDF SSH (CVL) | A3548 | Cipher - AES-128, AES-192, AES-256", "KTS-IFC | A3548 | Modulo - 2048, 3072, 4096, 6144", "KTS-OAEP-basic -", "AES | AES(Any non-authenticated mode),Cert.#A3548):Symmetric key unwrapping | OpenSSL ProjectOpenSSL 3.x FIPSProvider | Per IG D.GAdditionalComment 5", "Triple-DES | Provides 3-Key ECB and CBC mode, but indicated as fips=no, Encryption, Decryption", "Ed448 | SHAKE256, Ed448 provides 224 bits of security, Digital Signature Generation", "Ed25519 | SHA2-512, Ed25519 provides 128 bits of security, Digital Signature Generation", "ECDSA SigVer Component | Provides between 80 and 256 bits for security, Curves: B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521,Digital Signature Verification", "FIPS 186-2 RSA SigGen/SigVer | Provides >=80 bits of security,RSA signature generation/verification per FIPS 186-2", "FIPS 186-2 RSA KeyGen | Provides >=112 bits of security,RSA key generation per FIPS 186-2", "X942KDF-CONCAT | Usage of X942KDF-CONCAT with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "X963KDF | Usage of X963KDF with PRF SHA-1,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256,KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF | Provides<112bits of security,Usage of HKDF with key length less than 112bits", "OneStep KDF | Usage of OneStep KDF with PRF SHAKE128,SHAKE256", "HMAC | Provides<112bits of security,Usage of HMAC with key length less than 112bits for MAC generation", "Hash and HMAC DRBG | Usage of Hash and HMAC DRBGs with PRFs SHA2-224,SHA2-384,SHA2-512/224 and SHA2-512/256", "Symmetric Encryption and Decryption | BC-Auth BC-UnAuth | Symmetric Encryption and Decryption | Key Length:128,192 and 256 bits Key Length(XTS):128 and 256 bits | AES-CBC:(A3548) AES-CBC-CS1:(A3548) AES-CBC-CS2:(A3548) AES-CBC-CS3:(A3548) AES-CCM:(A3548) AES-CFB1:(A3548)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5144", "Certificate Number": "5144", "Vendor Name": "Persistent Systems, LLC", "Module Name": "Wave Relay® Kernel Space Crypto Module", "Module Type": "Software-hybrid", "Validation Date": "01/26/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5144.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5144", "module_name": "Wave Relay® Kernel Space Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/25/2031", "overall_level": 2, "caveat": "When operated in approved mode; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded", "module_type": "Software-hybrid", "embodiment": "Single Chip", "description": "Persistent Systems LLC Wave Relay® Kernel Space Crypto Module is a Software-Hybrid cryptographic module operating on a single-chip device that provides FIPS validated cryptographic algorithms which are used by kernel space system services & protocols (e.g. Wave Relay, IPsec, etc.).", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4588 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A4589 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A4589 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A4589 | KeyLength-128,192,256 | SP800-38C", "AES-CMAC | A4589 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A4588 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A4589 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4588 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4589 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4589 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1,8.2.2KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A4589 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "AES-XTS TestingRevision2.0 | A4589 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "CounterDRBG | A4589 | PredictionResistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP800-90ARev.1", "HashDRBG | A4589 | PredictionResistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMACDRBG | A4589 | PredictionResistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A4588 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA-1 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4588 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4588 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4589 | KeyLength-KeyLength:8-524280Increment8 | FIPS198-1", "HMAC-SHA3-384 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4589 | Key Length - Key Length: 8-524280 Increment 8 | FIPS 198-1", "RSA SigVer(FIPS186-4) | A4589 | Signature Type-PKCS 1.5Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A4588 | Message Length-Message Length:160,0-65536 Increment 8 | FIPS 180-4", "SHA-1 | A4589 | Message Length-Message Length:160,0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4588 | Message Length-Message Length:224,0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4589 | Message Length-Message Length:224,0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4588 | Message Length-Message Length:256,0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4589 | Message Length-Message Length:256,0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4589 | Message Length-Message Length:384,0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4589 | Message Length-Message Length:512,0-65536 Increment 8 | FIPS 180-4", "SHA3-224 | A4589 | Message Length-Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-256 | A4589 | Message Length-Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-384 | A4589 | Message Length-Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-512 | A4589 | Message Length-Message Length:0-65536 Increment 8 | FIPS 202", "AES(GCM)-ExtIV | GCM with Externally Generated IVs", "AES(GCM)-Hybrid | Hybrid Authenticated Symmetric Encryption/Decryption using internally generated IV HW:Encrypt, Decrypt SW:Message Authentication", "ghash | Message Authentication used independently from AES(GCM)", "AES(CCM)-Hybrid | Hybrid Authenticated Symmetric Encryption/Decryption HW:Encrypt, Decrypt SW:Message Authentication", "AES(cbcmac) | Message Authentication used independently from AES(CCM)", "AES(CTS) | Cipher Text Stealing", "AES(XTS)-Hybrid | Hybrid Disk Encryption HW:First encryption SW:Second encryption", "ENT(SW) | Software Entropy Source(Jitterentropy) for DRBG Seeding" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5143", "Certificate Number": "5143", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "ASTRO CDEM Motorola Advanced Crypto Engine (MACE)", "Module Type": "Hardware", "Validation Date": "01/23/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5143.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5143", "module_name": "ASTRO CDEM Motorola Advanced Crypto Engine (MACE)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/22/2031", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The ASTRO CDEM MACE provides secure key management, and data encryption.", "detail_available": true, "algorithms": [ "AES", "DRBG", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5273 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "AES-CBC | A5275 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "AES-CFB8 | A5273 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "AES-ECB | A5275 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "AES-KW | A5438 | Direction-DecryptKeyLength-256 | SP800-38F", "AES-OFB | A5273 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "AES-OFB | A5275 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38A", "Counter DRBG | A5437 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "RSA SigVer(FIPS186-5) | A5253 | Modulo-2048SignatureType-pkcs1v1.5 | FIPS186-5", "SHA2-256 | SHS817 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "AES MAC | No Security Claimed. AES MAC is used as part of OTAR but is considered obfuscation. | \\[IG 2.4.A\\] P25 AES OTAR. AES MAC is applied directly to the plaintext OTAR key components and then KTS encryption is performed on the OTAR key components and decrypted within the module using AES KW Cert #5438" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5142", "Certificate Number": "5142", "Vendor Name": "Minimus", "Module Name": "Minimus Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "01/20/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5142.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5142", "module_name": "Minimus Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Minimus Cryptographic Module for Java is a standards-based cryptographic engine for containers, VMs, and apps that run on cloud native platforms like Docker and Kubernetes.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes: CBC, CFB8, CFB128,CTR, ECB, FF1, OFBKey sizes: 128, 192, 256 bits | AES \\[FIPS 197,SP 800-38A\\],AES FF1 FormatPreservingEncryption \\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing (CS) | A6047 | Modes: CBC-CS1, CBC-CS2,CBC-CS3Key sizes: 128, 192, 256 bits | \\[Addendum toSP 800-38A,Oct 2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38B\\] | Generation,Authentication", "AES GCM/GMAC² | A6047 | Key sizes: 128, 192, 256 bits | \\[SP 800-38D\\] | Generation,Authentication", "AES KW, KWP(KTS: KeyWrapping UsingAES²2 | A6047 | Modes: AES KW, KWPKey sizes: 128, 192, 256 bits(key establishmentmethodology providing 128,192 or 256 bits of encryptionstrength) | \\[SP 800-38F\\] | Key Wrapping", "DRBG, CounterDRBG | A6047 | AES 128, AES 192, AES 256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "DRBG, Hash DRBG | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA2-512,SHA-512/224, SHA2-512/256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "DRBG, HMACDRBG | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA2-512,SHA-512/224, SHA2-512/256 | \\[SP 800-90Ar1\\] | Random BitGeneration", "ECDSA | A6047 | Curves/Key sizes: P-224, P-256,P-384, P-521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes: P-192, K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512,SHA-512/224, SHA-512/256,SHA3-224, SHA3-256, SHA3-384, SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224, P-256, P-384, P-521, K-233, K-283, K-409, K-571, B-233, B-283, B-409, B-571ephemeralUnified, fullMqv,fullUnified, onePassDh,onePassMqv, onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP 800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048, ffdhe3072,ffdhe4096, ffdhe6144,ffdhe8192, MODP-2048,MODP-3072, MODP-4096,MODP-6144, MODP-8192dhHybrid1, MQV2, dhEphem,dhHybrid, OneFlow, MQV1,dhOneFlow, dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP 800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with, and without, keyconfirmation.Key sizes: 2048, 3072, 4096providing between 112 and 152bits of encryption strength | \\[SP 800-56Br2,Section 7.2.1\\] | Key Agreement", "KDA, HKDF | A6047 | PRFs: HMAC-SHA-1, HMACSHA-224, HMAC-SHA-256,HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3-256, SHA3-384,SHA3-512, HMAC-SHA-1,HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512, KMAC-128, KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256,HMAC-SHA-384, HMAC-SHA-512, HMAC-SHA-512/224,HMAC-SHA-512/256, HMAC-SHA3-224, HMAC-SHA3-256,HMAC-SHA3-384, HMAC-SHA3-512, CMAC-AES128, CMAC-AES192, CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, usingPseudorandomFunctions | A6047 | Modes: Counter Mode,Feedback Mode, Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128, 192, 256)HMAC-based KBKDF with SHA-1, SHA-224, SHA-256, SHA-384,SHA-512, SHA3-224, SHA3-256,SHA3-384, SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224, SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be usedalong with KAS-SSC", "KDF, ExistingApplication-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | SNMP KDFPassword Length: 64, 8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific | CVLA6047 | SRTP KDFAES: 128, 192, 256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific}8 | CVLA6047 | SSH KDFAES: 128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific}8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Secific8 | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256, SHA2-384, SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with, and without,key confirmation.Key sizes: 2048, 3072, 4096providing between 112 and 152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section 7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options: PBKDF with Option 1aTypes: HMAC-based KDF usingSHA-1, SHA-224, SHA-256, SHA-384, SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes: 2048, 3072, 4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | SignatureVerification", "RSA | A6047 | Key sizes: 1024, 2048, 3072,40969 | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | SignatureVerification", "RSA | A6047 | Key sizes: 1024, 1536, 2048,3072, 4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1 (PSSand PKCS1.5)\\] | SignatureVerification", "RSA DecryptionPrimitive | CVLA6047 | Key size: 2048 | \\[SP 800-56Br2\\] | ComponentTest", "RSA SignaturePrimitive | CVLA6047 | Key size: 2048 | \\[FIPS 186-4\\] | ComponentTest", "SHA-3, SHAKE | A6047 | SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,SHAKE256 | \\[FIPS 202\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHA-3 DerivedFunctions | A6047 | Types: cSHAKE-128, cSHAKE-256, KMAC-128, KMAC-256,ParallelHash-128, ParallelHash-256, TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHS | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256, SHA-384, SHA-512,SHA-512/224, SHA-512/256 | \\[FIPS 180-4\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "CKG | Used for thegeneration ofsymmetric keys andasymmetric seeds | OtherCryptographic keygeneration | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generatedseed is an unmodified output from aDRBG:• Section 5.1 (Asymmetricseeds from DRBG)Section 6.1 (DirectGeneration of Symmetrickeys from DRBG)", "MD5 within TLS | MD5 within TLS Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES (non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS (non-compliant11) | non-compliant key agreement methods", "DSA (non-compliant1²2) | non-FIPS digest signatures using DSA", "ECDSA (non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption - AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14 using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF (non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF (non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF (non-compliant) | PKCS#5 PBE key derivation scheme", "RSA (non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS (non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher", "DataEncryption | Used to encrypt data | Flag | Key, | Ciphertext | AES CBC, AES | AES Encryption Key | CO /User | E", "Plaintext | CFB8, AESCFB128, AESCTR, AESECB, AES FF1,AES OFB,AES CBC-CS1,AES CBC-CS2,AES CBC-CS3,AES CCM,AES GCM", "DataDecryption | Used to decrypt data | Flag | Key,Ciphertext | Plaintext | AES CBC, AESCFB8, AESCFB128, AESCTR, AESECB, AES FF1,AES OFB,AES CBC-CS1,AES CBC-CS2,AES CBC-CS3,AES CCM,AES GCM | AES Decryption Key | CO /User | E", "MACCalculation | Used to calculate dataintegrity codes withCMAC, GMAC | Flag | Key,Message | MAC | AES CMAC,AES GMAC | AES AuthenticationKey | CO/User | E", "SignatureGeneration | Used to generate digitalsignatures | Flag | Key,Message | Signature | DSA, ECDSA,RSA | DSA Signing Key,EC Signing Key,RSA Signing Key | CO /User | E", "SignatureVerification | Used to verify digitalsignatures | Flag | Key,MessageSignature | Boolean | DSA, ECDSA,RSA | DSA VerificationKey,EC Verification Key,RSA VerificationKey | CO /User | E", "DRBG (SP 800-90Ar1) output | Used to generate random numbers, IVs and keys | Flag | N/A | Data | Counter DRBG Hash DRBG HMAC DRBG | AES Encryption Key, AES Decryption Key, AES Authentication Key, AES Wrapping Key, DH Agreement Private Key, DH Agreement Public Key, DRBG Seed, Internal State V and C value, and DRBG Key, DSA Signing Key, EC Agreement Private Key, EC Agreement | CO/ User CO / User | G E", "DRBG Seed,Internal State Vand C value,and DRBG Key", "MessageHashing | Used to generate amessage digest, SHAKEoutput | Flag | Message | Hash | SHS, SHA-3,SHAKE, SHA-3 DerivedFunctions(cSHAKE,TupleHash,ParallelHash) | N/A | CO /User | N/A", "KeyedMessageHashing | Used to calculate dataintegrity codes with HMACand KMAC | Flag | Key,Message | Hash | HMAC,SHA-3DerivedFunctions(KMAC) | HMACAuthentication Key,KMACAuthentication Key | CO /User | E", "TLS KeyDerivationFunction | Used to calculate a valuesuitable to be used for amaster secret in TLS | Flag | TLSParameters | Data | HKDF,ExistingApplication-Specific (TLSKDF) | TLS KDF SecretValue | CO /User | E", "SSHDerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | SSHParameters | Data | ExistingApplication-Specific (SSHKDF) | SSH KDF SecretValue | CO /User | E:", "X9.63DerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | X9.63Parameters | Data | ExistingApplication-Specific(X9.63 KDF) | DH AgreementPrivate Key,EC AgreementPrivate Key,RSA Signing KeyX9.63 KDF SecretValue | CO /UserCO /User | G", "IKEv2DerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | IKEv2Parameters | Data | ExistingApplication-Specific(IKEv2 KDF) | IKEv2 KDF SecretValue | CO /User | E", "SRTPDerivationFunction | Used to calculate a valuesuitable to be used for asecret key | Flag | SRTPParameters | Data | ExistingApplication-Specific(SRTP KDF) | SRTP KDF SecretValue | CO /User | E", "PBKDF | Used to generate a keyusing an encoding of apassword and a messagehash | Flag | Password, | Data | KDF | HMACAuthentication Key,KMACAuthentication Key | CO /UserCO /User | GE", "HMACAuthentication Key,KMACAuthentication Key,PBKDF Secret Value", "KeyAgreementSchemes | Used to calculate keyagreement values | Flag | Key | Data | KAS-ECC,KAS-FFC,KAS-IFC,Safe Primes | AES EncryptionKey,AES DecryptionKey,AES AuthenticationKey,AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key | co /UserCO/User | GE", "DH AgreementPrivate Key,EC AgreementPrivate Key,RSA Key TransportPrivate Key", "KeyWrapping | Used to encrypt a keyvalue | Flag | Wrappingkey, Key | Wrappedkey | AES KW, AESKWP, KTS-IFC | AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key,RSA Key TransportPrivate Key | CO /User | E", "KeyUnwrapping | Used to decrypt a keyvalue | Flag | Unwrapping key,Wrappedkey | Key | AES KW, AESKWP, KTS-IFC | AES Wrapping Key,HMACAuthentication Key,KMACAuthentication Key,RSA Key TransportPublic Key | CO /User | E", "KeyGeneration | Used to generate a keypair | Flag | KeyGenerationParameters | Key Pair | RSA KeyGen,DSA KeyGen,ECDSAKeyGen, CKG | DRBG Output,DSA Signing Key,EC Signing Key,RSA Signing Key,DSA VerificationKey,EC Verification Key,RSA VerificationKey | CO /User | E", "EntropyCallback | Gathers entropy in apassive manner from auser-provided function | Flag | N/A | Randombits | DRBG, CKG | DRBG Seed,Internal State Vand C value,and DRBG Key | CO /User | G", "DRBGHealth Tests | Used to perform checks ofincoming entropy againstSection 4.4 of SP 800-90B | Flag | N/A | N/A | DRBG | N/A | CO /User | N/A", "SSP ExportOperation | Returns a CSP as data thatcan be used for lateroutput | Flag | SSP | Data | N/A | AES EncryptionKey,AES DecryptionKey,AES AuthenticationKey,AES Wrapping Key,DH AgreementPrivate Key,DH AgreementPublic Key, | CO /User | R", "RSA Signing Key,RSA Key TransportPrivate Key,RSA Key TransportPublic Key", "DataEncryption | Used to encrypt data | Flag | Triple-DES | CO / User", "DataDecryption | Used to decrypt data | Flag | Triple-DES | CO / User", "MACCalculation | Used to calculate data integrity codeswith CMAC | Flag | Triple-DES CMAC | CO / User", "DRBG (SP800-90Ar1)output | Used to generate random numbers,IVs and keys | Flag | ctrDRBG-Triple-DES | CO / User", "KeyAgreementSchemes | Used to calculate key agreementvalues | Flag | Triple-DES | CO / User", "KeyWrapping | Used to encrypt a key value | Flag | Triple-DES KW | CO / User", "KeyUnwrapping | Used to decrypt a key value | Flag | Triple-DES KW | CO / User", "AES Encryption | 128, 192, 256 | AES CBC, | DRBG20 | Import²21, | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESencryption23", "Key | bits | AES CFB8, | Export²22", "AESCFB128,AES CTR,", "AES ECB,", "AES FF1,", "AES OFB,", "AES CBC-", "CCM, AES", "AES DecryptionKey | 128, 192, 256bits | AES CBC, | DRBG20 | Import²21, | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESdecryption", "AES CFB8,AESCFB128,AES CTR, | Export22", "AESAuthenticationKey | 128, 192, 256bits | AES CMAC,AES GMAC,CKGA6047 | DRBG20 | Import²2,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | AESCMAC/GMAC", "AES WrappingKey | 128, 192, 256bits | AES KW,AES KWP,CKGA6047 | DRBG20 | Import²21,Export²22 | N/A | N/A | destroy() servicecall or hostplatform powercycle | AES(128/192/256)key wrappingkey for KTS", "DH AgreementPrivate Key | 112, 128, 152,176, 200 bits | KAS-FFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Diffie-Hellman(ffdhe andMODP) keyagreementMay be pairedwith DHAgreementPublic Key", "DH AgreementPublic Key | 112, 128, 152,176, 200 bits | KAS-FFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | Diffie-Hellman(ffdhe andMODP) keyagreementMay be pairedwith DHAgreementPrivate Key", "DSA SigningKey | 112, 128 bits | DSASignatureGeneration,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | DSA signaturegenerationMay be pairedwith DSAVerificationKey", "DSAVerificationKey | 80, 112, 128bits | DSASignatureVerification,CKGA6047 | DRBG20 | Import²1,Export²22 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | DSA signatureverificationMay be pairedwith DSASigning Key", "EC AgreementPrivate Key | 112, 128, 192,256 bits | KAS-ECC,CKGA6047 | DRBG20 | Import²1,Export²22 | N/A | N/A | destroy() servicecall or hostplatform powercycle | EC keyagreementMay be pairedwith ECAgreementPublic Key", "EC AgreementPublic Key | 112, 128, 192,256 bits | KAS-ECC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | EC keyagreementMay be pairedwith ECAgreementPrivate Key", "HMACAuthenticationKey | 112-256 bits | HMAC-SHA-1, HMAC-SHA-2,HMAC-SHA-3, CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Keyed-HashCalculation", "RSA SigningKey | 112, 128, 152bits | RSASignatureGeneration,CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | RSA signaturegenerationMay be pairedwith RSAVerificationKey", "RSAVerificationKey | 80, 112, 128,152 bits | RSASignatureVerification,CKGA6047 | DRBG20 | Import²1,Export22 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | RSA signatureverificationMay be pairedwith RSASigning Key", "RSA KeyTransportPrivate Key24 | 112, 128, 152bits | KTS-IFC,CKGA6047 | DRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | RSA keytransport anddecryptionMay be pairedwith RSAPublic KeyTransport Key", "RSA KeyTransportPublic Key24 | 112, 128, 152bits | KTS-IFC,CKGA6047 | DRBG20 | Import²1,Export²2 | N/A | N/A | Not zeroized,public key valueknown outside ofmodule | RSA keytransportMay be pairedwith RSA KeyTransportPrivate Key", "IKEv2 KDFSecret Value | 112, 128, 192,256 bits | KDF IKEv2A6047 | Generated asoutput of anIKEv2agreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "PBKDF SecretValue | 112-256 bits | PBKDFA6047 | Generated asoutput of aPBE key and aPRF | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "SRTP KDFSecret Value | 128, 192, 256bits | KDF SRTPA6047 | Generated asoutput of anSRTPagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "SSH KDF SecretValue | 80, 112, 128,192, 256 bits | KDF SSHA6047 | Generated asoutput of anSSHagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "TLS PremasterSecret Value | 384 bits | KDF TLSA6047 | Protocolversion (2bytes) and 46bytes from aDRBG20 | Import²21,Export²2 | N/A | N/A | destroy() servicecall or hostplatform powercycle | Used to derivekeys using TLSKDF", "TLS KDF SecretValue | 112, 128, 192,256 bits | KDF TLSA6047 | Generated asoutput of TLSagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "X9.63 KDFSecret Value | 112, 128, 192,256 bits | KDF ANS9.63A6047 | Generated asoutput of anagreementscheme | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Key Derivation", "CTR DRBG Seed | 128, 192, 256bits | N/A | N/A | Fromexternalentropysource | N/A | N/A | Immediatelyafter use or hostplatform powercycle | Internal use", "CTR DRBG VValue | 128 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "CTR DRBG Key | 128, 192, 256bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "Hash DRBG VValue | 112, 128, 192,256 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "Hash DRBG CValue | 112, 128, 192,256 bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "HMAC DRBGSeed | 112, 128, 192,256 bits | N/A | N/A | Fromexternalentropysource | N/A | N/A | Immediatelyafter use or hostplatform powercycle | Internal use", "HMAC DRBG VValue | 112, 128, 192,256 bits | N/A | From seedvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "HMAC DRBGKey | 112, 128, 192,256 bits | N/A | From DRBG Vvalue | N/A | N/A | N/A | reseed() servicecall or hostplatform powercycle | Internal use", "DRBG Output | 128, 192, 256bits | N/A | DRBG | N/A | N/A | N/A | destroy() servicecall or hostplatform powercycle | Used as seedforasymmetrickeygeneration orfor symmetrickeygeneration", "AES ECB | Encryption KAT (128 bits)", "AES ECB | Decryption KAT (128 bits)", "AES CCM | Encryption KAT (128 bits)", "AES CCM | Decryption KAT (128 bits)", "AES CMAC | Generation KAT (128 bits)", "AES CMAC | Verification KAT (128 bits)", "AES GCM | Encrypt KAT (128 bits)", "AES GCM | Decrypt KAT (128 bits)", "HASH DRBG | SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "HMAC DRBG | HMAC-SHA2-256 KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "CTR DRBG | AES CTR 256 bits KAT (Health Tests: Generate, Reseed, Instantiatefunctions per Section 11.3 of SP 800-90Ar1)", "DSA | Signature Generation KAT (2048 bits)", "DSA | Signature Verification KAT (2048 bits)", "ECDSA | Signature Generation KAT (P-256)", "ECDSA | Signature Verification KAT (P-256)", "HMAC-SHA2-256 | HMAC-SHA2-256 KAT", "HMAC-SHA2-512 | HMAC-SHA2-512 KAT", "HMAC-SHA3-256 | HMAC-SHA3-256 KAT", "KAS-ECC | Primitive \"Z\" Computation KAT (P-256)", "KAS-ECC | Primitive \"Z\" Computation KAT (B-233)", "KAS-FFC | Primitive \"Z\" Computation KAT (ffdhe2048)", "KBKDF | KBKDF KAT (Counter, Feedback, Double Pipeline)", "KDA OneStep | KDA OneStep KAT", "KDA TwoStep | KDA TwoStep KAT", "PBKDF | PBKDF KAT (HMAC-SHA2-256)", "RSA | Signature Generation KAT (2048 bits)", "RSA | Signature Verification KAT (2048 bits)", "RSA Encryption | RSA Encryption KAT SP 800-56Br2 (2048 bits)", "RSA Decryption | RSA Decryption KAT SP 800-56Br2 (2048 bits)", "SHA-1 | SHA-1 KAT", "SHA2-256 | SHA2-256 KAT", "SHA2-512 | SHA2-512 KAT", "SHA-3 | SHA-3 KAT (cSHAKE-128)", "SHAKE256 | SHAKE256 KAT", "ANS 9.63 KDF | ANS 9.63 KDF KAT", "IKEv2 KDF | IKEV2 KDF KAT", "SNMP KDF | SNMP KDF KAT", "SRTP KDF | SRTP KDF KAT", "SSH KDF | SSH KDF KAT", "TLS 1.0 KDF | TLS 1.0 KDF KAT", "TLS 1.1 KDF | TLS 1.1 KDF KAT", "TLS 1.2 KDF | TLS 1.2 KDF KAT", "DSA | DSA Pairwise Consistency Test", "ECDSA | ECDSA Pairwise Consistency Test", "RSA | RSA Pairwise Consistency Test", "CryptoServicesPermission | tIsNullDigestEnabled | No | Only required for TLS digestcalculations.", "CryptoServicesPermission | tIsPKCS15KeyWrapEnabled | No | Only required if TLS is usedwith RSA encryption.", "FIPS 180-4 | Secure Hash Standard (SHS)", "FIPS 198-1 | The Keyed-Hash Message Authentication Code (HMAC)", "FIPS 202 | SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions", "PKCS#1 v2.1 | RSA Cryptography Standard", "AES | Advanced Encryption Standard", "CVL | Component Validation List", "DES | Data Encryption Standard", "DRBG | Deterministic Random Bit Generator", "DSA | Digital Signature Algorithm", "ECDSA | Elliptic Curve Digital Signature Algorithm", "EdDSA | Edwards Curve DSA using Ed25519, Ed448", "HMAC | (Keyed) Hashed Message Authentication Code", "KAS | Key Agreement Scheme", "KDF | Key Derivation Function", "PBKDF | Password-Based Key Derivation Function", "RSA | Rivest Shamir Adleman", "SHA | Secure Hash Algorithm", "TLS | Transport Layer Security" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5141", "Certificate Number": "5141", "Vendor Name": "Juniper Networks, Inc", "Module Name": "Juniper Networks SRX Series Services Gateways", "Module Type": "Hardware", "Validation Date": "01/18/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5141.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5141", "module_name": "Juniper Networks SRX Series Services Gateways", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/17/2031", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SRX1500, SRX4100, SRX4200 and SRX4600 Service Gateways offer outstanding protection, performance, scalability, availability, and integrated security services. Designed for high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500, SRX4100, SRX4200 and SRX4600 are best suited for campuses, regional headquarters and enterprise data centers with a focus on application visibility and control, intrusion prevention, advanced threat protection, authentication, confidentiality of information, and integrated cloud-based security. The SRX5400, SRX5600, and SRX5800 next-generation firewalls are built for large enterprise data centers, service provider infrastructure, and public sector networks. With a modular architecture and high-performance line cards, the SRX Series firewalls are open, scalable security platforms with flexible connectivity options and service integration.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A3693 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A3693 | Direction- Decrypt, EncryptKey Length-128,192,256Payload Length-Payload Length:8-128 Increment8Supports Counter larger than maximum value-NoIncremental Counter-YesCounter Tests Performed-Yes | SP 800-38A", "ECDSA KeyGen(FIPS186-4) | A3693 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3693 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3693 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3693 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A3693 | MAC - MAC: 160Key Length - Key Length: 160 | FIPS 198-1", "HMAC-SHA2-256 | A3693 | MAC - MAC: 256Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-512 | A3693 | MAC - MAC: 512Key Length - Key Length: 512 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3610 | Domain Parameter Generation Methods - P-256, P-384, P-521Hash Function Z - SHA2-256, SHA2-384, SHA2-512Scheme ephemeralUnifiedKAS Role - initiator | SP 800-56A Rev.3", "RSA KeyGen(FIPS186-4) | A3693 | Key Generation Mode - B.3.3Modulo - 2048, 4096Primality Tests - Table C.2Info Generated By Server - NoPublic Exponent Mode - FixedFixed Public Exponent - 010001Private Key Format - Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3693 | Signature Type - PKCS 1.5Modulo - 2048, 4096Hash Pair-Hash Algorithm - SHA2-256 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3693 | Signature Type - PKCS 1.5Modulo - 2048, 4096Hash Pair-Hash Algorithm - SHA2-256Public Exponent Mode - FixedFixed Public Exponent - 010001 | FIPS 186-4", "SHA-1 | A3693 | Message Length - Message Length: 0-65536Increment8Function - SHA1 | FIPS 180-4", "SHA2-256 | A3693 | Message Length - Message Length: 0-65536Increment8Function - SHA2 | FIPS 180-4", "SHA2-384 | A3693 | Message Length - Message Length: 0-65536Increment8Function - SHA2 | FIPS 180-4", "SHA2-512 | A3693 | Message Length - Message Length:0-65536Increment8Function-SHA2 | FIPS 180-4", "HMAC DRBG | A3493 | Prediction Resistance - YesSupports Reseed - NoMode-SHA2-256Entropy Input-Entropy Input:256Nonce-Nonce:128Personalization String Length-Personalization StringLength:0,256Additional Input-Additional Input:0,256Returned Bits-1024 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A3493 | MAC-MAC:256Key Length-Key Length:160,256 | FIPS 198-1", "SHA2-256 | A3493 | Message Length-Message Length:0-51200 Increment8Function-SHA2 | FIPS 180-4", "SHA2-512 | A3361 | Message Length-Message Length:0-51200 Increment8Function-SHA2 | FIPS 180-4", "HMAC-SHA-1 | A3367 | MAC-MAC:160Key Length-Key Length:112,160 | FIPS198-1", "HMAC-SHA2-256 | A3367 | MAC-MAC:256Key Length-Key Length:160,256 | FIPS198-1", "SHA-1 | A3367 | MessageLength-MessageLength:0-51200Increment8Function-SHA1 | FIPS180-4", "SHA2-256 | A3367 | MessageLength-MessageLength:0-51200Increment8Function-SHA2 | FIPS180-4", "SHA2-512 | A3367 | MessageLength-MessageLength:0-65536Increment8Function-SHA2 | FIPS180-4", "KDF SSH(CVL) | A4271 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "Enc/Dec(SSH) | BC-UnAuth | Unauthenticated encryption for SSH | AES-CBC:(A3693)AES-CTR:(A3693)", "KAS-SSC(SSH) | KAS-SSC | Key Agreement Scheme Shared Secret Computation for SSH | KAS-ECC-SSCSp800-56Ar3:(A3610)", "ECDSA SigGen(SSH) | DigSig-SigGen | Signature Generation for peer authentication in SSH | ECDSA SigGen(FIPS186-4):(A3693) SHA2-256:(A3693)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5140", "Certificate Number": "5140", "Vendor Name": "DataLocker, Inc.", "Module Name": "Sentry 5 Encrypted USB Flash Drive", "Module Type": "Hardware", "Validation Date": "01/16/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5140.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5140", "module_name": "Sentry 5 Encrypted USB Flash Drive", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/23/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The DataLocker, Inc. Sentry 5 Encrypted USB Flash Drive is a hardware cryptographic module designed for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based 256-bit AES on-the-fly encryption to guard sensitive information in case the drive is lost or stolen. Its strong, durable, metal casing provides robust physical protection. Its strong password rules and lock-down control protects against brute force attacks.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "A3268 AES-CBC FIPS 197 NIST SP 800-38A CBC Key Length: 256-bit Strength: 256 bits Prerequisite for KW Data Encryption/Decryption", "A3268 AES-ECB FIPS 197 NIST SP 800-38A ECB Key Length: 256-bit Strength: 256 bits Prerequisite for KW Data Encryption/Decryption", "A3268 AES-KW FIPS 197 NIST SP 800-38F KW Key Length: 256-bit Strength: 256 DEK, CO and DEK, U Encryption/Decryption", "A3268 AES-XTS¹ FIPS 197 NIST SP 800-38E XTS Key Length: 256-bit Strength: 256 Mass-Storage Data Encryption/Decryption", "A3268 ECDSA KeyGen FIPS 186-5 Key Generation Curve: P-256 Strength: 128 bits Key Generation of KAS keys", "A3268 ECDSA KeyVer FIPS 186-4 Key Verification Curve: P-256 Strength: 128 bits Key Verification of KAS keys", "A3268 HMAC-SHA2-256 FIPS 198-1 SHA2-256 Key Length: 256-bit Strength: 256 Prerequisite for KDA Message Authentication", "A3268 HMAC DRBG NIST SP 800-90A HMAC-SHA2-256 Security strength: 256 bits Deterministic Random Bit Generation", "A3268 KAS-ECC-SSC NIST SP 800-56Ar3 ECC CDH C(2e, 0s) Curve: P-256 Strength: 128 bits Key Agreement Shared Secret calculation", "A3268 KDA NIST SP 800-56Cr2 Two-Step KDF (HMAC-SHA2-256) Derived Key Length: 256 bits Shared Secret Length: 256 bits Key derivation as part of KAS", "A3268 PBKDF² NIST SP 800-132 (option 2A) HMAC-SHA2-256 Password length: 8 to 136 bytes (refer to Section 4.1) Salt Length: 256 Reriving KEK,CO, KEK,U, KEK,R", "A3268 RSA SigVer (PKCS1 v1.5) FIPS 186-4 Digital Signature Verification Module: 2048 Strength: 128 bits Digital Signature Verification", "¹ AES XTS was designed for the cryptographic protection of data on storage devices per NIST SP 800-38E. It was not designed for other purposes, such as the encryption of data in transit.", "² The module implements PBKDF in conformance with NIST SP 800132 and FIPS IG D.N. Specifically, the module implements Option 2a from Section 5.4 to generate the Key Encryption Key (KEK) responsible for protecting the Data Encryption Key using AES KW (Cert. #3268). The module implements an iteration counter equal to 1024 bits which is greater than the minimum recommendation documented within NIST SP 800-132 - Section 5.2. This is also justified by the maximum limit enforced on password retry attempts (Max = 10). | Non-Proprietary Security Policy for DataLocker, Inc., Sentry 5 Encrypted USB Flash Drive | This document may be freely reproduced and distributed, but only in its entirety and without modification. | * * *", "A3268 SHA2-256 FIPS 180-4 SHA2-256 Strength: 128 bits Prerequisite for HMAC Message Digest | 2.5.2 VENDOR AFFIRMED ALGORITHMS | The module supports the following vendor affirmed algorithms. | CKG Key Type: Symmetric Crypto Library FW v2.00 NIST SP 800-133r2 Sections 4 | 5.1 and 6.1 | 2.5.3 NON-APPROVED, ALLOWED ALGORITHMS | The module does not support non-approved algorithms. | N/A N/A N/A N/A | 2.5.4 NON-APPROVED, ALLOWED ALGORITHMS WITH NO SECURITY CLAIMED | The module does not support non-approved algorithms. | N/A N/A N/A | 2.5.5 NON-APPROVED, NOT ALLOWED ALGORITHMS | The module does not support non-approved algorithms. | N/A N/A | Non-Proprietary Security Policy for DataLocker, Inc., Sentry 5 Encrypted USB Flash Drive | This document may be freely reproduced and distributed, but only in its entirety and without modification. | * * *" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5139", "Certificate Number": "5139", "Vendor Name": "NXP Semiconductors, Inc.", "Module Name": "SE052F", "Module Type": "Hardware", "Validation Date": "01/16/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5139.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5139", "module_name": "SE052F", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The Module, validated to FIPS 140-3 overall Level 3, is a single chip module named SE052F implementing the GlobalPlatform operational environment (Card Manager (ISD/SSD)) and the applications: NXP IoT applet v7.2.22 and NXP SEMS Lite applet v2.0.2.11." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5138", "Certificate Number": "5138", "Vendor Name": "Cisco Systems, Inc", "Module Name": "Cisco Firepower Management Center Virtual Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "01/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5138.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5138", "module_name": "Cisco Firepower Management Center Virtual Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco FMCv Module provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Delivering in-depth analysis, streamlined security management across the network and cloud, and accelerated incident investigation and response, working across Cisco and third-party technologies.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4595 | Key Length-128,256 | SP 800-38A", "AES-GCM | A4595 | Key Length-128,256 | SP 800-38D", "Counter DRBG | A4595 | Prediction Resistance-YesMode-AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods-P256,P-384,P-521 | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4595 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096 | SP 800-56A Rev.3", "KDF SNMP(CVL) | A4595 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4595 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "RSA SigGen(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "SHA-1 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-224 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-256 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-384 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-512 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "TLS v1.2 KDFRFC7627(CVL) | A4595 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5137", "Certificate Number": "5137", "Vendor Name": "Cisco Systems, Inc", "Module Name": "Cisco Firepower Threat Defense Virtual Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "01/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5137.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5137", "module_name": "Cisco Firepower Threat Defense Virtual Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Firepower Threat Defense (FTD) solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. All running in a virtual environment.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4595 | Key Length-128,256 | SP 800-38A", "AES-GCM | A4595 | Key Length-128,256 | SP 800-38D", "Counter DRBG | A4595 | Prediction Resistance-YesMode-AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4595 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4595 | Domain Parameter Generation Methods-P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4595 | Domain Parameter Generation Methods -ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096 | SP 800-56ARev.3", "KDF IKEv2(CVL) | A4595 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A4595 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4595 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "RSA SigGen(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4595 | Modulo-2048,3072 | FIPS186-4", "SHA-1 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-224 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-256 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-384 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-512 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "TLS v1.2 KDFRFC7627(CVL) | A4595 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5136", "Certificate Number": "5136", "Vendor Name": "Juniper Networks", "Module Name": "Juniper Networks EX, QFX and ACX Series with MACsec", "Module Type": "Hardware", "Validation Date": "01/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5136.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5136", "module_name": "Juniper Networks EX, QFX and ACX Series with MACsec", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Junos® OS automates network operations with streamlined precision, furthers operational efficiency, and frees up valuable time and resources for top-line growth opportunities. Built for reliability, security, and flexibility, Junos OS runs many of the world’s most sophisticated network deployments, giving operators an advantage over those who run competing network operating systems.", "detail_available": true, "algorithms": [ "AES", "CVL", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4210 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CTR | A4210 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "ECDSA KeyGen(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A6440 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A6440 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A6440 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A6440 | Component - NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A4210 | Key Length-Key Length:160 | FIPS 198-1", "HMAC-SHA2-256 | A4210 | Key Length-Key Length:256 | FIPS 198-1", "HMAC-SHA2-512 | A4210 | Key Length-Key Length:512 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4387 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KDF SSH(CVL) | A4347 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4210 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4210 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4210 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "AES-CBC | A4416 | Direction- Decrypt, Encrypt", "AES-CMAC | A4416 | Direction- Generation, Verification", "AES-KW | A4416 | Direction- Decrypt, Encrypt", "KDF SP800-108 | A4416 | KDF Mode- Counter", "AES-GCM | AES 4550 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38D", "AES-GCM | C1869 | Direction- Decrypt, Encrypt IV Generation-External KeyLength-128,256 | SP 800-38D", "AES-GCM | C996 | Direction- Decrypt, Encrypt IV Generation-External KeyLength-128,256 | SP 800-38D", "ECDSA SigVer(FIPS186-4) | A4211 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6401 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "SHA2-256 | A4211 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "HMAC-SHA-1 | A4208 | Key Length - Key Length: 112,160 | FIPS 198-1", "HMAC-SHA2-256 | A4208 | Key Length - Key Length: 160,256 | FIPS 198-1", "SHA-1 | A4208 | Message Length - Message Length: 0-51200 Increment8 | FIPS 180-4", "SHA2-256 | A4208 | Message Length - Message Length: 0-51200 Increment8 | FIPS 180-4", "SHA2-512 | A4208 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5135", "Certificate Number": "5135", "Vendor Name": "Juniper Networks", "Module Name": "Juniper Networks EX, QFX and ACX Series", "Module Type": "Hardware", "Validation Date": "01/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5135.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5135", "module_name": "Juniper Networks EX, QFX and ACX Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Junos® OS automates network operations with streamlined precision, furthers operational efficiency, and frees up valuable time and resources for top-line growth opportunities. Built for reliability, security, and flexibility, Junos OS runs many of the world’s most sophisticated network deployments, giving operators an advantage over those who run competing network operating systems.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4210 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A4210 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "ECDSA KeyGen(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4419 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A6440 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4419 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A6440 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4210 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4419 | Curve-P256,P384,P521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A6440 | Component-NoCurve-P256,P384,P521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4210 | Curve-P256,P384,P521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4419 | Curve-P256,P384,P521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6440 | Component-NoCurve-P256,P384,P521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A4210 | Key Length-Key Length:160 | FIPS 198-1", "HMAC-SHA2-256 | A4210 | Key Length-Key Length:256 | FIPS 198-1", "HMAC-SHA2-512 | A4210 | Key Length-Key Length:512 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4387 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KDF SSH(CVL) | A4347 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "RSA KeyGen(FIPS186-4) | A4210 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4210 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4210 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4210 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "HMAC DRBG | A4417 | Prediction Resistance - Yes Mode-SHA2-256 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A4417 | Key Length-Key Length:256 | FIPS 198-1", "SHA2-256 | A4417 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "SHA2-512 | A3329 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "SHA2-512 | A3330 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "SHA2-512 | A3498 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "HMAC-SHA-1 | A4208 | Key Length - Key Length: 112,160 | FIPS 198-1", "HMAC-SHA2-256 | A4208 | Key Length - Key Length: 160,256 | FIPS 198-1", "SHA-1 | A4208 | Message Length - Message Length: 0-51200 Increment8 | FIPS 180-4", "SHA2-256 | A4208 | Message Length - Message Length: 0-51200 Increment8 | FIPS 180-4", "SHA2-512 | A4208 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5134", "Certificate Number": "5134", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX Series 3D Universal Edge Routers", "Module Type": "Hardware", "Validation Date": "01/15/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5134.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5134", "module_name": "Juniper Networks MX Series 3D Universal Edge Routers", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks MX Series 3D Universal Edge Routers Universal Edge Routers provide dedicated high-performance processing for flows and sessions and integrates advanced security capabilities that protect the network infrastructure as well as user data. The MX-SPC3 provides security services such as carrier-grade NAT (CGNAT), IPsec, stateful firewall, deep packet inspection, IDS, traffic load balancing, Web filtering, and DNS sinkhole.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC A3693 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CTR A3693 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "ECDSA KeyGen (FIPS186-4) A3693 Curve - P-256, P-384, P-521 Secret Generation Mode - Testing Candidates FIPS 186-4", "ECDSA KeyVer (FIPS186-4) A3693 Curve - P-256, P-384, P-521 FIPS 186-4", "ECDSA SigGen (FIPS186-4) A3693 Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 FIPS 186-4", "ECDSA SigVer (FIPS186-4) A3693 Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 FIPS 186-4", "HMAC-SHA-1 A3693 Key Length - Key Length: 160 FIPS 198-1", "HMAC-SHA2-256 A3693 Key Length - Key Length: 256 FIPS 198-1", "HMAC-SHA2-512 A3693 Key Length - Key Length: 512 FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 A3610 Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - SP 800-56A Rev. 3 | * * * | ephemeralUnified - | KAS Role - initiator", "RSA KeyGen (FIPS186-4) A3693 Key Generation Mode - B.3.3 | Modulo - 2048, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard", "RSA SigGen (FIPS186-4) A3693 Signature Type - PKCS 1.5 | Modulo - 2048, 4096", "RSA SigVer (FIPS186-4) A3693 Signature Type - PKCS 1.5 | Modulo - 2048, 4096", "SHA-1 A3693 Message Length - Message Length: 0-65536 | Increment 8 FIPS 180-4", "SHA2-256 A3693 Message Length - Message Length: 0-65536 | Increment 8 FIPS 180-4", "SHA2-384 A3693 Message Length - Message Length: 0-65536 | Increment 8 FIPS 180-4", "SHA2-512 A3693 Message Length - Message Length: 0-65536 | Increment 8 FIPS 180-4 | Kernel Approved Cryptographic Functions", "HMAC DRBG A3493 Prediction Resistance - Yes", "Mode - SHA2-256 SP 800-90A Rev. | 1", "HMAC-SHA2-256 A3493 Key Length - Key Length: 160, 256 FIPS 198-1", "SHA2-256 A3493 Message Length - Message Length: 0-51200 | Increment 8 FIPS 180-4", "SHA2-512 A3361 Message Length - Message Length: 0-51200 | Increment 8 FIPS 180-4 | OpenSSH Approved Cryptographic Functions", "KDF SSH (CVL) A4271 Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. | 1 | * * * | Name Properties Implementation Reference", "CKG Key type:Asymmetric Junos 22.2R1 - OpenSSL SP 800-133 Rev.2 Section 4, example 1 direct output from DRBG. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5133", "Certificate Number": "5133", "Vendor Name": "Kingston Technology Company, Inc.", "Module Name": "IronKey Keypad 200 Series", "Module Type": "Hardware", "Validation Date": "01/14/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5133.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5133", "module_name": "IronKey Keypad 200 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/15/2029", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The IronKey Keypad 200 Series are encrypted storage devices that provide a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit AES encryption to secure sensitive information in the event that the drive is lost or stolen.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHS" ], "algorithms_detailed": [ "3749 | AES(NIST SP 800-38E2) | XTS | 256-bits | Encryption of user data within storage application only", "3757 | AES(FIPS 1973NIST SP 800-38A,NIST SP 800-38B4) | ECBCTR | 128-bit,256-bit | Block cipher basis of CTR-DRBG for encryption/decryption of the DEK", "3757 | CMAC | AES | 128-bits | CO/User authentication", "1032 | DRBG(NIST SP 800-90A,NIST SP-800-1335) | AES-CTR | 256-bits | Random bit generator for the generation of encryption keys and salts", "-- | ENT(P)(NIST SP-800-90B) | - | 384-bits | Entropy source used to seed the DRBG", "2459 | HMAC(FIPS 198-16) | SHA-1 | 160-bits | Algorithmic basis of PBKDFv2", "A777 | PBKDFv2(NIST SP 800-1327) | HMAC-SHA-1 | 1 in 10,000,000(~23 bits) | Derivation of the KEK. Conforms to FIPS 140-3 Implementation Guidance (IG)D.N:the module supports option 2a as documented in SP 800-132§5.4", "3127 | SHS(FIPS 180-48) | SHA-1 | N/A | Primitive within HMAC-SHA-1", "CKG | NIST SP-800-1339 | Per Section4 | The unmodified output fromSP800-90A DRBG(256bits) | The unmodified output of theDRBG is used for generating symmetric keys" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5132", "Certificate Number": "5132", "Vendor Name": "Chainguard, Inc.", "Module Name": "Chainguard FIPS Provider for OpenSSL", "Module Type": "Software", "Validation Date": "01/14/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5132.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5132", "module_name": "Chainguard FIPS Provider for OpenSSL", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/13/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Chainguard FIPS Provider for OpenSSL is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module consists of one software component, the “FIPS provider”, which implements FIPS requirements, and the cryptographic functionality provided to the operator.", "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CBC-CS1 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CBC-CS2 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CBC-CS3 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CCM A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38C", "AES-CFB1 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CFB128 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CFB8 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-CMAC A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38B", "AES-CTR A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-ECB A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-GCM A6662, A6663, A6664, A6665, A6681, A6682, A6692, A6693, A6694, A6695, A6696, A6697, A6698, A6699", "AES-GMAC A6662, A6663, A6664, A6665, A6681, A6682, A6692, A6693, A6694, A6695, A6696, A6697, A6698, A6699 | © 2025 Chaiguard, Inc., asec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | * * *", "AES-KW A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38F", "AES-KWP A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38F", "AES-OFB A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38A", "AES-XTS Testing Revision 2.0 A6678, A6679, A6680, A6690, A6691, A6700 - SP 800-38E", "Counter DRBG A6675 - SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-5) A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 186-5", "ECDSA KeyVer (FIPS186-4) A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 186-4", "ECDSA KeyVer (FIPS186-5) A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 186-5", "ECDSA SigGen (FIPS186-5) A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - FIPS 186-5", "ECDSA SigVer (FIPS186-4) A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - FIPS 186-4", "ECDSA SigVer (FIPS186-5) A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - FIPS 186-5", "EDDSA KeyGen A6676 - FIPS 186-5", "EDDSA KeyVer A6676 - FIPS 186-5", "EDDSA SigGen A6676 - FIPS 186-5", "EDDSA SigVer A6676 - FIPS 186-5", "Hash DRBG A6675 - SP 800-90A Rev. 1", "HMAC DRBG A6675 - SP 800-90A Rev. 1", "HMAC-SHA-1 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA2-224 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA2-256 A6666, A6667, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA2-384 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA2-512 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA2-512/224 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1 | © 2025 Chainguard, Inc., assec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | * * * | Chainguard FIPS Provider for OpenSSL | FIPS 140-3 Non-Proprietary Security Policy", "HMAC-SHA2-512/256 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 198-1", "HMAC-SHA3-224 A6670, A6671, A6687, A6688, A6689 - FIPS 198-1", "HMAC-SHA3-256 A6670, A6671, A6687, A6688, A6689 - FIPS 198-1", "HMAC-SHA3-384 A6670, A6671, A6687, A6688, A6689 - FIPS 198-1", "HMAC-SHA3-512 A6670, A6671, A6687, A6688, A6689 - FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 A6666, A6668, A6683, A6684, A6685, A6686 - SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 A6674 - SP 800-56A Rev. 3", "KAS-IFC-SSC A6668 - SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 A6673 - SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 A6672 - SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 A6672 - SP 800-56C Rev. 2", "KDF ANS 9.42 (CVL) A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - SP 800-135 Rev. 1", "KDF KMAC Sp800-108r1 A6677 - SP 800-108 Rev. 1", "KDF SP800-108 A6677 - SP 800-108 Rev. 1", "KDF SSH (CVL) A6666, A6668, A6699, A6683, A6684, A6685, A6686 - SP 800-135 Rev. 1 | KMAC-128 A6670, A6671, A6687, A6688, A6689 - SP 800-185 | KMAC-256 A6670, A6671, A6687, A6688, A6689 - SP 800-185", "KTS-IFC A6666, A6668, A6683, A6684, A6685, A6686 - SP 800-56B Rev. 2", "PBKDF A6666, A6668, A6670, A6671, A6683, A6684, A6685, A6686, A6687, A6688, A6689 - SP 800-132 | © 2025 Chainguard, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | * * * | Chainguard FIPS Provider for OpenSSL | FIPS 140-3 Non-Proprietary Security Policy", "RSA KeyGen (FIPS186-5) A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 186-5", "RSA SigGen (FIPS186-5) A6666, A6668, A6670, A6671, A6683, A6684, A6685, | A6686, A6687, A6688, A6689 - FIPS 186-5", "RSA SigVer (FIPS186-4) A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 186-4", "RSA SigVer (FIPS186-5) A6666, A6668, A6670, A6671, A6683, A6684, A6685, | A6686, A6687, A6688, A6689 - FIPS 186-5 | Safe Primes Key Generation A6674 - SP 800-56A Rev. 3 | Safe Primes Key Verification A6674 - SP 800-56A Rev. 3", "SHA-1 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-224 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-256 A6666, A6667, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-384 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-512 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-512/224 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA2-512/256 A6666, A6668, A6683, A6684, A6685, A6686 - FIPS 180-4", "SHA3-224 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "SHA3-256 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "SHA3-384 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "SHA3-512 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "SHAKE-128 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "SHAKE-256 A6670, A6671, A6687, A6688, A6689 - FIPS 202", "TLS v1.2 KDF RFC7627 (CVL) A6666, A6668, A6683, A6684, A6685, A6686 - SP 800-135 | Rev. 1", "TLS v1.3 KDF (CVL) A6673 - SP 800-135 | Rev. 1 | © 2025 Chainguard, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | * * * | Chainguard FIPS Provider for OpenSSL | FIPS 140-3 Non-Proprietary Security Policy | Name Properties Implementation Reference", "Asymmetric CKG Key Type:Asymmetric Key pairs:RSA; ECDSA; EdDSA; DH N/A SP 800-133r2, section 4, direct DRBG output without XOR | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name Use and Function", "AES-GCM encryption with external IV Encryption", "HMAC with key length < 112 bits Message Authentication Code | KMAC with key length < 112 bits or tag length < 32 bits Message Authentication Code", "TLS 1.2 KDF without extended master secret or with SHA-1 or SHA2-224 or SHA2-512/224 or SHA2-512/256 or SHA-3 functions or with input secret length < 112 bits Key Derivation Function", "KBKDF with input key length < 112 bits Key Derivation Function", "Hash DRBG or HMAC\\_DRBG with SHA2-224 or SHA2-384 or SHA2-512/224 or SHA2-512/256 or SHA-3 functions or KMAC Deterministic Random Bit Generation", "ECDH with P-192 Shared Secret Computation", "RSA SigVer with modulus length < 2048 bits or PSS salt length > digest length or without hashing (primitive) | Digital Signature Verification", "RSA SigGen with SHA-1 or X9.31 padding or modulus length < 2048 bits or PSS salt length > digest length or without hashing (primitive) | Digital Signature Generation", "ECDSA SigVer component Digital Signature Verification", "ECDSA SigGen with P-192 or SHA-1; ECDSA SigGen component with P-192 | Digital Signature Generation", "ECDSA KeyGen with P-192 Key Pair Generation", "SSH KDF with SHA2-512/224 or SHA2-512/256 or SHA-3 functions or input secret length < 112 bits Key Derivation Function", "TLS 1.3 KDF with SHA-1 or SHA2-224 or SHA2-512/224 or SHA2-512 or SHA2-512/256 or SHA-3 functions or input secret length < 112 bits Key Derivation Function", "One step KDF, two step KDF, HKDF, ANS X9.42 KDF with input secret length < 112 bits Key Derivation Function | © 2025 Chainguard, Inc., asec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | * * * | Name Use and Function | X448 Provides 224 bits of security, | X25519 Provides 128 bits of security,", "ANS X9.63 KDF with SHA-1 or input secret length < 112 bits Key Derivation Function", "RSA OAEP encryption/decryption with 1536-bit modulus Asymmetric | encryption/decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5131", "Certificate Number": "5131", "Vendor Name": "Trend Micro Inc.", "Module Name": "Trend Micro Java Crypto Module", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5131.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5131", "module_name": "Trend Micro Java Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trend Micro Java Crypto Module provides FIPS Approved cryptographic algorithms for Trend Micro’s TippingPoint Security Management System (SMS).", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing128,192 or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between112 and256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between112 and200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between112和152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,One Step | A6047 | PRFs:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,Two Step | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF,usingPseudorandomFunctions^{7}$ | A6047 | Modes:Counter Mode,Feedback Mode,Double-Pipeline IterationModeTypes:CMAC-basedKBKDFwithAES(128,192,256)HMAC-basedKBKDFwithSHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDF with Option1aTypes:HMAC-based KDF usingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section 5.1(Asymmetric seeds from DRBG)Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5130", "Certificate Number": "5130", "Vendor Name": "Tellabs Enterprise, Inc.", "Module Name": "Tellabs Panorama PON Manager Cryptographic Module", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5130.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5130", "module_name": "Tellabs Panorama PON Manager Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Tellabs Panorama PON Manager Cryptographic Module is a standards-based cryptographic engine for the PanoramaPON management application. The module delivers core cryptographic functions for securing communication to Tellabs Optical LAN networking equipment.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing128,192 or 256 bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between112 and256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between112and200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between112和152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA,One Step | A6047 | PRFs:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/SHA-224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP800-56Cr2\\] | Key Derivation", "KDA,Two Step | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP800-56Cr2\\] | Key Derivation", "KDF,usingPseudorandomFunctions^{7}$ | A6047 | Modes:Counter Mode,Feedback Mode,Double-Pipeline IterationModeTypes:CMAC-basedKBKDFwithAES(128,192,256)HMAC-basedKBKDFwithSHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SSH KDFAES:128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section5.1(Asymmetric seeds from DRBG)Section6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5129", "Certificate Number": "5129", "Vendor Name": "Singlewire Software", "Module Name": "InformaCast Advanced and Fusion Server Java Crypto Library", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5129.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5129", "module_name": "InformaCast Advanced and Fusion Server Java Crypto Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "InformaCast transforms devices on your network into a powerful system for IP paging and emergency alerting. InformaCast contains Java libraries with robust FIPS 140-3 validated algorithm support.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG, Hash DRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | Key Generation,Key Verification,Signature Generation,Signature Verification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-163⁵ | \\[FIPS 186-4\\] | Key Verification,Signature Verification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,keyconfirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA-3224,SHA-3256,SHA-384,SHA-3512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA-3224,HMAC-SHA-3256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-3224,SHA-3256,SHA-384,SHA-3512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific$^8$ | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific$^8$ | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096$^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5128", "Certificate Number": "5128", "Vendor Name": "Saviynt", "Module Name": "Saviynt Cryptographic Module", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5128.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5128", "module_name": "Saviynt Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Saviynt Cryptographic Module provides core cryptographic functions to the Saviynt Security Manager platform.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HashDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLSv1.0/1.1KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS1.2KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096$^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$ ^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$ ^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$ ^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$ ^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5127", "Certificate Number": "5127", "Vendor Name": "Radiant Logic Inc.", "Module Name": "Radiant Logic Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5127.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5127", "module_name": "Radiant Logic Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Radiant Logic Cryptographic Module for Java is a standards-based cryptographic engine for native Java environments. The module delivers core cryptographic functions to mobile and server platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,keyconfirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-3224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific$^8$ | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific$^8$ | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section 5.1(Asymmetric seeds from DRBG)Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5126", "Certificate Number": "5126", "Vendor Name": "Quantum Knight, INC.", "Module Name": "CLEAR Cryptosystem", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5126.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5126", "module_name": "CLEAR Cryptosystem", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "CLEAR Cryptosystem is a standards-based cryptographic engine that enables the protection of data requiring absolute compliance with federal standards. The module delivers core cryptographic functions for boosting the strength and speed of cryptographic protection while guaranteeing data integrity, data at rest encryption, and streaming data transmissions. CLEAR Cryptosystem provides flexible modes of operation that include multi-factor authentication (MFA) and embedded access control lists (ACL) for controlled access to data.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HashDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,k-233,k-283,k-409,k-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,k-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,keyconfirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMA-CAES128,CMA-CAES192,CMA-CAES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, usingPseudorandomFunctions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific$^8$ | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific$^8$ | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAPE with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwith Option1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096$^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5125", "Certificate Number": "5125", "Vendor Name": "Proofpoint Inc.", "Module Name": "Proofpoint Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5125.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5125", "module_name": "Proofpoint Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Proofpoint Cryptographic Module for Java is a cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-3 standard. The module is a cryptographic library that provides a variety of cryptographic services.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HashDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,k-233,k-283,k-409,k-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,k-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA-322,SHA-325,SHA-384,SHA-3512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA-322,HMAC-SHA-325,SHA-384,HMAC-SHA-3512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA-322,HMAC-SHA-325,SHA-384,HMAC-SHA-3512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-322,SHA-325,SHA-384,SHA-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section 5.1(Asymmetric seeds from DRBG)Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5124", "Certificate Number": "5124", "Vendor Name": "HP Inc.", "Module Name": "HPI Crypto Module for Java", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5124.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5124", "module_name": "HPI Crypto Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "HPI Crypto Module for Java is a standards-based cryptographic engine for native Java environments. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS 197,SP 800-38A\\],AES FF1 Format Preserving Encryption\\[SP 800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum to SP 800-38A,Oct 2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping Using AES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing 128,192 or 256 bits of encryption strength) | \\[SP 800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES 128,AES 192,AES 256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096$^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from aDRBG:Section5.1(Asymmetric seeds from DRBG)Section6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5123", "Certificate Number": "5123", "Vendor Name": "HID Global Corporation", "Module Name": "HID Global Cryptographic Module", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5123.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5123", "module_name": "HID Global Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "HID Global Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to some of HID Global’s mobile app solutions for multifactor authentication - such as the HID Approve mobile app and HID Approve mobile SDK.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AESKW,KWP(KTS:KeyWrappingUsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishmentmethodology providing128,192or256bits of encryptionstrength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | RandomBitGeneration", "DRBG,HashDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | RandomBitGeneration", "DRBG,HMACDRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | RandomBitGeneration", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,keyconfirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-3224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KASSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5122", "Certificate Number": "5122", "Vendor Name": "CyberArk Software Ltd.", "Module Name": "CyberArk Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5122.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5122", "module_name": "CyberArk Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CyberArk Cryptographic Module for Java is a comprehensive cryptographic library designed to provide robust security solutions for Java and Android applications. It offers a wide range of cryptographic functions and features, including encryption, decryption, hashing, digital signatures, and key management. With CyberArk Cryptographic Module for Java, developers can easily integrate strong cryptographic capabilities into their Java applications to ensure data confidentiality, integrity, and authenticity.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1, SHA-224, SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section 5.1(Asymmetric seeds from DRBG)Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5121", "Certificate Number": "5121", "Vendor Name": "CTERA Networks Ltd.", "Module Name": "CTERA Crypto Module™ (Java)", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5121.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5121", "module_name": "CTERA Crypto Module™ (Java)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CTERA Crypto Module™ (Java) is a secure cryptographic engine used by the CTERA Enterprise File Services Platform. CTERA enables enterprises, defense and government agencies to gain control of their file data globally for optimal edge performance, data insight, and governance.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC¹ | A6047 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing128,192 or 256 bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between112 and256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between112 and200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between112和152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,One Step | A6047 | PRFs:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,Two Step | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF,usingPseudorandomFunctions^{7}$ | A6047 | Modes:Counter Mode,Feedback Mode,Double-Pipeline IterationModeTypes:CMAC-basedKBKDFwithAES(128,192,256)HMAC-basedKBKDFwithSHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDF with Option1aTypes:HMAC-based KDF usingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$ ^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$ ^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$ ^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$ ^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5120", "Certificate Number": "5120", "Vendor Name": "Cohesity, Inc.", "Module Name": "Cohesity Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "01/13/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5120.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5120", "module_name": "Cohesity Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cohesity Cryptographic Module for Java delivers core cryptographic functions for use in various Cohesity products.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KTS", "SHA" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC¹ | A6047 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing128,192 or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS186-4\\] | KeyVerification,SignatureVerification" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5119", "Certificate Number": "5119", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks EX4100", "Module Type": "Hardware", "Validation Date": "01/09/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5119.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5119", "module_name": "Juniper Networks EX4100", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/8/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4301 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4301 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "ECDSA KeyGen (FIPS186-4) | A4301 | Curve - P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A4301 | Curve - P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen (FIPS186-4) | A4301 | Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4", "ECDSA SigVer (FIPS186-4) | A4301 | Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A4301 | Key Length - Key Length: 160 | FIPS 198-1", "HMAC-SHA2-256 | A4301 | Key Length - Key Length: 256 | FIPS 198-1", "HMAC-SHA2-512 | A4301 | Key Length - Key Length: 512 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4301 | Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDF SSH (CVL) | A4301 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "RSA KeyGen (FIPS186-5) | A4301 | Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5", "RSA SigGen (FIPS186-5) | A4301 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigVer (FIPS186-5) | A4301 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5 | FIPS 186-5", "SHA-1 | A4301 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4301 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4301 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4301 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "ECDSA SigVer(FIPS186-4) | A4302 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "SHA2-256 | A4302 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "HMAC DRBG | A4303 | Prediction Resistance - Yes Mode-SHA2-256 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A4303 | Key Length-Key Length:256 | FIPS 198-1", "SHA2-256 | A4303 | Message Length-Message Length:0-51200 Increment8 | FIPS 180-4", "SHA2-512 | A4303 | Message Length-Message Length:0-51200 Increment8 | FIPS 180-4", "HMAC-SHA-1 | A4306 | Key Length - Key Length: 112,160 | FIPS 198-1", "HMAC-SHA2-256 | A4306 | Key Length - Key Length: 160,256 | FIPS 198-1", "SHA-1 | A4306 | Message Length - Message Length: 0-51200 Increment 8 | FIPS 180-4", "SHA2-256 | A4306 | Message Length - Message Length: 0-51200 Increment 8 | FIPS 180-4", "SHA2-512 | A4306 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "Enc/Dec(SSH) | BC-UnAuth | Unauthenticated encryption for SSH | AES-CBC:(A4301)AES-CTR:(A4301)", "KAS-SSC(SSH) | KAS-SSC | Key AgreementScheme Shared Secret Computation for SSH | KAS-ECC-SSCSp800-56Ar3:(A4301)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5118", "Certificate Number": "5118", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX304 and EX4100 with MACsec", "Module Type": "Hardware", "Validation Date": "01/09/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5118.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5118", "module_name": "Juniper Networks MX304 and EX4100 with MACsec", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/8/2031", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX304 Universal Routing Platform is a cloud-era platform that cost effectively addresses the evolutionary edge and metro Ethernet needs of service providers, mobile operators, web-scale operators, and multiple-service operators (MSOs). The Juniper Networks EX4100 line of Ethernet Switches offers a secure, cloud-ready portfolio of access switches ideal for enterprise branch, campus, and data center networks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC \\| A4301 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "AES-CTR \\| A4301 \\| Direction - Decrypt, Encrypt Key Length - 128, 192, 256 \\| SP 800-38A", "ECDSA KeyGen (FIPS186-4) \\| A4301 \\| Curve - P-256, P-384, P-521 Secret Generation Mode - Testing Candidates \\| FIPS 186-4", "ECDSA KeyVer (FIPS186-4) \\| A4301 \\| Curve - P-256, P-384, P-521 \\| FIPS 186-4", "ECDSA SigGen (FIPS186-4) \\| A4301 \\| Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 \\| FIPS 186-4", "ECDSA SigVer (FIPS186-4) \\| A4301 \\| Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512", "HMAC-SHA-1 \\| A4301 \\| Key Length - Key Length: 160 \\| FIPS 198-1", "HMAC-SHA2-256 \\| A4301 \\| Key Length - Key Length: 256 \\| FIPS 198-1", "HMAC-SHA2-512 \\| A4301 \\| Key Length - Key Length: 512 \\| FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 \\| A4301 \\| Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder \\| SP 800-56A Rev. 3", "KDF SSH (CVL) \\| A4301 \\| Cipher - AE5-128, AE5-192, AE5-256 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 \\| SP 800-135 Rev. 1", "RSA KeyGen (FIPS186-5) \\| A4301 \\| Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard \\| FIPS 186-5", "RSA SigGen (FIPS186-5) \\| A4301 \\| Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5 \\| FIPS 186-5", "RSA SigVer (FIPS186-5) \\| A4301 \\| Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5 \\| FIPS 186-5", "SHA-1 \\| A4301 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4", "SHA2-256 \\| A4301 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4", "SHA2-384 \\| A4301 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4", "SHA2-512 \\| A4301 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4 | * * * | MACsec", "AES-CBC \\| A4304 \\| Direction - Decrypt, Encrypt Key Length - 128, 256 \\| SP 800-38A", "AES-CMAC \\| A4304 \\| Direction - Generation, Verification Key Length - 128, 256 \\| SP 800-38B", "AES-KW \\| A4304 \\| Direction - Decrypt, Encrypt Key Length - 128 \\| SP 800-38F", "KDF SP800-108 \\| A4304 \\| KDF Mode - Counter Supported Lengths - Supported Lengths: 128, 256 \\| SP 800-108 Rev. 1 | MACsec PHY", "AES-GCM \\| A4664 \\| Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.2 Key Length - 128, 256", "AES-GCM \\| AES 4550 \\| Direction - Decrypt, Encrypt Key Length - 128, 256 \\| SP 800-38D", "AES-GCM \\| C1869 \\| Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 256 \\| SP 800-38D | OpenSSL 1.1.1", "ECDSA SigVer (FIPS186-4) \\| A4302 \\| Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512", "SHA2-256 \\| A4302 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4 | Kernel", "HMAC DRBG \\| A4303 \\| Prediction Resistance - Yes Mode - SHA2-256 \\| SP 800-90A Rev. 1", "HMAC SHA2-256 \\| A4303 \\| Key Length - Key Length: 256 \\| FIPS 198-1", "SHA2-256 \\| A4303 \\| Message Length - Message Length: 0-51200 Increment 8 \\| FIPS 180-4", "SHA2-512 \\| A4303 \\| Message Length - Message Length: 0-51200 Increment 8 \\| FIPS 180-4 | LibMD", "HMAC-SHA-1 \\| A4306 \\| Key Length - Key Length: 112, 160 \\| FIPS 198-1", "HMAC-SHA2-256 \\| A4306 \\| Key Length - Key Length: 160, 256 \\| FIPS 198-1", "SHA-1 \\| A4306 \\| Message Length - Message Length: 0-51200 Increment 8 \\| FIPS 180-4", "SHA2-256 \\| A4306 \\| Message Length - Message Length: 0-51200 Increment 8 \\| FIPS 180-4", "SHA2-512 \\| A4306 \\| Message Length - Message Length: 0-65536 Increment 8 \\| FIPS 180-4 | Juniper Networks Non-Proprietary FIPS 140-3 Security Policy Page 12 of 35 | * * * | JUNIPER | NETWORKS | Name Properties Implementation Reference", "CKG Key type:Asymmetric N/A SP 800-133 Rev.2 Section 4, example 1 direct output from DRBG. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5117", "Certificate Number": "5117", "Vendor Name": "Ctrl IQ, Inc.", "Module Name": "Rocky Linux 8 and 9 libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "01/06/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5117.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5117", "module_name": "Rocky Linux 8 and 9 libgcrypt Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/5/2031", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Rocky Linux 8 and 9 libgcrypt Cryptographic Module is a general purpose crypto library based on the code used in GNU Privacy Guard.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Ctrl IQ, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "AES-KW | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing | Revision 2.0 | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A6114, A6115, A6117, | A6118, A6122, A6123, | A6125, A6126 | Prediction Resistance - No, Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1 | Deterministic", "ECDSA SigGen | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512, SHA2-512/224,", "SHA2-512/256, SHA3-224, SHA3-256,", "SHA3-384, SHA3-512 | Component - No | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing | candidates | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Curve - P-224, P-256, P-384, P-521", "SHA3-384, SHA3-512 | FIPS 186-5", "Hash DRBG | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Prediction Resistance - No, Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1 | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Ctrl IQ, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "HMAC DRBG | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Prediction Resistance - No, Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "HMAC-SHA-1 | A6113, A6114, A6115, | A6116, A6117, A6118, | A6121, A6122, A6123, | A6124, A6125, A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6116, A6117, A6118, | A6124, A6125, A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6116, A6117, A6118, | A6124, A6125, A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6116, A6117, A6118, | A6124, A6125, A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6116, A6117, A6118, | A6124, A6125, A6126 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1 | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Ctrl IQ, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "PBKDF | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Iteration Count - Iteration Count: 1000- | 10000000 Increment 1 | Password Length - Password Length: 8- | 128 Increment 1 | SP 800-132", "RSA KeyGen | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Key Generation Mode - probable | Modulo - 2048, 3072, 4096, 6144, 8192 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A6113, A6114, A6115, | A6116, A6117, A6118, | A6121, A6122, A6123, | A6124, A6125, A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Ctrl IQ, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "SHA2-512/256 | A6114, A6115, A6116, | A6117, A6118, A6122, | A6123, A6124, A6125, | A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A6116, A6117, A6118, | A6124, A6125, A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A6116, A6117, A6118, | A6124, A6125, A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A6116, A6117, A6118, | A6124, A6125, A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A6116, A6117, A6118, | A6124, A6125, A6126 | Message Length - Message Length: 0- | 65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A6116, A6117, A6118, | A6124, A6125, A6126 | Output Length - Output Length: 16- | 65536 Increment 8 | FIPS 202", "SHAKE-256 | A6116, A6117, A6118, | A6124, A6125, A6126 | Output Length - Output Length: 16- | 65536 Increment 8 | FIPS 202 | The above table lists all approved cryptographic algorithms of the module, including specific key lengths | employed for approved services, and implemented modes or methods of operation of the algorithms. | Name | Implementation | Asymmetric Cryptographic Key | Generation (CKG) | Key | type:Asymmetric | N/A | SP 800-133 Rev.2 section 4, | example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "ECDH", "Shared secret computation", "AES-GCM, AES-GCM-SIV,", "AES-OCB, AES-EAX | Symmetric encryption; Symmetric decryption | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Ctrl IQ, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Use and Function", "RSA | Signature generation (pre-hashed); Signature verification (pre-hashed); | Asymmetric encryption (primitive); Asymmetric decryption (primitive)", "ECDSA | Signature generation (pre-hashed); Signature verification (pre-hashed) | The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved | services." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5116", "Certificate Number": "5116", "Vendor Name": "Ctrl IQ, Inc.", "Module Name": "Rocky Linux 9 OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/06/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5116.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5116", "module_name": "Rocky Linux 9 OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/5/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL library implementation providing cryptographic services to Linux user space software components.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6603,A6607,A6608 | - | SP 800-38A", "AES-CBC-CS1 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CBC-CS2 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CBC-CS3 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CCM | A6603,A6607,A6608 | - | SP 800-38C", "AES-CFB1 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CFB128 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CFB8 | A6603,A6607,A6608 | - | SP 800-38A", "AES-CMAC | A6603,A6607,A6608 | - | SP 800-38B", "AES-CTR | A6603,A6607,A6608 | - | SP 800-38A", "AES-ECB | A6603,A6607,A6608 | - | SP 800-38A", "AES-GCM | A6604,A6609,A6610,A6611,A6612,A6613,A6614,A6615,A6616 | - | SP 800-38D", "AES-GMAC | A6604,A6609,A6610,A6611,A6612,A6613,A6614,A6615,A6616 | - | SP 800-38D", "AES-KW | A6603,A6607,A6608 | - | SP 800-38F", "AES-KWP | A6603,A6607,A6608 | - | SP 800-38F", "AES-OFB | A6603,A6607,A6608 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6603, A6607, A6608 | - | SP 800-38E", "Counter DRBG | A5957 | - | SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-5) | A6605, A6617, A6618, A6619 | - | FIPS 186-5", "ECDSA KeyVer (FIPS186-5) | A6605, A6617, A6618, A6619 | - | FIPS 186-5", "ECDSA SigGen (FIPS186-5) | A6605, A6606, A6617, A6618, A6619 | - | FIPS 186-5", "ECDSA SigVer (FIPS186-5) | A6605, A6606, A6617, A6618, A6619 | - | FIPS 186-5", "EDDSA KeyGen | A6328 | - | FIPS 186-5", "EDDSA SigGen | A6328 | - | FIPS 186-5", "EDDSA SigVer | A6328 | - | FIPS 186-5", "Hash DRBG | A5957 | - | SP 800-90A Rev. 1", "HMAC DRBG | A5957 | - | SP 800-90A Rev. 1", "HMAC-SHA-1 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-224 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-256 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-384 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-512 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-512/224 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A6605, A6617, A6618, A6619 | - | FIPS 198-1", "HMAC-SHA3-224 | A6606 | - | FIPS 198-1", "HMAC-SHA3-256 | A6606 | - | FIPS 198-1", "HMAC-SHA3-384 | A6606 | - | FIPS 198-1", "HMAC-SHA3-512 | A6606 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A6605, A6617, A6618, A6619 | - | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A6602 | - | SP 800-56A Rev. 3", "KAS-IFC-SSC | A6605, A6617, A6618, A6619 | - | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A6601 | - | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A6600 | - | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A6600 | - | SP 800-56C Rev. 2", "KDF ANS 9.42 (CVL) | A6605, A6606, A6617, A6618, A6619 | - | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A6605, A6606, A6617, A6618, A6619 | - | SP 800-135 Rev. 1", "KDF SP800-108 | A6599 | - | SP 800-108 Rev. 1", "KDF SSH (CVL) | A6605, A6617, A6618, A6619 | - | SP 800-135 Rev. 1", "KTS-IFC | A6605, A6617, A6618, A6619 | - | SP 800-56B Rev. 2", "PBKDF | A6605,A6606,A6617,A6618,A6619 | - | SP 800-132", "RSA KeyGen(FIPS186-5) | A6605,A6617,A6618,A6619 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A6605,A6606,A6617,A6618,A6619 | - | FIPS 186-5", "RSA SigVer(FIPS186-2) | A6605,A6617,A6618,A6619 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6605,A6617,A6618,A6619 | - | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6605,A6606,A6617,A6618,A6619 | - | FIPS 186-5", "SHA-1 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-224 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-256 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-384 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-512 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-512/224 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA2-512/256 | A6605,A6617,A6618,A6619 | - | FIPS 180-4", "SHA3-224 | A6606 | - | FIPS 202", "SHA3-256 | A6606 | - | FIPS 202", "SHA3-384 | A6606 | - | FIPS 202", "SHA3-512 | A6606 | - | FIPS 202", "SHAKE-128 | A6606 | - | FIPS 202", "SHAKE-256 | A6606 | - | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A6605,A6617,A6618,A6619 | - | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A6601 | - | SP 800-135Rev.1", "AES-GCM with external IV | Authenticated encryption", "HMAC with<112-bit keys | Message authentication", "KBKDF with<112-bit keys | Key derivation", "KDA OneStep,HKDF with<112-bit keys | Key derivation", "KDA OneStep with SHAKE128,SHAKE256 | Key derivation", "ANS X9.42 KDF,ANS X9.63 KDF with<112-bit keys | Key derivation", "ANS X9.42 KDF with SHAKE128,SHAKE256 | Key derivation", "ANS X9.63 KDF with SHA-1,SHAKE128,SHAKE256 | Key derivation", "SSH KDF with SHA-512/224,SHA-512/256,SHA-3,SHAKE128,SHAKE256 | Key derivation", "TLS 1.2 KDF with SHA-1,SHA-224,SHA-512/224,SHA-512/256,SHA-3 | Key derivation", "TLS 1.3 KDF with SHA-1,SHA-224,SHA-512,SHA-512/224,SHA-512/256,SHA-3 | Key derivation", "RSA-PSS with invalid salt length | Signature generation/verification", "RSA with no padding | Signature generation/verification", "RSA and ECDSA with no hashing | Signature generation/verification" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5115", "Certificate Number": "5115", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 24.04 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "01/06/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5115.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5115", "module_name": "Canonical Ltd. Ubuntu 24.04 OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/5/2031", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Canonical Ltd. Ubuntu 24.04 OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CBC-CS1 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CBC-CS2 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CBC-CS3 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CCM | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38C", "AES-CFB1 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CFB128 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CFB8 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-CMAC | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38B", "AES-CTR | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-ECB | A5747,A5748,A5749,A5751,A5752,A5753,A5754,A5755,A5774,A5775,A5776,A5927,A5932 | - | SP 800-38A", "AES-GCM | A5759,A5760,A5761,A5762,A5763,A5764,A5765,A5766,A5767,A5777,A5781,A5782,A5783,A5928,A5929,A5930 | - | SP 800-38D", "AES-GMAC | A5759,A5760,A5761,A5762,A5763,A5764,A5765,A5766,A5767,A5777,A5781,A5782,A5783,A5928,A5929,A5930 | - | SP 800-38D", "AES-KW | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38F", "AES-KWP | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38F", "AES-OFB | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5747,A5748,A5749,A5774,A5775,A5776,A5927 | - | SP 800-38E", "Counter DRBG | A5746 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5745,A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 186-5", "ECDSA KeyVer(FIPS186-4) | A5745,A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-5) | A5745,A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5750,A5756,A5768,A5769,A5770,A5771,A5778,A5780,A5931,A5933 | - | FIPS 186-5", "ECDSA SigVer (FIPS186-4) | A5750, A5756, A5768, A5769, A5770, A5771, A5778, A5780, A5931, A5933 | - | FIPS 186-4", "ECDSA SigVer (FIPS186-5) | A5750, A5756, A5768, A5769, A5770, A5771, A5778, A5780, A5931, A5933 | - | FIPS 186-5", "Hash DRBG | A5746 | - | SP 800-90A Rev. 1", "HMAC DRBG | A5746 | - | SP 800-90A Rev. 1", "HMAC-SHA-1 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA2-224 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA2-256 | A5750, A5768, A5769, A5770, A5771, A5778, A5779, A5931 | - | FIPS 198-1", "HMAC-SHA2-384 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA2-512 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA2-512/224 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | FIPS 198-1", "HMAC-SHA3-224 | A5756, A5780, A5933 | - | FIPS 198-1", "HMAC-SHA3-256 | A5756, A5780, A5933 | - | FIPS 198-1", "HMAC-SHA3-384 | A5756, A5780, A5933 | - | FIPS 198-1", "HMAC-SHA3-512 | A5756, A5780, A5933 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A5773 | - | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A5758 | - | SP 800-56C Rev. 2", "KDA OneStep SP800-56Cr2 | A5744 | - | SP 800-56C Rev. 2", "KDA TwoStep SP800-56Cr2 | A5744 | - | SP 800-56C Rev. 2", "KDF ANS 9.42 (CVL) | A5750, A5756, A5768, A5769, A5770, A5771, A5778, A5780, A5931, A5933 | - | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A5750, A5768, A5769, A5770, A5771, A5778, A5931 | - | SP 800-135 Rev. 1", "KDF SP800-108 | A5772 | - | SP 800-108 Rev. 1", "KDF SSH (CVL) | A5751, A5752, A5753, A5754, A5755, A5932 | - | SP 800-135 Rev. 1", "PBKDF | A5750, A5756, A5768, A5769, A5770, A5771, A5778, A5780, A5931, A5933 | - | SP 800-132", "RSA KeyGen(FIPS186-5) | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5750,A5756,A5768,A5769,A5770,A5771,A5778,A5780,A5931,A5933 | - | FIPS 186-5", "RSA SigVer(FIPS186-4) | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 186-4", "RSA SigVer(FIPS186-5) | A5750,A5756,A5768,A5769,A5770,A5771,A5778,A5780,A5931,A5933 | - | FIPS 186-5", "SHA-1 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA2-224 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA2-256 | A5750,A5768,A5769,A5770,A5771,A5778,A5779,A5931 | - | FIPS 180-4", "SHA2-384 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA2-512 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA2-512/224 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA2-512/256 | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | FIPS 180-4", "SHA3-224 | A5756,A5780,A5933 | - | FIPS 202", "SHA3-256 | A5756,A5780,A5933 | - | FIPS 202", "SHA3-384 | A5756,A5780,A5933 | - | FIPS 202", "SHA3-512 | A5756,A5780,A5933 | - | FIPS 202", "SHAKE-128 | A5756,A5780,A5933 | - | FIPS 202", "SHAKE-256 | A5756,A5780,A5933 | - | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A5750,A5768,A5769,A5770,A5771,A5778,A5931 | - | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5758 | - | SP 800-135Rev.1", "AES GCM (external IV) | Encryption", "DSA | Signature Generation, Signature Verification, Key Pair Generation, Key Pair Verification", "ECDSA with curve P-192,B-163,K-163 | Key Pair Generation", "ECDSA with curve B-163,K-163 | Key Pair Verification", "ECDSA with curve P-192 | Signature Generation", "ECDSA with curve B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571 | Signature Generation, Signature Verification", "RSA and ECDSA(pre-hashed message) | Signature Generation(pre-hashed message), Signature Verification(pre-hashed message)", "RSA X9.31 | Signature Generation, Signature Verification", "RSA primitive | Asymmetric Encryption, Asymmetric Decryption", "RSA-OAEP | Asymmetric Encryption, Asymmetric Decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5114", "Certificate Number": "5114", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Adaptive Security Appliance Virtual Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "12/19/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5114.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5114", "module_name": "Cisco Adaptive Security Appliance Virtual Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/18/2030", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Virtual Adaptive Security Appliances offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. Delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4595 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-GCM | A4595 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,256 | SP800-38D", "Counter DRBG | A4595 | Prediction Resistance-YesMode-AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4595 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4595 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4595 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4595 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4595 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4595 | Key Length-Key Length:8-524288Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4595 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme- | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4595 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme-dhEphem-KAS Role-initiator, responder | SP 800-56ARev.3", "KDF IKEv2(CVL) | A4595 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-DerivedKeying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A4595 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4595 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4595 | Key Generation Mode-B.3.4Modulo-2048,3072 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4595 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4595 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072 | FIPS 186-4", "SHA-1 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4595 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4595 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5113", "Certificate Number": "5113", "Vendor Name": "Ctrl IQ, Inc.", "Module Name": "Rocky Linux 9 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "12/18/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5113.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5113", "module_name": "Rocky Linux 9 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/17/2030", "overall_level": 1, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Rocky Linux 9 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5837,A5840,A5843,A5846 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5837,A5840,A5843,A5846 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CCM | A5837,A5840,A5846 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB128 | A5837,A5840,A5846 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CMAC | A5837,A5840,A5846 | Direction- Generation, Verification Key Length - 128,192,256 | SP 800-38B", "AES-CTR | A5837,A5840,A5843,A5846 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-ECB | A5837,A5838,A5839,A5840,A5841,A5842,A5843,A5844,A5845,A5846,A5847,A5848 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-GCM | A5837,A5839,A5840,A5842,A5843,A5845,A5846,A5848 | Direction- Decrypt, Encrypt IV Generation- External Key Length - 128,192,256 | SP 800-38D", "AES-GCM | A5838,A5841,A5844,A5847 | Direction- Decrypt, Encrypt IV Generation- Internal IV Generation Mode-8.2.1 Key Length - 128,192,256 | SP 800-38D", "AES-GMAC | A5837,A5840,A5846 | Direction- Decrypt, Encrypt IV Generation- External Key Length - 128,192,256 | SP 800-38D", "AES-KW | A5837,A5840,A5846 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38F", "AES-OFB | A5837,A5840,A5846 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5837,A5840,A5843,A5846 | Direction- Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "Counter DRBG | A5837,A5838,A5839,A5840,A5841,A5842,A5843,A5844,A5845,A5846,A5847,A5848 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90A Rev.1", "Hash DRBG | A5837,A5849,A5850,A5851 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5837,A5849,A5850,A5851 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA-1 | A5837,A5849,A5850,A5851 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5837,A5849,A5850,A5851 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5837,A5849,A5850,A5851 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5837,A5849,A5850,A5851 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5837,A5849,A5850,A5851 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5837 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5837 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5837 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5837 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "KAS-FFC-SSCSp800-56Ar3 | A5837 | Domain Parameter GenerationMethods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "RSA SigVer(FIPS186-5) | A5837 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5 | FIPS 186-5", "SHA-1 | A5837,A5849,A5850,A5851 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A5837,A5849,A5850,A5851 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A5837,A5849,A5850,A5851 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A5837,A5849,A5850,A5851 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A5837,A5849,A5850,A5851 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A5837 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A5837 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A5837 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A5837 | Message Length - MessageLength:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "AES-GCM with external IV | Encryption with external IV(not compliant to FIPS 140-3 IG C.H)", "KBKDF in libkcapi | Key derivation with implementation not tested by CAVP", "HKDF in libkcapi | Key derivation with implementation not tested by CAVP", "RSA PKCS#1 v1.5 with pre-hashed message | Signature generation; Signature verification", "RSA PKCS#1 v1.5 | Key encapsulation (not compliant to SP 800-56Br2); Key unencapsulation (not compliant to SP 800-56Br2)", "RSA primitive | Encryption primitive; Decryption primitive (not compliant to SP 800-56Br2)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5112", "Certificate Number": "5112", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "12/18/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5112.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5112", "module_name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/17/2030", "overall_level": 1, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SUSE Linux Enterprise Kernel Crypto API Cryptographic Module provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5503, A5507, A5510, A5513,A5520, A5521, A5524, A5526,A5530, A5533, A5536, A5661,A5664 | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38A", "AES-CBC-CS3 | A5503, A5507, A5510, A5513,A5520, A5521, A5526, A5530,A5533, A5536, A5664 | Direction - decrypt,encryptKey Length - 128, 192,256 | SP 800-38A", "AES-CCM | A5503, A5507, A5513, A5520,A5521, A5526, A5530, A5536,A5661, A5664 | Key Length - 128, 192,256 | SP 800-38C", "AES-CFB128 | A5503, A5507, A5513, A5521,A5526, A5530, A5536, A5664 | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38A", "AES-CMAC | A5503, A5507, A5513, A5520,A5521, A5526, A5530, A5536,A5661, A5664 | Direction - Generation,VerificationKey Length - 128, 192,256 | SP 800-38B", "AES-CTR | A5503, A5507, A5510, A5513,A5520, A5521, A5524, A5526,A5530, A5533, A5536, A5661,A5664 | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38A", "AES-ECB | A5503, A5505, A5506, A5507,A5508, A5509, A5510, A5511,A5512, A5513, A5514, A5515,A5520, A5521, A5522, A5523,A5524, A5526, A5528, A5529,A5530, A5531, A5532, A5533,A5534, A5535, A5536, A5537, | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38A", "AES-GCM | A5503, A5506, A5507, A5509,A5510, A5512, A5513, A5515,A5521, A5523, A5526, A5529,A5530, A5532, A5533, A5535,A5536, A5538, A5661, A5663,A5664, A5666 | Direction - Decrypt,EncryptIV Generation - ExternalKey Length - 128, 192,256 | SP 800-38D", "AES-GCM | A5505, A5508, A5511, A5514,A5522, A5528, A5531, A5534,A5537, A5662, A5665 | Direction - Decrypt,EncryptIV Generation - InternalIV Generation Mode -8.2.2Key Length - 128, 192,256 | SP 800-38D", "AES-GMAC | A5503, A5507, A5513, A5521,A5526, A5530, A5536, A5661,A5664 | Direction - Decrypt,EncryptIV Generation - ExternalKey Length - 128, 192,2 | SP 800-38D", "AES-KW | A5503, A5507, A5513, A5521,A5526, A5530, A5536, A5664 | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38F", "AES-OFB | A5503, A5507, A5513, A5521,A5526, A5530, A5536, A5664 | Direction - Decrypt,EncryptKey Length - 128, 192,256 | SP 800-38A", "AES-XTSTestingRevision 2.0 | A5503, A5507, A5510, A5513,A5520, A5521, A5524, A5526,A5530, A5533, A5536, A5661,A5664 | Direction - Decrypt,ncryptKey Length - 128, 256 | SP 800-38E", "CounterDRBG | A5503, A5505, A5506, A5507,A5508, A5509, A5510, A5511,A5512, A5513, A5514, A5515,A5521, A5522, A5523, A5526,A5528, A5529, A5530, A5531,A5532, A5533, A5534, A5535,A5536, A5537, A5538, A5661,A5662, A5663, A5664, A5665,A5666 | Prediction Resistance -No, YesMode - AES-128, AES-192, AES-256Derivation FunctionEnabled - Yes | SP 800-90ARev. 1", "ECDSA SSigVerFIPS186-4) | A5504, A5527 | Component - NoCurve - P-256, P-384Hash Algorithm - SHA-1 | FIPS 186-4", "ECDSASigVer (PS186-5) | A5504, A5527 | Curve - P-256, P-384Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5", "Hash DRBG | A5503, A5516, A5517, A5518,A5526, A5539, A5540, A5541,A5664 | Prediction Resistance -No, YesMode - SHA-1, SHA2-256,SHA2-512 | SP 800-90ARev. 1", "HMAC DRBG | A5503, A5516, A5517, A5518,A5526, A5539, A5540, A5541,A5664 | Prediction Resistance -No, YesMode - SHA-1, SHA2-256,SHA2-512 | SP 800-90ARev. 1", "HMAC-SHA-1 | A5503, A5516, A5517, A5518,A5519, A5520, A5526, A5539,A5540, A5541, A5542, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5503, A5516, A5517, A5518,A5519, A5520, A5524, A5525,A5526, A5539, A5540, A5541,A5542, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5503, A5516, A5517, A5518,A5519, A5520, A5524, A5525,A5526, A5539, A5540, A5541,A5542, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5503, A5516, A5517, A5518,A5525, A5526, A5539, A5540,A5541, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5503, A5516, A5517, A5518,A5525, A5526, A5539, A5540,A5541, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5503, A5526, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5503, A5526, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5503, A5526, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5503, A5526, A5664 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5503, A5526 | Domain ParameterGeneration Methods - P-256, P-384Scheme -ephemeralUnified -KAS Role - initiator,responder | SP 800-56ARev. 3", "KAS-FFC-SSCSp800- 56Ar3 | A5503, A5526 | Domain ParameterGeneration Methods -ffdhe2048, ffdhe3072,ffdhe4096, ffdhe6144,ffdhe8192Scheme -dhEphem -KAS Role - initiator,responder | SP 800-56ARev. 3", "KDF SP800-108 | A5503, A5526 | KDF Mode - CounterSupported Lengths -Supported Lengths: 112-4096 Increment 8 | SP 800-108Rev. 1", "RSA SigVer(FIPS186-4) | A5503, A5526, A5664 | Signature Type - PKCS1.5Modulo - 2048, 3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A5503, A5526, A5664 | Modulo - 2048, 3072,4096Signature Type -pkc1v1.5 | FIPS 186-5", "SHA-1 | A5503, A5516, A5517, A5518,A5519, A5520, A5526, A5539,A5540, A5541, A5542, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 180-4", "SHA2-224 | A5503, A5516, A5517, A5518,A5519, A5520, A5524, A5525,A5526, A5539, A5540, A5541,A5542, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 180-4", "SHA2-256 | A5503, A5516, A5517, A5518,A5519, A5520, A5524, A5525,A5526, A5539, A5540, A5541,A5542, A5664 | Message Length -Message Length: O-65536 Increment 8Large Message Sizes - 1,2 | FIPS 180-4", "SHA2-384 | A5503, A5516, A5517, A5518,A5525, A5526, A5539, A5540,A5541, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 180-4", "SHA2-512 | A5503, A5516, A5517, A5518,A5525, A5526, A5539, A5540,A5541, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 180-4", "SHA3-224 | A5503, A5526, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 202", "SHA3-256 | A5503, A5526, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 202", "SHA3-384 | A5503, A5526, A5664 | Message Length -Message Length: 0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 202", "SHA3-512 | A5503, A5526, A5664 | Message Length -Message Length: 0- | FIPS 202", "AES-GCM withexternal IV | Encryption with external IV (not compliant to FIPS 140-3 IG C.H)", "KBKDF (byusing thelibkcapi) | Key derivation with implementation not tested by CAVP", "HKDF (by usingthe libkcapi | Key derivation with implementation not tested by CAVP", "RSA | Encryption primitive; Decryption primitive (not compliant to SP 800-56Br2", "RSA withPKCS#1 v1.5padding | Signature generation (pre-hashed message); Signature verification (pre-hashed message); Key encapsulation (not compliant to SP 800-56Br2);Key un-encapsulation (not compliant to SP 800-56Br2)", "ECDSA | Signature generation (pre-hashed message); Signature verification (pre-hashed message)", "Encryptionwith AES | BC-UnAuth Encrypt aplaintext withAES | Key size (XTS):128, 256bitsSecurity strength(XTS):128, 256 bitsKey size (Others):128,192, 256 bitsSecurity strength(Others):128, 192, 256bits | AES-CBC:(A5503,5507,A5510,A5513,A5520,A5521,A5524,A5526,A5530,A553,A5536,A5661,564)AES-CBC-CS3: (A5503,5507,A5510,A5513,A5520,A5521,A5526,A5530,A5533,A5536,A5664)AES-CFB128:(A5503,A5507,A5513,A5521,A5526,A5530,A5536,A5664)AES-CTR:(A5503,A5507,A5510,A5513,A5520,A5521,A5524,A5526,A5530,", "Decryptionwith AES | BC-UnAuth | Decrypt aciphertextwith AES | Key size (XTS):128, 256bitsSecurity strength(XTS):128, 256 bitsKey size (Others):128,192, 256 bitsSecurity strength(Others):128, 192, 256bits | AES-CBC:A5503,5507,5510,A5513,A5520,A5521,5524,A5526,A5530,A53,A5536,561,A564)AES-CBC-CS3: (A5503,5507,5510,5513,A5520,521,526,A5530,A553,A5536,A5664)AES-CFB128:(A5503,A5507,513,A5521,A5526,A5530,A5536,A5664AES-CTR:", "Messagedigest | SHA | Compute amessagedigest | SHA-1:(A5503,A5516, A5517,5518,519,5520,A526,A5539,A5540,A541,554,A564)SHA2-224:(A5503,5516,5517,518,5519,5520,5524,A5525,5526,A559,A5540,5541,A5542,", "Message | MAC | Compute a | Key size (HMAC):112- | (A5503, A5526, 564) AES-CMAC:", "authenticatio n | MAC tag for authenticatio n | 524288 bits Security strength (HMAC):112-256 bits Key size (AES):128, 192, 256 bits Security strength (AES):128, 192, 256 bits | (A5503, A5507, 513, A5520, A521, A5526, A5530, A5536, A561, A5664 AES-GMAC: (A5503, 5507, 513, A521, A5526, 530, A5536, A5661, A5664) HMAC-SHA-1: (A5503, A5516, A5517, A5518, 5519, A5520, A5526, A5539, A5540, A5541, A5542, A5664) HMAC-SHA2- 224: (A5503, A5516, A5517, A5518, A5519, A5520, 5524, A5525, A5526,", "Randomnumbergenerationwith DRBGs | DRBG | Generaterandomnumbers fromDRBGS | CTR-DRBG:Modes: AES-128, AES-192, AES-256,with derivation function,with/without predictionresistance; Internal statelength: 256, 320, 384bits; Security strength:128, 192, 256 bitsHMAC-DRBG:Modes: SHA-1, SHA-256, SHA-512with/without predictionresistance; Internal statelength: 320, 512, 1024bits; Security strength:128, 256 bitsHash-DRBG:Modes: SHA-1, SHA-256, SHA-512with/without predictionresistance; Internal statelength: 880, 1776 bits; | CounterDRBG:A5503,5505,A5506,A5507,A5508,A5509,A5510,A5511,5512,5513,5514,A5515,5521,A5522,523,A5526,5528,A529,5530,531,532,A5533,A5534,5535,5536,537,A5538,A5661,A5662,A563,A5664,565,A5666Hash DRBG:(A5503,A5516,A5517,A518,526,A5539,A5540,A5541,A5664)HMAC DRBG:", "Authenticatedencryption | BC-Auth | Encrypt andauthenticatea plaintext | Key size (AES):128, 192,226 bitsSecurity strength(AES):128, 192, 256 bits | AES-CCM:(A5503,A5507,513,A520,C A5521,A5526,5530,536,A5661,A5664AES-GCM:(A5503,5505,A5506,A5507,A5508,A5509,A5510,51,A5512,5513,551, A5515,A5521,52,A5523,5526,5528,A5529,530,5531,53,A53,A534,5535,A5536,5537,A5538,A561,A5662,", "Authenticateddecryption | BC-Auth | Decrypt andauthenticatea ciphertext | Key size:128, 192, 256bitsSecurity strength:128,192, 256 bits | AES-CCM:(A5503,A5507,513,520,A5521,A5526,A5530,A5536,", "Key pairgenerationwith ECDSA | AsymKeyPair-KeyGenCKG | Generate anasymmetricEC key pair | Curves:P-256, P-384Security strength:128,192 bitsMode:FIPS 186-5, SectionA.2.2 - RejectionSampling | ECDSAKeyGen(FIPS186-5):(A5503,5526)Asymmetricryptographic KeyGeneration(CKG): ()", "Digitalsignatureverificationwith ECDSA | DigSig- SigVer | Verify adigitalsignatureusing ECDSA | Curves:P-256, P-384Hashes:SHA-1, SHA2-224,SHA2-256, SHA2-384,SHA2-512Security strength:80 | ECDSA SigVer(FIPS186-4):5504,5527)ECDSA SigVer", "Digitalsignatureveriicationwith RSA | DigSig-Siger | Verify asignature withRSA | Padding:PKCS#1 v1.5Hashes:SHA-256Key size(s):4096 bits(149 bits) | RSA SigVer(FIPS186-4):(A5503,A5526,A5664)RSA SigVer(FIPS186-5):(A5503,A5526,A5664)", "Shared secretcomputationwth DH | KAS-SSC | Compute ashared secretusing Diffie-Hellman | Groups:ffdhe2048,ffdhe3072, ffdhe4096,ffdhe6144, ffdhe8192Security strength:112-200 bitsKAS role:initiator,responderKAS Scheme:dhEphem | KAS-FFC-SSCSp800-56Ar3:(A5503,A5526)", "Shared secretcomputationwith ECDH | KAS-SSC | Compute ashared secretusing EllipticCurve Diffie-Hellman | Curves:P-256, P-384Security strength:128,192 bitsKAS role:initiator,responderKASscheme:ephemeralUnified | KAS-ECC-SSCSp800-56Ar3:(A5503,A5526)", "Keyderivationwith KBKDF | KBKDF | Derive asymmetrickey from akey-derivationkey | KDF mode:CounterMAC mode:AES-CMACwith 128-, 192-, 256-bitkeys; HMAC with SHA-1,SHA2-224, SHA2-256,SHA2-384, SHA2-512,SHA3-224, SHA3-256,SHA3-384, SHA3-512Derived key length:112-4096 bitsSecurity strength:112-256 bits | KDF SP800-108: (A5503,A5526)", "SUSEKernelCPUTimeJitterRNG | Non-Physical | SUSE Linux Enterprise Server15 SP6 on AMD EPYC(TM)7343; SUSE Linux EnterpriseServer 15 SP6 on Ampere®Altra® Q80-30; SUSE LinuxEnterprise Server 15 SP6 onIBM® Telum(TM); SUSE LinuxEnterprise Server 15 SP6 onIntel® Xeon® Gold 5416S | 256 bits | Fullentropy | SHA3-256(A5503)", "SUSEKernel-RT CPUTime | Non-Physical | SUSE Linux Enterprise Server15 SP6 on AMD EPYC(TM)7343; SUSE Linux Enterprise | 256 bits | Fullentropy | SHA3-256(A5526)", "Authenticatedencryption | Encryptandauthenticate aplaintext | For all except AES GCM:crypto\\_aead\\_setkeyreturns 0; For AES GCM:crypto\\_aead\\_get\\_flags(tm has theCRYPTO\\_TFMFIPS\\_COMPLIANCE flagset | AESkey,plaintext, IV | Ciphertext, MACtag | Authenticatedencryption | Crypto Officer- AESkey:W,E", "Authenticated | Decryptanauthenti | For all except AES GCM:crypto\\_aead\\_setkeyreturns 0; For AES GCM: | AESkey,ciphert | Plaintextor failure | Authenticated | Crypto Officer- AES", "Messageauthenticationgeneration | Computea MACtag | crypto\\_shash\\_initreurns 0 | AES:AESkey,message;HMAC:HMACkey,message | MAC tag | Messageauthentication | Crypto Officer-AESkey:E- HMACkey:WE", "Messageauthenticationverification | Computea MACtag | crypto\\_shash\\_initreturns 0 | AES:AESkey,message,MACtag;HMAC:HMACkey,message, | Success/Failure | Messageauthentication | Crypto Officer- AESkey:W,E- HMACkey:W,E", "Sharedsecretcomputation | Computea sharedsecretusing(EC)Diffie-Hellman | crypto\\_kpp\\_compute\\_shared\\_ secret() returns 0 | Publickey(peer),PPrivatekey | Sharedsecret | Sharedsecretcomputation withDHSharedsecretcomputation withECDH | CryptoOfficer- DHprivatekey:,E- DHpublickey:W,E- ECprivatekey:W,E-ECpublickey:W,E- Sharedsecret:G,R", "AES GCM external IVencryption | Encrypt a plaintext using AESGCM with an external IV | AES-GCM withexternal IV | CO", "Key derivation | Derive a key from a key-derivation key or a sharedsecret | KBKDF (by usingthe libkcapi)HKDF (by using thelibkcapi | CO", "RSA encryption primitive | Compute the raw RSAencryption of a plaintext | RSA | CO", "RSA decryption primitive | Compute the raw RSAdecryption of a ciphertext | RSA | CO", "RSA signature generation(pre-hashed message) | Generate a digital signature fora pre-hashed message | RSA with PKCS#1v1.5 paddingECDSA | CO", "RSA signature verification(pre-hashed message) | Verify a digital signature for apre-hashed message | RSA with PKCS#1v1.5 paddingECDSA | CO", "Free cipherhandle | Zeroizes theSSPs containedwithin thecipher handle | Memory occupied bySSPs is overwrittenwith zeroes, whichrenders the SSPvalues irretrievable.The completion of thezeroization routineindicates that thezeroization proceduresucceeded. | By calling the appropriatezeroization functions: AES key:crypto\\_free\\_skcipher andcrypto\\_free\\_aead; HMAC key:crypto\\_free\\_shash andcrypto\\_free\\_ahash; DRBGinternal state: crypto\\_free\\_rng;DRBG seed: crypto\\_free\\_rng;Entropy input string:crypto\\_free\\_rng; Key-derivationkey, Derived key:kfree\\_sensitive; Shared secret:crypto\\_free\\_kpp", "AES key | AES keyused for | 128,192, 256 | SymmetricKey - CSP | Encryptionwith AES", "HMAC key | HMAC key. | 112-524288bits -112-256bits | Authentication key - CSP | Messageauthentication", "HMAC\\_DRBG seed | DRBGseedderivedfromentropyinput.Compliantwith IGD.L. | 440, 888bits -128, 256bits | Seed - CSP | Randomnumbergeneration withDDRBGS | Randomnumbergenerationwith DRBGs", "HMAC\\_DRBGInternalstate (V,Key) | Internalstate ofHMAC\\_DRBGinstances.Compliantwith IGD.L. | 320,5512,1024 bits-128,256 bits | Internalstate - CSP | Randomnumbergeneration withDRBGs | Randomnumbergenerationwith DRBGs", "Key-derivationkey | Symmetrickey usedto derivesymmetrickeys | 112-4096 bits- 112-256 bits | Symmetrickey -- CSP | Keyderivationwith KBKDF", "Derivedkey | Symmetrickeyderivedfrom akey- | 112-4096 bits- 112-256 bits | Symmetrickey - CSP | KeyderivationwithKBKDF | Keyderivationwith KBKDF", "Module-generatedE EC privatekey | EC privatekeygeneratedby themodule | P-256, P-384 -128, 192bits | Private key -CSP | Key pairgeneration withECDSA | Key pairgenerationwith ECDSA", "Module-generatedEC publickey | EC publickeygeneratedby themodu | P-256, P-384 -128, 192bits | Public key -PSP | Key pairgeneration withECDSA | Key pairgenerationwith ECDSA", "DH privatekey | DH privatekey inputtto themoduleand usedffor sharedsecretcomputation | ffdhe2048,fddhe3072,dhe4096,fdhe6144,fdhe8192 - 112-200 bits | Private key -CSP | Sharedsecretcomputation with DH", "DH publickey | DH publickey inputtto themoduleand usedfor sharedsecretcomputation | ffdhe2048,fdhe3072,dhe4096,ffdhe6144,fdhe8192 - 112-200 bits | Public key -PSP | Sharedsecretcomputation with DH", "EC privatekey | ECDHprivatekey inputto themoduleand usedfor sharedsecretcomputation | P-256, P-384 -128, 192bits | Private key -CSP | Sharedsecretcomputation with ECDH", "EC publickey | ECDHpublic keyinput tothemoduleand usedfor shared | P-256, P-384 -128, 192bits | Public key -PSP | Sharedsecretcomputation with ECDH", "Sharedsecret | SharedsecretgeneratedbyEECDH/DHsharedsecretcomputation | 224-8912 bits-112-256 bits | SharedSecret - CSP | Sharedsecretcomputation with DHSharedsecretcomputation withECDH | Sharedsecretcomputation with DHSharedsecretcomputation with ECDHKeyderivationwith KBKDF", "AES key | AF\\_ALG\\_type sockets(input)API inputparameters(input) | RAM:Plaintext | Until cipherhandle isfreed ormodulepowered off | Free cipherhhandleRemovepower fromthe module", "HMAC key | AF\\_ALG\\_type sockets(input)API inputparameters(input) | RAM:Plaintext | Until cipherhandle isfreed ormodulepowered off | Free cipherhandleRemovepower fromthe module", "HMAC\\_DRBG seed | RAM:Plaintext | While theDRB isbeinginstantiated | Automatic | Entropyinput:DerivedFromHMAC\\_DRBGInternal state (V,Key):Derives", "HMAC\\_DRBG Internalstate (V,Key) | RAM:Plaintext | From DRBGinstantiationuntil DRBGis un-instantiated | Free cipherhandleRemovepower fromthe module | HMAC\\_DRBGseed:DerivedFrom", "Sharedsecret | AF\\_ALG\\_type sockets(output)API outputparameters(output) | RAM:Plaintext | FromserviceinvocationuntilcipherhandIe is freed | Free cipherhandleRemovepower fromthe module | DH privatekey:EstablishedByDH publickey:EstablishedByEC privatekey:EstablishedByEC publickey:EstablishedBy", "HMAC-SHA2-256 (A5503) -kernel version3.5 | 256-bit key | MessageAuthentication | SW/FWIntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testforo kernelbinaryversion 3.5", "HMAC-SHA2-256 (A5503) -fipscheckveesion 3.5 | 256-bit key | MessageAuthentication | SW/FWntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testfor fipscheckapplicationverson 3.5", "RSA SigVerIPPS186-5)(A5503) -object filesversion 3.5 | 4096-bit keywith SHA2-256 | SignatureVerification | SW/FWIntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testffor kernelobject filesversion 3.5", "HMAC-SHA2-256 (A5526) -kernel version3.6 | 256-bit key | MessageAuthentication | SW/FWIntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testfor kernelbinaryversion 3.6", "HMAC-SHA2-256 (A5526) -fipscheckversion 3.6 | 256-bit key | MessageAuthentication | SW/FWIntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testfor fipscheckapplicationversion 3.6", "RSA SigVer(FIPS186-5)(A5526) -object filesversion 3.6 | 4096-bit keywith SHA2-256 | SignatureVerification | SW/FWIntegrity | Modulebecomesoperationaland servicesare availablefor use. | Integrity testfor kernnelobject filesversion 3.6", "SHA-1(A5503) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5516) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5517) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5518) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5519) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor se. | MessageDigest | Moduleinitialization", "SHA-1(A552) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5526) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Messageigest | Moduleinitialization", "SHA-1(A5539) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5540) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1 (541) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa | MessageDigest | Moduleinitialization", "SHA-1(A5542) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA-1(A5664) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor se. | MessageDigest | Moduleinitialization", "SHA2-256(A5503) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5516) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaIanservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5517) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesare | MessageDigest | Moduleinitialization", "SHA2-256(A5518) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5519) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A520) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(524) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5525)) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDige | Moduleinitialization", "SHA2-256(A5526) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256539) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5540) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Messageigest | Moduleinitialization", "SHA2-256541) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256(A5542) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-256 (A564) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa | MessageDigest | Moduleinitialization", "SHA2-512(A5503) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512(A5516) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512517) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512(A5518) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaIanservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512(A5525) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesare | MessageDigest | Moduleinitialization", "SHA2-512(A5526) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512(A5539) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512A5540) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512541) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA2-512(A5664) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDige | Moduleinitialization", "SHA3-224(A5503) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-224(526) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-224(A5664) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Messageigest | Moduleinitialization", "SHA3-256(A5503) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-256(A5526) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-256 (A564) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa | MessageDigest | Moduleinitialization", "SHA3-384(A553) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-384(A5526) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-384(A5664) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-512(A5503) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaIanservicesareavailablefor use. | MessageDigest | Moduleinitialization", "SHA3-512(A5526) | 0-8184 bitmessages | KAT | CAST | Modulebecomesoperationa andservicesare | MessageDigest | Moduleinitialization", "SHA3-512 (A564) | 0-8184 bitmessages | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | MessageDigest | Moduleinitialization", "AES-GCM -Encrypt(A5503) | 128, 192, 256bit kys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt (A5505) | 128, 192, 256bit kys and96-bit IVs | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt(5506) | 128, 192, 256bit kys and96-bit IVSs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt (A5507) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5508) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5509) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5510) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt (551) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5512) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt (513) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5514) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5515) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5521) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt52) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5523) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5526) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5528) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt (A529) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5530) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5531) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5532) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5533) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt (A534) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5535) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt (553) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt (537) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5538) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5661) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A562) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5663) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5664) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Encrypt(A5665) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -ncrypt(A56) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-GCM -Decrypt(A5503) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (A5505) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A556) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5507) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -DecryptA5508) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5509) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt 5510) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5511) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5512) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt513) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5514) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (515) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5521) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5522) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (5523) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5526) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (528) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5529) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A550) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (5531) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5532) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (53) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5534) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5535) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (5536) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5537) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (538) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5661) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesopeeationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5662) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt563) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5664) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt (A565) | 128, 192, 256bit keys and96-bit IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-GCM -Decrypt(A5666) | 128, 192, 256bit keys and96-it IVs | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Encrypt(A5503) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(505) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5506) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5507) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5508) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A509) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -EncryptA5510) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt 51) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5512) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5513) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5514) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -EncryptA515) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt5520) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5521) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt (A552) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5523) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5524) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt(5526) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (5528) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5529) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5530) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -EncryptA531) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt(5532) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A553) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5534) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (5535) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -EncryptA536) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt(537) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A5538) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5661) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A562) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -EncryptA563) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -ncrypt(A564) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt (A565) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Encrypt(A5666) | 128, 192, 256bit keys | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Encryption | Moduleinitialization", "AES-ECB -Decrypt (A5503) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt (5505) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5506) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5507) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5508) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A550) | 128, 192, 256it keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt (5510) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A551) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt512) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5513) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesopeationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5514) | 128, 192, 256bbit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -DecryptA5515) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt5520) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt521) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5522) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesopeationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5523) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -DecryptA5524) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(5526) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt528) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5529) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5530) | 128, 192, 256it keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -DecryptA531) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt5532) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt53) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5534) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5535) | 128, 192, 256it keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(5536) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(5537) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt538) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5661) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A5662) | 128, 192, 256it keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -DecryptA563) | 128, 192, 256biit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt(A564) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt (A565) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "AES-ECB -Decrypt (A56) | 128, 192, 256bit keys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Decryption | Moduleinitialization", "HMAC-SSHA-1(A5503) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5516) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA-1(A5517) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5518) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA-1(A5519) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA-1(A5520) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5526) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA-1(A5539) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5540) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5541) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA-1(A5542) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA-1(A5664) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224516) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5517) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5518) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA2-24(A5519) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5520) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5524) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224525) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA2-24(A5539) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5540) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5541) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5542) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-224(A5664) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SSHA2-256(A5503) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5516) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(5517) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5518) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA-256(A5519) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5520) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5524) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-2565525) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5526) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA-256(A5539) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5540) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5541) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5542) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-256(A5664) | 32-64 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-384(A5503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA2-384A5516) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5517) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5518) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(525) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA2-384(A5539) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5540) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5541) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA2-384(A5664) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SH2-512(A5503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512516) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5517) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SH2-5125518) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5525) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SH2-512(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5539) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5540) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5541) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA2-512(A5664) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization.Beforeintegrity test.", "HMAC-SHA3-224(A5503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA3-24(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIadservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-224(A5664) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-256(A55503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-256(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-256(A5664) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA3-384(A5503) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-384(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SA3-384(A564) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-512(A5503) | 32-1048 bitkeys | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-512(A5526) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HMAC-SHA3-512(A564) | 32-1048 bitkeys | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Messageauthentication | Moduleinitialization", "HashDRBG(A5503) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5516) | SHA2-256With/withoutPR; Healthtest per | KAT | CAST | ModulebecomesoperationaI and | Instantiate,Reseed,Generate | Moduleinitialization", "HashDG(A5517) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5518) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5526) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5539) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5540) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaIandservicesare | Instantiate,Reseed,Generate | Moduleinitialization", "HashDRBG(A5541) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Instantiate,Reseed,enerate | Moduleinitialization", "HashDRBG(A5664) | SHA2-256With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5503) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5516) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaIaservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5517) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5518) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5526) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5539) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5540) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG(A5541) | SHA2-256,SHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor use. | Instantiate,Reseed,Generate | Moduleinitialization", "HMACDRBG (564) | SHA2-256,SSHA2-512With/withoutPR; Healthtest persection 11.3of SP 800-90Arev1 | KAT | CAST | Modulebecomesoperationa andservicesareavailablefor ue. | Instantiate,Reseed,enerate | Moduleinitialization", "RSASSigVer (FPS5186-(A5503) | 4096-bit keywith SHA-256 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Verify | Moduleinitialization.Beforeintegrity test.", "RSASigVer (/PS186-5) (A5526) | 4096-bit keywith SHA-256 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Verify | Moduleinitialization.BBeforeintegrity test.", "RSASigVer | 4096-bit keywith SHA-256 | KAT | CAST | Modulebecomesoperationa | Verify | Moduleinitialization.", "KDFSP800-108(A553) | 512 bit key-derivationkey withhmac(sha256) deriving a256 bits ofkey material | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Derivation | Moduleinitialization", "KDFSP800-108(A5526) | 512 bit key-derivationkey withhmac(sha256) deriving a256 bits ofkey material | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Derivation | Moduleinitialization", "KAS-ECC-SSCSp800- 56Ar3503) | P-256 and P-384 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Shared secretcomputation | Moduleinitialization", "KAS-ECC-SSSCSp800- 56Ar3A5526) | P-256 and P-384 | KAT | CAST | ModulebecomesoperationaIandservicesareavailablefor use. | Shared secretcomputation | Moduleinitialization", "KAS-FFC-SSCSp800- 56Ar3(A5503) | ffdhe2048,ffdhe3072,ffdhe4096,ffdhe614,andfdhe8192 | KAT | CAST | ModulebecomesoperationaI andservicesare | Shared secretcomputation | Moduleinitialization", "KAS-FFC-SSCSp800-56Ar3(5526) | ffdhe2048,ffdhe3072,ffdhe4096,ffdhe614,andffdhe8192 | KAT | CAST | ModulebecomesoperationaI andservicesareavailablefor use. | Shared secretcomputation | Moduleinitialization", "HMAC-SHA2-256 (A5503) -kernel version3.5 | MessageAuthentication | SW/FW Integrity | On demand | Manually", "HMAC-SHA2-256 (A5503) -fipscheckversion 3.5 | MessageAuthentication | SW/FW Integrity | On demand | Manually", "RSA SigVer(FIPS186-5)(A5503) - objectfiles version 3.5 | SignatureVerification | SW/FW Integrity | On demand | Manually", "HMAC-SHA2-256 (A5526) -kernel version3.6 | MessageAuthentication | SW/FW Integrity | On demand | Manually", "HMAC-SHA2-256 (A5526) -fipscheckversion 3.6 | MessageAuthentication | SW/FW Integrity | On demand | Manually", "RSA SigVer(FIPS186-5)(A5526) - objectfiles version 3.6 | SignatureVerification | SW/FW Integrity | On demand | Manually", "SHA-1(A5503) | KAT | CAST | On demand | Manually", "SHA-1 (A5516) | KAT | CAST | On demand | Manually", "SHA-1 (A5517) | KAT | CAST | On demand | Manually", "SHA-1 (A5518) | KAT | CAST | On demand | Manually", "SHA-1 (A5519) | KAT | CAST | On demand | Manually", "SHA-1 (A5520) | KAT | CAST | On demand | Manually", "SHA-1 (A5526) | KAT | CAST | On demand | Manually", "SHA-1 (A5539) | KAT | CAST | On demand | Manually", "SHA-1 (A5540) | KAT | CAST | On demand | Manually", "SHA-1 (A5541) | KAT | CAST | On demand | Manually", "SHA-1 (A5542) | KAT | CAST | On demand | Manually", "SHA-1 (A5664) | KAT | CAST | On demand | Manually", "SHA2-256(503) | KAT | CAST | On demand | Manually", "SHA2-256(5516) | KAT | CAST | On demand | Manually", "SHA2-256 (5517) | KAT | CAST | On demand | Manually", "SHA2-256(518) | KAT | CAST | On demand | Manually", "SHA2-256 (5519) | KAT | CAST | On demand | Manually", "SHA2-256 (5520) | KAT | CAST | On demand | Manually", "SHA2-256(A5524) | KAT | CAST | On demand | Manually", "SHA2-256 (5525) | KAT | CAST | On demand | Manually", "SHA2-256 (5526) | KAT | CAST | On demand | Manually", "SHA2-256 (A5539) | KAT | CAST | On demand | Manually", "SHA2-256540) | KAT | CAST | On demand | Manually", "SHA2-256 541) | KAT | CAST | On demand | Manually", "SHA2-2565542) | KAT | CAST | On demand | Manually", "SHA2-256 (A564) | KAT | CAST | On demand | Manually", "SHA2-5125503) | KAT | CAST | On demand | Manually", "SHA2-512 (516) | KAT | CAST | On demand | Manually", "SHA2-512(A5517) | KAT | CAST | On demand | Manually", "SHA2-512 (A5518) | KAT | CAST | On demand | Manually", "SHA2-512 (A5525) | KAT | CAST | On demand | Manually", "SHA2-512 (A5526) | KAT | CAST | On demand | Manually", "SHA2-512A539) | KAT | CAST | On demand | Manually", "SHA2-5125540) | KAT | CAST | On demand | Manually", "SHA2-512(A5541) | KAT | CAST | On demand | Manually", "SHA2-512A564) | KAT | CAST | On demand | Manually", "SHA3-224(5503) | KAT | CAST | On demand | Manually", "SHA3-224 (5526) | KAT | CAST | On demand | Manually", "SHA3-224(A564) | KAT | CAST | On demand | Manually", "SHA3-2565503) | KAT | CAST | On demand | Manually", "SHA3-256(526) | KAT | CAST | On demand | Manually", "SHA3-256 (A564) | KAT | CAST | On demand | Manually", "SHA3-384(5503) | KAT | CAST | On demand | Manually", "SHA3-384 A5526) | KAT | CAST | On demand | Manually", "SHA3-384A564) | KAT | CAST | On demand | Manually", "SHA3-512 (A5503) | KAT | CAST | On demand | Manually", "SHA3-512 (5526) | KAT | CAST | On demand | Manually", "SHA3-512 (A5664) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5503) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5505) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5506) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5507) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5508) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5509) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5510) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5511) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5512) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5513) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5514) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5515) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5521) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5522) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5523) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5526) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5528) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5529) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5530) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5531) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5532) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5533) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5534) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5535) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5536) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5537) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5538) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5661) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5662) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5663) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5664) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5665) | KAT | CAST | On demand | Manually", "AES-GCM -Encrypt (A5666) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A5503) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A5505) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A5506) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (5507) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5508) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A509) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5510) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(51) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt5512) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5513) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5514) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (515) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5521) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5522) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(5523) | KAT | CAST | On demand | Manually", "AES-GCM -DecryptA5526) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5528) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5529) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt5530) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (5531) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5532) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5533) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5534) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A5535) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5536) | KAT | CAST | On demand | Manually", "AES-GCM -Deecrypt(A5537) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(A5538) | KAT | CAST | On demand | Manually", "AES-GCM -ecrypt (561) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A562) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt(563) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A564) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (565) | KAT | CAST | On demand | Manually", "AES-GCM -Decrypt (A56) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5503) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5505) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5506) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5507) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5508) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5509) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5510) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5511) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5512) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5513) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5514) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5515) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5520) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5521) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5522) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5523) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5524) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5526) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5528) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5529) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5530) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5531) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5532) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5533) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5534) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5535) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5536) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5537) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5538) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5661) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5662) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5663) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5664) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5665) | KAT | CAST | On demand | Manually", "AES-ECB -Encrypt (A5666) | KAT | CAST | On demand | Manually", "AES-ECB -Deecrypt (A5503) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5505) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A550) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5507) | KAT | CAST | On demand | Manually", "AES-ECB -DecryptA5508) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5509) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (5510) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(51) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (5512) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5513) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5514) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5515) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A520) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5521) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5522) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5523) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(5524) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5526) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5528) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(5529) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5530) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5531) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5532) | KAT | CAST | On demand | Manually", "AES-ECB -Deecrypt(A5533) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5534) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A5535) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(A5536) | KAT | CAST | On demand | Manually", "AES-ECB -DecryptA5337) | KAT | CAST | On demand | Manually", "AES-ECB -DecryptA538) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (561) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt(562) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (563) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A564) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A565) | KAT | CAST | On demand | Manually", "AES-ECB -Decrypt (A56) | KAT | CAST | On demand | Manually", "HMAC-SHA-1 (5503) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5516) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5517) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5518) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5519) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5520) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA-1A539) | KAT | CAST | On demand | Manually", "HMAC-SHA-1A540) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5541) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A5542) | KAT | CAST | On demand | Manually", "HMAC-SHA-1A564) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5516) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5517) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5518) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5519) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5520) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5524) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5525) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5539) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5540) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5541) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5542) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5516) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5517) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5518) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5519) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5520) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5524) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A5525) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5539) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5540) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5541) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5542) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5503 | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5516) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5517) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5518) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5525) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5539) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5540) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5541) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5516) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5517) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5518) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5525) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5539) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5540) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5541) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA3-224 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA3-224 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA3-224 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA3-256(A5503 | KAT | CAST | On demand | Manually", "HMAC-SHA3-256 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA3-256 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384 (A5664) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512 (A5503) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512 (A5526) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512 (A5664) | KAT | CAST | On demand | Manually", "Counter DRBG (A5503) | KAT | CAST | On demand | Manually", "Counter DRBG(A5505) | KAT | CAST | On demand | Manually", "Counter DRBG (A5506) | KAT | CAST | On demand | Manually", "Counter DRBG(A5507) | KAT | CAST | On demand | Manually", "Counter DRBG(A5508) | KAT | CAST | On demand | Manually", "Counter DRBG (5510) | KAT | CAST | On demand | Manually", "Counter DRBG (551) | KAT | CAST | On demand | Manually", "Counter DRBG (A5512) | KAT | CAST | On demand | Manually", "Counter DRBG(513) | KAT | CAST | On demand | Manually", "Counter DRBG (A514) | KAT | CAST | On demand | Manually", "Counter DRBG (A5521) | KAT | CAST | On demand | Manually", "Counter DRBG (A5523) | KAT | CAST | On demand | Manually", "Counter DRBG(A5526) | KAT | CAST | On demand | Manually", "Counter DRBG (A5528) | KAT | CAST | On demand | Manually", "Counter DRBG(A5529) | KAT | CAST | On demand | Manually", "Counter DRBG(A5530) | KAT | CAST | On demand | Manually", "Counter DRBG (A5531) | KAT | CAST | On demand | Manually", "Counter DRBG (A5534) | KAT | CAST | On demand | Manually", "Counter DRBG (5535) | KAT | CAST | On demand | Manually", "Counter DRBG (5536) | KAT | CAST | On demand | Manually", "Counter DRBG (5537) | KAT | CAST | On demand | Manually", "Counter DRBG (A538) | KAT | CAST | On demand | Manually", "Counter DRBG (561) | KAT | CAST | On demand | Manually", "Counter DRBG (A562) | KAT | CAST | On demand | Manually", "Counter DRBG(A563) | KAT | CAST | On demand | Manually", "Counter DRBG(A5664) | KAT | CAST | On demand | Manually", "Counter DRBG(A565) | KAT | CAST | On demand | Manually", "Counter DRBG (A56) | KAT | CAST | On demand | Manually", "Hash DRBG(A5518) | KAT | CAST | On demand | Manually", "Hash DRBG(A5539) | KAT | CAST | On demand | Manually", "Hash DRBG(A5541) | KAT | CAST | On demand | Manually", "HMAC DRBGA55503) | KAT | CAST | On demand | Manually", "HMAC DRBGA5516) | KAT | CAST | On demand | Manually", "HMAC DRBG517) | KAT | CAST | On demand | Manually", "HMAC DRBG518) | KAT | CAST | On demand | Manually", "HMAC DRBGA5526) | KAT | CAST | On demand | Manually", "HMAC DRBG(A5539) | KAT | CAST | On demand | Manually", "HMAC DRBG(A5540) | KAT | CAST | On demand | Manually", "HMAC DRBG(A5541) | KAT | CAST | On demand | Manually", "HMAC DRBG(A564) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-5)(A5504) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-5)(A5527) | KAT | CAST | On demand | Manually", "RSA SigVer PS516-5)(A5503) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-5)(A5526) | KAT | CAST | On demand | Manually", "RSA SigVer PS5186-5)(A5664) | KAT | CAST | On demand | Manually", "KDF SP800-108(A5503) | KAT | CAST | On demand | Manually", "KDF SP800-108(A5526) | KAT | CAST | On demand | Manually", "KAS-ECC-SSCSp800-56Ar3(A5503) | KAT | CAST | On demand | Manually", "KAS-ECC-SSCSp800-56Ar3526) | KAT | CAST | On demand | Manually", "KAS-FFC-SSCSp800-56Ar3 (A5503) | KAT | CAST | On demand | Manually", "KAS-FFC-SSCSp800-56Ar3 (A526) | KAT | CAST | On demand | Manually", "ECDSA KeyGen(PS5186-5)(A5503) | PCT | PCT | On demand | Manually", "ECDSA KeyGen(FIPS186-5)(A5526) | PCT | PCT | On demand | Manually", "AES | Advanced Encryption Standard", "DRBG | Deterministic Random Bit Generator", "ECDH | Elliptic Curve Diffie-Hellman", "ECDSA | Elliptic Curve Digital Signature Algorithm", "HMAC | Keyed-Hash Message Authentication Code" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5111", "Certificate Number": "5111", "Vendor Name": "Cloud Software Group", "Module Name": "NetScaler Virtual Appliance", "Module Type": "Software", "Validation Date": "12/16/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5111.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5111", "module_name": "NetScaler Virtual Appliance", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/15/2030", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1.4 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NetScaler product line optimizes delivery of applications over the Internet and private networks. It is an Application Delivery Controller (ADC) that performs application-specific traffic analysis to intelligently distribute, optimize, and secure L4-L7 network traffic for web-applications. All these capabilities are combined into a single, integrated appliance for increased productivity, with lower overall total cost of ownership.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3942 | - | SP 800-38A", "AES-CFB128 | A3942 | - | SP 800-38A", "AES-CTR | A3942 | - | SP 800-38A", "AES-GCM | A3942 | - | SP 800-38D", "Counter DRBG | A3942 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A3942 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3942 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3942 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3942 | - | FIPS 186-4", "HMAC-SHA-1 | A3942 | - | FIPS 198-1", "HMAC-SHA2-256 | A3942 | - | FIPS 198-1", "HMAC-SHA2-384 | A3942 | - | FIPS 198-1", "HMAC-SHA2-512 | A3942 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3942 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3942 | - | SP 800-56A Rev.3", "KDF IKEv1(CVL) | A3942 | - | SP 800-135 Rev.1", "KDF IKEv2(CVL) | A3942 | - | SP 800-135 Rev.1", "KDF SNMP(CVL) | A3942 | - | SP 800-135 Rev.1", "KDF SSH(CVL) | A3942 | - | SP 800-135 Rev.1", "KDF TLS(CVL) | A3942 | - | SP 800-135 Rev.1", "KTS-IFC | A3942 | - | SP 800-56B Rev.2", "PBKDF | A3942 | - | SP 800-132", "RSA KeyGen(FIPS186-4) | A3942 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3942 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3942 | - | FIPS 186-4", "SHA-1 | A3942 | - | FIPS 180-4", "SHA2-256 | A3942 | - | FIPS 180-4", "SHA2-384 | A3942 | - | FIPS 180-4", "SHA2-512 | A3942 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A3942 | - | SP 800-135 Rev.1", "AES-CBC | A3943 | - | SP 800-38A", "AES-GCM | A3943 | - | SP 800-38D", "ECDSA KeyGen(FIPS186-4) | A3943 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3943 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3943 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3943 | - | FIPS 186-4", "Hash DRBG | A3943 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3943 | - | FIPS 198-1", "HMAC-SHA2-224 | A3943 | - | FIPS 198-1", "HMAC-SHA2-256 | A3943 | - | FIPS 198-1", "HMAC-SHA2-384 | A3943 | - | FIPS 198-1", "HMAC-SHA2-512 | A3943 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3943 | - | SP 800-56A Rev.3", "KDF SP800-108 | A3943 | - | SP 800-108 Rev.1", "KDF TLS(CVL) | A3943 | - | SP 800-135 Rev.1", "KTS-IFC | A3943 | - | SP 800-56B Rev.2", "RSA SigGen(FIPS186-4) | A3943 | - | FIPS 186-4", "RSA SigVer(FIPS186-2) | A3943 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3943 | - | FIPS 186-4", "SHA-1 | A3943 | - | FIPS 180-4", "SHA2-224 | A3943 | - | FIPS 180-4", "SHA2-256 | A3943 | - | FIPS 180-4", "SHA2-384 | A3943 | - | FIPS 180-4", "SHA2-512 | A3943 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A3943 | - | SP 800-135 Rev.1", "TLS v1.3 KDF(CVL) | A3943 | - | SP 800-135 Rev.1", "SHA3-256 | A3513 | - | FIPS 202", "MD5 | N/A | Message digest in TLS 1.0/1.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5110", "Certificate Number": "5110", "Vendor Name": "Rajant Corporation", "Module Name": "Rajant In-Line Security Module (RiSM)", "Module Type": "Hardware", "Validation Date": "12/16/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5110.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5110", "module_name": "Rajant In-Line Security Module (RiSM)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/15/2030", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The RiSM-1SPF is an in-line network encryption device capable of very high bandwidth over gigabit Ethernet and utilizes very low POE power. The Module is used to secure layer 2 Ethernet communications over the Rajant’s Kinetic Mesh® wireless mesh networks. The Module is ruggedized and may be used in extreme environments to secure traffic between endpoints, subnets or a combination.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "SHA" ], "algorithms_detailed": [ "AES-GCM A4095 Direction - Decrypt, Encrypt IV Generation - External Key Length - 256 SP 800-38D", "AES-GCM A4096 Direction - Decrypt, Encrypt IV Generation - External Key Length - 256 SP 800-38D", "AES-KWP A4096 Direction - Decrypt, Encrypt Key Length - 256 SP 800-38F | © 2025 Rajant Corporation | Rajant Public Material - May be reproduced and distributed only in its original entree without revision. | * * *", "ECDSA KeyGen (FIPS186-5) A4096 Curve - P-384, P-521 Secret Generation Mode - extra bits FIPS 186-5", "ECDSA KeyVer (FIPS186-5) A4096 Curve - P-384, P-521 FIPS 186-5", "ECDSA SigVer (FIPS186-5) A4096 Curve - P-384 Hash Algorithm - SHA2-384 FIPS 186-5", "Hash DRBG A4096 Prediction Resistance - Yes Mode SHA2-512 SP 800-90A Rev. 1", "HMAC-SHA2-384 A4096 Key Length - Key Length: 8-65536 Increment 8 FIPS 198-1", "KAS-ECC-SSC Sp800-56Ax3 A4096 Domain Parameter Generation Methods - P-521 Scheme - ephemeralUnified - KAS Role - responder SP 800-56A Rev. 3", "KDA TwoStep Sp800-59Cr1 A4096 Derived Key Length - 256 Shared Secret Length - Shared Secret Length: 256 SP 800-56C Rev. 2 | KDP SP800-108 A4096 IDF Node - Feedback Supported Lenghts - Supported Lenghts: 8-4096 Increment 8", "SHA2-384 A4096 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4", "SHA2-512 A4096 Message Length - Message Length: 8-65536 Increment 8 FIPS 180-4 | The Module implements the approved cryptographic algorithms listed in the table above. | Name Properties Implementation Reference", "CKG symmetric;KDF SP800-108 asymmetric;KAS-ECC-SSC SP800-56Ax3 Rajant RISM Crypto Library Key Generation per 133R2 Section 4 | The Module implements the vendor affirmed cryptographic algorithms listed in the table above. | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | Name Cavest Use and Function | AE5-CTR Cavest 1 FW per IG 2.4a Scenario 1 Description of stage 1 FW image by boot rom", "SHA2-256 Redundant stage 1 FW signature verification per IG 2.4a Scenario 2 Signature verification of stage 1 FW image by boot rom", "ECDSA P-384 Redundant stage 1 FW signature verification per IG 2.4a Scenario 2 Signature verification of stage 1 FW image by boot rom | The Module implements the non-approved but allowed cryptographic algorithms with no security claimed listed in the table above. | Non-Approved, Not Allowed Algorithms: | N/A for this module. | © 2025 Rajant Corporation | Rajant Public Material - May be reproduced and distributed only in its original entirety without revision. | * * *" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5109", "Certificate Number": "5109", "Vendor Name": "STMicroelectronics", "Module Name": "Trusted Platform Module ST33KTPM2X / ST33KTPM2XSPI", "Module Type": "Hardware", "Validation Date": "12/15/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5109.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5109", "module_name": "Trusted Platform Module ST33KTPM2X / ST33KTPM2XSPI", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/14/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy; When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The ST33KTPM2X and ST33KTPM2XSPI Trusted Platform Modules are discrete security modules designed to be integrated into personal computers or any other embedded electronic systems. The security module is used primarily for cryptographic keys generation, keys storage, keys management and secure storage for digital certificates.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5356 | - | SP 800-38A", "AES-CFB128 | A5356 | - | SP 800-38A", "AES-CTR | A5356 | - | SP 800-38A", "AES-ECB | A5356 | - | SP 800-38A", "AES-OFB | A5356 | - | SP 800-38A", "ECDSA KeyGen(FIPS186-4) | A5358 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5358 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5358 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5358 | - | FIPS 186-4", "Hash DRBG | A5351 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A5355 | - | FIPS 198-1", "HMAC-SHA2-256 | A5355 | - | FIPS 198-1", "HMAC-SHA2-384 | A5355 | - | FIPS 198-1", "HMAC-SHA2-512 | A5355 | - | FIPS 198-1", "HMAC-SHA3-256 | A5355 | - | FIPS 198-1", "HMAC-SHA3-384 | A5355 | - | FIPS 198-1", "KAS-ECC Sp800-56Ar3 | A5358 | - | SP 800-56A Rev.3", "KDF SP800-108 | A5354 | - | SP 800-108 Rev.1", "KTS-IFC | A5357 | - | SP 800-56B Rev.2", "RSA Decryption Primitive Sp800-56Br2(CVL) | A5357 | - | SP 800-56B Rev.2", "RSA KeyGen(FIPS186-5) | A5357 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5357 | - | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5357 | - | FIPS 186-5", "SHA-1 | A5352 | - | FIPS 180-4", "SHA-1 | A5353 | - | FIPS 180-4", "SHA2-256 | A5352 | - | FIPS 180-4", "SHA2-256 | A5353 | - | FIPS 180-4", "SHA2-384 | A5352 | - | FIPS 180-4", "SHA2-384 | A5353 | - | FIPS 180-4", "SHA2-512 | A5352 | - | FIPS 180-4", "SHA2-512 | A5353 | - | FIPS 180-4", "SHA3-256 | A5352 | - | FIPS 202", "SHA3-384 | A5352 | - | FIPS 202", "XOR | No security claimed per IG 2.4.A with the example of scenario #1.The algorithm:\\* is not used except for this purpose \\* does not access or share CSPs in a way that counters the requirements of theIG \\* not intended to be used as a security function.\\* can't be confused for a security function | Obfuscation of input or output data", "ECDSA(non-compliant) | Digital signature with an ECC signing key generated with an undetermined scheme (field inPublic.buffer.parameters.scheme.scheme=TPM\\_ALG\\_NULL), derived from a derivation parent key, or a key loaded in the NULL hierarchy", "HMAC(non-compliant) | Key length<112bits for message authentication", "KAS(non-compliant) | Key agreement with an ECC key that has an undetermined scheme (field inPublic.buffer.parameters.scheme.scheme=TPM\\_ALG\\_NULL)", "KBKDF(non-compliant) | Non-Approved key derivation usage", "KTS-IFC(non-compliant) | Key encapsulation with an RSA decryption key that has an undetermined scheme (field inPublic.buffer.parameters.scheme.scheme=TPM\\_ALG\\_NULL)", "RSA(non-compliant) | 1024-bit RSA digital signature generation or with a key loaded in theNull hierarchy", "RSA with no padding mode(null scheme)(non-compliant) | Key transport", "SHA-1(non-compliant) | Digital signature generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5108", "Certificate Number": "5108", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v14.1 [Apple silicon, User, Software, SL1]", "Module Type": "Software", "Validation Date": "12/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5108.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5108", "module_name": "Apple corecrypto Module v14.1 [Apple silicon, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/13/2030", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple Cryptographic Module for Apple Vision Pro user space environment.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CFB128 | A5407 | - | SP 800-38A", "AES-CFB8 | A5405 | - | SP 800-38A", "AES-CFB8 | A5407 | - | SP 800-38A", "AES-CMAC | A5407 | - | SP 800-38B", "AES-CTR | A5405 | - | SP 800-38A", "AES-CTR | A5407 | - | SP 800-38A", "AES-CTR | A5408 | - | SP 800-38A", "AES-ECB | A5404 | - | SP 800-38A", "AES-ECB | A5405 | - | SP 800-38A", "AES-ECB | A5407 | - | SP 800-38A", "AES-ECB | A5408 | - | SP 800-38A", "AES-GCM | A5405 | - | SP 800-38D", "AES-GCM | A5407 | - | SP 800-38D", "AES-GCM | A5408 | - | SP 800-38D", "AES-KW | A5405 | - | SP 800-38F", "AES-KW | A5407 | - | SP 800-38F", "AES-OFB | A5404 | - | SP 800-38A", "AES-OFB | A5405 | - | SP 800-38A", "AES-OFB | A5407 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5404 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5405 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5407 | - | SP 800-38E", "Counter DRBG | A5405 | - | SP 800-90A Rev.1", "Counter DRBG | A5407 | - | SP 800-90A Rev.1", "Counter DRBG | A5408 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A5407 | - | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5409 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5407 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5409 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5407 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5409 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5407 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5409 | - | FIPS 186-4", "HMAC-SHA-1 | A5407 | - | FIPS 198-1", "HMAC-SHA-1 | A5409 | - | FIPS 198-1", "HMAC-SHA2-224 | A5407 | - | FIPS 198-1", "HMAC-SHA2-224 | A5409 | - | FIPS 198-1", "HMAC-SHA2-256 | A5407 | - | FIPS 198-1", "HMAC-SHA2-256 | A5409 | - | FIPS 198-1", "HMAC-SHA2-256 | A5410 | - | FIPS 198-1", "HMAC-SHA2-384 | A5407 | - | FIPS 198-1", "HMAC-SHA2-384 | A5409 | - | FIPS 198-1", "HMAC-SHA2-512 | A5407 | - | FIPS 198-1", "HMAC-SHA2-512 | A5409 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5407 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5409 | - | FIPS 198-1", "HMAC-SHA3-224 | A5407 | - | FIPS 198-1", "HMAC-SHA3-224 | A5409 | - | FIPS 198-1", "HMAC-SHA3-256 | A5407 | - | FIPS 198-1", "HMAC-SHA3-256 | A5409 | - | FIPS 198-1", "HMAC-SHA3-384 | A5407 | - | FIPS 198-1", "HMAC-SHA3-384 | A5409 | - | FIPS 198-1", "HMAC-SHA3-512 | A5407 | - | FIPS 198-1", "HMAC-SHA3-512 | A5409 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5407 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5407 | - | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A5409 | - | SP 800-56C Rev.2", "KDF SP800-108 | A5407 | - | SP 800-108 Rev.1", "KDF SP800-108 | A5409 | - | SP 800-108 Rev.1", "PBKDF | A5407 | - | SP 800-132", "PBKDF | A5409 | - | SP 800-132", "RSA KeyGen(FIPS186-4) | A5407 | - | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A5409 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5407 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5409 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5407 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5409 | - | FIPS 186-4", "SHA-1 | A5407 | - | FIPS 180-4", "SHA-1 | A5409 | - | FIPS 180-4", "SHA2-224 | A5407 | - | FIPS 180-4", "SHA2-224 | A5409 | - | FIPS 180-4", "SHA2-256 | A5407 | - | FIPS 180-4", "SHA2-256 | A5409 | - | FIPS 180-4", "SHA2-256 | A5410 | - | FIPS 180-4", "SHA2-384 | A5407 | - | FIPS 180-4", "SHA2-384 | A5409 | - | FIPS 180-4", "SHA2-512 | A5407 | - | FIPS 180-4", "SHA2-512 | A5409 | - | FIPS 180-4", "SHA2-512/256 | A5407 | - | FIPS 180-4", "SHA2-512/256 | A5409 | - | FIPS 180-4", "SHA3-224 | A5407 | - | FIPS 202", "SHA3-224 | A5409 | - | FIPS 202", "SHA3-256 | A5407 | - | FIPS 202", "SHA3-256 | A5409 | - | FIPS 202", "SHA3-384 | A5407 | - | FIPS 202", "SHA3-384 | A5409 | - | FIPS 202", "SHA3-512 | A5407 | - | FIPS 202", "SHA3-512 | A5409 | - | FIPS 202", "MD5 | Allowed in Approved mode with no security claimed per IG 2.4.A Digest Size:128-bit | Message Digest(used as part of the TLS key establishment scheme v1.0,v1.1 only)", "ANSI X9.63 KDF | Hash based Key Derivation Function", "DES | Encryption/Decryption Key Size:56-bits", "Diffie-Hellman | Shared Secret Computation using key size<2048", "ECDSA | PKG:Curve P-192;PKV:Curve P-192;compact point representation of points;Signature Generation:Curve P-192;Signature Verification:Curve P-192", "EC Diffie-Hellman | Shared Secret Computation using curves= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256 | Name | Use and Function", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5101", "Certificate Number": "5101", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v14.1 [Apple silicon, Kernel, Software, SL1]", "Module Type": "Software", "Validation Date": "12/02/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5101.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5101", "module_name": "Apple corecrypto Module v14.1 [Apple silicon, Kernel, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/1/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple Cryptographic Module for Apple Vision Pro kernel space environment.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "EDDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CTR | A5416 | - | SP 800-38A", "AES-ECB | A5413 | - | SP 800-38A", "AES-ECB | A5414 | - | SP 800-38A", "AES-ECB | A5416 | - | SP 800-38A", "AES-GCM | A5416 | - | SP 800-38D", "AES-KW | A5414 | - | SP 800-38F", "AES-OFB | A5413 | - | SP 800-38A", "AES-OFB | A5414 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5413 | - | SP 800-38E", "Counter DRBG | A5414 | - | SP 800-90A Rev.1", "Counter DRBG | A5416 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A5369 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5369 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5369 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5369 | - | FIPS 186-4", "HMAC-SHA-1 | A5369 | - | FIPS 198-1", "HMAC-SHA2-224 | A5369 | - | FIPS 198-1", "HMAC-SHA2-256 | A5369 | - | FIPS 198-1", "HMAC-SHA2-256 | A5417 | - | FIPS 198-1", "HMAC-SHA2-384 | A5369 | - | FIPS 198-1", "HMAC-SHA2-384 | A5415 | - | FIPS 198-1", "HMAC-SHA2-512 | A5369 | - | FIPS 198-1", "HMAC-SHA2-512 | A5415 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5369 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A5415 | - | FIPS 198-1", "RSA SigGen(FIPS186-4) | A5369 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5369 | - | FIPS 186-4", "SHA-1 | A5369 | - | FIPS 180-4", "SHA2-224 | A5369 | - | FIPS 180-4", "SHA2-256 | A5369 | - | FIPS 180-4", "SHA2-256 | A5417 | - | FIPS 180-4", "SHA2-384 | A5369 | - | FIPS 180-4", "SHA2-384 | A5415 | - | FIPS 180-4", "SHA2-512 | A5369 | - | FIPS 180-4", "SHA2-512 | A5415 | - | FIPS 180-4", "SHA2-512/256 | A5369 | - | FIPS 180-4", "SHA2-512/256 | A5415 | - | FIPS 180-4", "ANSI X9.63 KDF | Hash based Key Derivation Function", "DES | Encryption / Decryption", "ECDSA | PKG: Curve P-192; PKV: Curve P-192; Signature Generation: Curve P-192; Signature Verification: Curve P-192", "ECDSA KeyGen | Key Pair Generation for compact point representation of points", "EdDSA | Key Generation, Signature Generation, Signature Verification with Ed25519", "HKDF \\[SP800-56Crev2\\] | Key Derivation Function", "RSA SigGen | PKCS#1 v1.5 and PSS; Signature Generation using key sizes less than 2048-bits", "RSA SigVer | Signature Verification using key sizes less than 1024", "RSA Key Wrapping | OAEP, PKCS#1 v1.5 and -PSS schemes", "Triple-DES \\[SP 800-67r2\\] | Encryption / Decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5100", "Certificate Number": "5100", "Vendor Name": "Rambus Inc.", "Module Name": "VaultIP RT-130", "Module Type": "Hardware", "Validation Date": "12/02/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5100.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5100", "module_name": "VaultIP RT-130", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/1/2030", "overall_level": 2, "caveat": "When operated in approved mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "VaultIP is a Silicon IP Security Module with a secure asset store protecting all valuable assets on your device. It is a stand-alone Root of Trust that offers key management and crypto functions needed for platform and application security. VaultIP offers all security services to manage your device securely through its lifecycle. These include Secure Debug, Secure Provisioning, HUK and Identity protection and secure authentication services. Secure Boot and Communication protocols such as TLS can leverage VaultIP to secure the boot process and protect private communication keys.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CCM | A5264 | Key Length - 128,192,256 | SP 800-38C", "AES-CMAC | A5264 | Direction - Generation, Verification Key Length - 128,192,256 | SP 800-38B", "AES-CTR | A5264 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-ECB | A5264 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-GCM | A5264 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.2 Key Length - 128,192,256 | SP 800-38D", "AES-GMAC | A5264 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.2 Key Length - 128,192,256 | SP 800-38D", "AES-KWP | A5264 | Direction - Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A5264 | Direction - Decrypt, Encrypt Key Length - 128,256 | SP 800-38E", "Counter DRBG | A5264 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5264 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode - extra bits | FIPS 186-5", "ECDSA KeyVer(FIPS186-4) | A5264 | Curve-P-192 | FIPS 186-4", "ECDSA KeyVer(FIPS186-5) | A5264 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5264 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A5264 | Component-No Curve-P-192,P-224,P-256,P-384,P-521 Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A5263 | Curve-P-256 Hash Algorithm-SHA2-256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5264 | Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A5264 | Key Length - Key Length: 112-512 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5264 | Key Length - Key Length: 112-512 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5264 | Key Length - Key Length: 128-512 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5264 | Key Length - Key Length: 192-1024 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5264 | Key Length - Key Length: 256-1024 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A5264 | Key Length - Key Length: 112-1152 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A5264 | Key Length - Key Length: 128-1088 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A5264 | Key Length - Key Length: 192-832 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A5264 | Key Length - Key Length: 256-576 Increment8 | FIPS 198-1", "KAS-ECC Sp800-56Ar3 | A5264 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Function-Key Pair GenerationScheme-fullUnified-KAS Role-Initiator,ResponderKDF Methods-oneStepKdf-KeyLength-512ephemeralUnified-KAS Role-Initiator,ResponderKDF Methods-oneStepKdf-KeyLength-512onePassUnified-KAS Role-Initiator,ResponderKDF Methods-oneStepKdf-KeyLength-512onePassDh-KAS Role-Initiator,ResponderKDF Methods-oneStepKdf-KeyLength-512staticUnified-KAS Role-Initiator,ResponderKDF Methods- | SP 800-56ARev.3", "KDF SP800-108 | A5264 | KDF Mode-Counter, FeedbackSupported Lenghts-Supported Lenghts:112-1152 Increment 8 | SP 800-108Rev.1", "KTS-IFC | A5264 | Modulo-2048,3072Key Generation Methods-rsakpg1-basicScheme-KTS-OAEP-basic-KAS Role-responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "RSA SigGen(FIPS186-5) | A5264 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-2) | A5264 | Signature Type-PKCS1.5,PKCSPSSModulo-1536 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5264 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A5264 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A5255 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A5263 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA3-224 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-256 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-384 | A5264 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "SHA3-512 | A5264 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "ECDSA key pair generation | Curves:brainpoolP224r1,brainpoolP256r1,brainpoolP384r1,brainpoolP512r1(112,128,192,256bits of security) | Rambus Root ofTrust RT-130(RAM) | FIPS 140-3IGC.A;RFC5639", "ECDSA signature generation | Curves:brainpoolP224r1,brainpoolP256r1,brainpoolP384r1,brainpoolP512r1(112,128,192,256bits of security) | Rambus Root ofTrust RT-130(RAM) | FIPS 140-3IGC.A;RFC5639", "ECDSA signature verification | Curves:brainpoolP192r1,brainpoolP224r1,brainpoolP256r1,brainpoolP384r1,brainpoolP512r1(96,112,128,192,256bits of security) | Rambus Root ofTrustRT-130(RAM) | FIPS 140-3IGC.A;RFC5639", "KAS-ECC | Curves:brainpoolP224r1,brainpoolP256r1,brainpoolP384r1,brainpoolP512r1(112,128,192,256bits of security) | Rambus Root ofTrustRT-130(RAM) | FIPS 140-3IGC.A;RFC5639", "Image de-obfuscation | Firmware images obfuscated using a non-approved AES key are considered plaintext and unprotected (IG 2.4.A) | De-obfuscation of the RAM firmware image", "AES SIV | SSPs obfuscated using this algorithm are considered plaintext and unprotected (IG2.4.A) | De-obfuscation of Asset Key Blobs or OTP Key Blobs", "AES CTR using external IV | Encryption", "AES ICM | Encryption, Decryption", "AES GCM using external IV | Authenticated encryption", "AES GCM using IV generated with non-approved entropy source configuration | Authenticated encryption", "SHA-1 standalone | Message digest", "AES CBC-MAC | MAC", "AES GMAC using IV generated with non-approved entropy source configuration | MAC", "HMAC with key sizes less than 112 bits | MAC", "TwoStep KDF | Key derivation", "ECDSA key pair generation with non-approved entropy source configuration | Key pair generation", "ECDSA with P-192 | Key pair generation, Signature generation", "ECDSA with SHA-1 | Signature generation", "ECDSA with non-approved entropy source configuration | Signature generation", "ECDSA (pre-hashed message) | Signature generation, Signature verification", "RSA with modulus size not 2048 or 3072 bits | Signature generation", "RSA with modulus size not 1024, 1536, 2048, or 3072 bits | Signature verification", "RSA with SHA-1 | Signature generation", "RSA-PSS with non-approved entropy source configuration | Signature generation", "RSA-PSS with invalid salt length | Signature generation, Signature verification", "Diffie-Hellman | Key pair generation, Key pair verification, Shared secret computation", "EC Diffie-Hellman | Shared secret computation", "X25519 | Key pair generation, Shared secret computation", "RSA-OAEP | Key encapsulation", "RSA-PKCS#1v1.5 | Key encapsulation, Key un-encapsulation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5099", "Certificate Number": "5099", "Vendor Name": "Christie Digital Systems Canada Inc.", "Module Name": "Christie IMB-S4 4K Integrated Media Block (IMB)", "Module Type": "Hardware", "Validation Date": "12/01/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5099.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5099", "module_name": "Christie IMB-S4 4K Integrated Media Block (IMB)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/30/2030", "overall_level": 2, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Christie IMB-S4 is a DCI-compliant solution to enable the playback of video, audio, and timed text essences on Christie Digital CineLife+ projectors.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA", "SHS", "TLS" ], "algorithms_detailed": [ "RSA SigVer (FIPS186-4) | C838 | Signature Type - PKCS 1.5, PKCSPSS Module - 2048, 3072 | FIPS 186-4", "SHA-1 | A4665 | Message Length - Message Length: 8-1024 Increment 8 | FIPS 180-4", "SHA2-256 | A4665 | Message Length - Message Length: 8-1024 Increment 8 | FIPS 180-4", "SHA2-256 | C837 | Message Length - Message Length: 0-51200 Increment 8 | FIPS 180-4", "MD5 | Used as part of the TLS 1.0 implementation.", "RSA (non-compliant) | Used as part of the TLS 1.0 implementation and the Ingest, Generate SM Report, Perform Marriage services.", "TLS 1.0 KCF (non-compliant) | Used as part of the TLS 1.0 implementation.", "AES (non-compliant) | Used as part of the TLS 1.0 implementation and the Ingest, Load Content, Playback services.", "HMAC (non-compliant) | Used as part of the TLS 1.0 implementation and the Load Content, Playback services.", "SHS (non-compliant) | Used as part of the TLS 1.0 implementation and Generate SM Report, Perform Marriage services.", "DRBG (non-compliant) | Used as part of the TLS 1.0 implementation." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5098", "Certificate Number": "5098", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "Nuvoton Cryptographic Library 3.0", "Module Type": "Hardware", "Validation Date": "11/30/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5098.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5098", "module_name": "Nuvoton Cryptographic Library 3.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/29/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton Cryptographic Library implementation providing cryptographic services.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4659 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5276 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4659 | Direction- Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CMAC | A5276 | Direction- Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4659 | Direction- Decrypt, EncryptIV Generation-InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5276 | Direction- Decrypt, EncryptIV Generation-InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4659 | Direction- Decrypt, EncryptIV Generation-InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5276 | Direction- Decrypt, EncryptIV Generation- InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-OFB | A4659 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-OFB | A5276 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "ECDSA KeyGen(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521 | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Component-No,Yes | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A4659 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5276 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "Hash DRBG | A4659 | Prediction Resistance-No,YesMode-SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5276 | Prediction Resistance-No,YesMode-SHA2-512 | SP 800-90ARev.1", "HMAC-SHA2-256 | A4659 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5276 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4659 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5276 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4659 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5276 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4659 | Domain Parameter Generation Methods - P-256, P-384, P-521Scheme - ephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5276 | Domain Parameter Generation Methods - P-256, P-384, P-521Scheme - ephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KDF SP800-108 | A4659 | KDF Mode - Counter, Double Pipeline Iteration, FeedbackSupported Lengths - Supported Lengths: 8-4096 Increment 8 | SP 800-108Rev.1", "KDF SP800-108 | A5276 | KDF Mode - Counter, Double Pipeline Iteration, FeedbackSupported Lengths - Supported Lengths: 8-4096 Increment 8 | SP 800-108Rev.1", "KTS-IFC | A4659 | Modulo - 2048, 3072Key Generation Methods - rsakpg1-basic, rsakpg2-basicScheme - KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length - 1024 | SP 800-56BRev.2", "KTS-IFC | A5276 | Modulo - 2048, 3072Key Generation Methods - rsakpg1-basic, rsakpg2-basicScheme - KTS-OAEP-basic-KAS Role - initiator, responderKey Transport Method-Key Length - 1024 | SP 800-56BRev.2", "RSA SigGen(FIPS186-5) | A4659 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigGen(FIPS186-5) | A5276 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigVer(FIPS186-5) | A4659 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigVer(FIPS186-5) | A5276 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS186-5", "SHA2-256 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-256 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-384 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-384 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-512 | A4659 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-512 | A5276 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "CKG(ECDSA/ECDH) | Type:Asymmetric | N/A | CKG for asymmetric keys as perSP800-133Rev2section4example1withno post processing ontheUvalue" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5097", "Certificate Number": "5097", "Vendor Name": "NetApp, Inc.", "Module Name": "NetApp StorageGRID Kernel Crypto API", "Module Type": "Software", "Validation Date": "11/30/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5097.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5097", "module_name": "NetApp StorageGRID Kernel Crypto API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/29/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NetApp StorageGRID Kernel Crypto API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6242, A6245, A6248, A6251 Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | NetApp StorageGRID Kernel Cryptographic API | FIPS 140-3 Non-Proprietary Security Policy | © 2025 NetApp, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "AES-CBC-CS3 | A6242, A6245, A6248, A6251 Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6242, A6245, A6251 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A6242, A6245, A6251 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6242, A6245, A6251 | Direction | - | Generation | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A6242, A6245, A6248, A6251 Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6242, | A6243, | A6244, | A6245, | A6246, | A6247, | A6248, | A6249, | A6250, | A6251, | A6252, | A6253, | A6254, | A6255, | A6256, | A6258, | A6259, | A6260, | A6261, A6262, A6263 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6242, | A6244, | A6245, | A6247, | A6248, | A6250, | A6251, | A6253, | A6254, | A6256, | A6258, | A6260, | A6261, A6263 | Direction - Decrypt, Encrypt | IV | Generation | - | External | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A6243, | A6246, | A6249, | A6252, A6255, A6259, A6262 | Direction - Decrypt, Encrypt | IV | Generation | - | Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A6242, | A6245, | A6248, | A6251, A6254, A6258, A6261 | Direction - Decrypt, Encrypt | IV | Generation | - | External | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6242, A6245, A6251 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6242, A6245, A6251 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS | Testing | Revision 2.0 | A6242, | A6245, | A6248, | A6251, | A6254, | A6257, | A6258, A6261 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E | Counter", "DRBG | A6242, | A6243, | A6244, | A6245, | A6246, | A6247, | A6248, | A6249, | A6250, | A6251, | A6252, | A6253, | A6254, | A6255, | A6256, | A6258, | A6259, | A6260, | A6261, A6262, A6263 | Prediction Resistance - No, | Yes", "Mode - AES-128, AES-192,", "AES-256 | Derivation Function Enabled - | Yes | SP 800-90A | Rev. 1", "ECDSA | KeyGen | (FIPS186-5) | A6242 | Curve | - | P-256, | P-384 | Secret Generation Mode - | testing candidates | FIPS 186-5", "Hash DRBG | A6242, | A6264, | A6265, | A6266, A6267 | Prediction Resistance - No, | Yes", "Mode - SHA-1, SHA2-256,", "SHA2-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A6242, | A6264, | A6265, | A6266, A6267 | Prediction Resistance - No, | Yes | SP 800-90A | Rev. 1 | NetApp StorageGRID Kernel Cryptographic API | FIPS 140-3 Non-Proprietary Security Policy | © 2025 NetApp, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "SHA2-512", "HMAC-SHA-1 | A6242, | A6264, | A6265, | A6266, A6267 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A6242, | A6264, | A6265, | A6266, A6267 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A6242, | A6264, | A6265, | A6266, A6267 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A6242, A6264, A6265, A6266 Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A6242, A6264, A6265, A6266 Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A6242 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A6242 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A6242 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A6242 | Key Length - Key Length: | 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A6242 | Domain | Parameter | Generation Methods - P-256, | P-384 | Scheme | - | ephemeralUnified | -", "KAS | Role | - | initiator, | responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A6242 | Domain | Parameter | Generation | Methods | - | ffdhe2048, | ffdhe3072, | ffdhe4096, | ffdhe6144, | ffdhe8192 | Scheme | - | dhEphem | -", "KDA OneStep | SP800-56Cr2 | A6242 | Derived Key Length - 2048", "Shared | Secret | Length | - | Shared Secret Length: 224- | 2048 Increment 8 | SP 800-56C | Rev. 2", "KDF | SP800- | 108 | A6242", "KDF | Mode | - | Counter | Supported | Lengths | - | Supported | Lengths: | 112- | 4096 Increment 8 | SP 800-108 | Rev. 1", "RSA | SigVer | (FIPS186-4) | A6242 | Signature Type - PKCS 1.5 | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA | SigVer | (FIPS186-5) | A6242 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5 | FIPS 186-5 | Safe | Primes | Key | Generation | A6242 | Safe | Prime | Groups | - | ffdhe2048, | ffdhe3072, | ffdhe4096, | ffdhe6144, | ffdhe8192 | SP 800-56A | Rev. 3 | NetApp StorageGRID Kernel Cryptographic API | FIPS 140-3 Non-Proprietary Security Policy | © 2025 NetApp, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice.", "SHA-1 | A6242, | A6264, | A6265, | A6266, A6267 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-224 | A6242, | A6264, | A6265, | A6266, A6267 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-256 | A6242, | A6264, | A6265, | A6266, A6267 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-384 | A6242, A6264, A6265, A6266 Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA2-512 | A6242, A6264, A6265, A6266 Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 180-4", "SHA3-224 | A6242 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-256 | A6242 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-384 | A6242 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202", "SHA3-512 | A6242 | Message Length - Message | Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2 | FIPS 202 | Name | Implementation Reference | Asymmetric | CKG | Key | Type:Asymmetric | N/A | SP | 800-133r2, | section | 4, | example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "AES-GCM with external IV | Encryption with external IV (not compliant to FIPS 140- | 3 IG C.H)", "KBKDF in libkcapi | Key Derivation with implementation not tested by CAVP | NetApp StorageGRID Kernel Cryptographic API | FIPS 140-3 Non-Proprietary Security Policy | © 2025 NetApp, Inc., atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Use and Function", "HKDF in libkcapi | Key Derivation with implementation not tested by CAVP | PBKDF2 in libkcapi | Password-Based Key Derivation with implementation | not tested by CAVP", "RSA PKCS#1 v1.5 with pre- | hashed message | Signature generation / verification", "RSA PKCS#1 v1.5 | Key encapsulation / un-encapsulation (not compliant to | SP 800-56Br2)", "RSA primitive | Encryption / decryption (not compliant to SP 800-56Br2)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5096", "Certificate Number": "5096", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Linux Enterprise OpenSSL 3 Cryptographic Module", "Module Type": "Software", "Validation Date": "11/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5096.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5096", "module_name": "SUSE Linux Enterprise OpenSSL 3 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/25/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Linux Enterprise Server 15 SP6 OpenSSL FIPS provider implementation providing cryptographic services to Linux user space software components. The module was tested with 64-bit word size.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A5398 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5399 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5400 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5401 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5402 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5403 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A5658 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5398 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5399 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5400 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5401 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5402 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5403 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5658 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5398 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5399 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5400 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5401 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5402 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5403 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5658 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5398 | Direction- decrypt, encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5399 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5400 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5401 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5402 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5403 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5658 | Direction - decrypt, encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A5398 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5399 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5400 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5401 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5402 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5403 | Key Length-128,192,256 | SP 800-38C", "AES-CCM | A5658 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A5398 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5399 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5400 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5401 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5402 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB1 | A5403 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB1 | A5658 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5398 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5399 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5400 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5401 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5402 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5403 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB128 | A5658 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5398 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5399 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5400 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5401 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5402 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5403 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A5658 | Direction- Decrypt, Encrypt Key Length - 128,192,256 | SP 800-38A", "AES-CMAC | A5398 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5399 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5400 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5401 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5402 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5403 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CMAC | A5658 | Capabilities-Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A5398 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5399 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5400 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5401 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5402 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5403 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5658 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5398 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5399 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5400 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5401 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5402 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5403 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5658 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5884 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5893 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5894 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5895 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5896 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5900 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A5870 | Direction-Decrypt,EncryptIV Generation-External,InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP800-38D", "AES-GCM | A5871 | Direction-Decrypt,EncryptIV Generation-External,InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP800-38D", "AES-GCM | A5872 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5873 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5874 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5875 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5880 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5881 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5882 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5886 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5887 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5888 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5903 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5904 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GCM | A5905 | Direction- Decrypt, EncryptIV Generation- External, InternalKey Length-128,192,256IV Generation Mode-8.2.2 | SP 800-38D", "AES-GMAC | A5870 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5871 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5872 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5873 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5874 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5875 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5880 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5881 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5882 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5886 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5887 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5888 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5903 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5904 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A5905 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length-128,192,256 | SP 800-38D", "AES-KW | A5398 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5399 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5400 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5401 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5402 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5403 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KW | A5658 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "AES-XTS Testing Revision 2.0 | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A5397 | Prediction Resistance - No, Yes Capabilities Mode - AES-128 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5868 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5876 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5877 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5878 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5879 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen | A5883 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyGen(FIPS186-5) | A5889 | Curve-P224,P256,P384,P521Secret Generation Mode-testing candidates | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5868 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5876 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5877 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5878 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5879 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5883 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A5889 | Curve-P224,P256,P384,P521 | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5868 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5869 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No,Yes | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5876 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5877 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5878 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5879 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5883 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5885 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No,Yes | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5889 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No,Yes | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5868 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5869 | Capabilities-Curve-P224,P256,P384,P521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5876 | Capabilities-Curve-P224,P256,P384,P521 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5877 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5878 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5879 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5883 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5885 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5889 | Capabilities-Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "Hash DRBG | A5397 | Prediction Resistance-No,YesCapabilities-Mode-SHA-1 | SP 800-90ARev.1", "HMAC DRBG | A5397 | Prediction Resistance-No,YesCapabilities-Mode-SHA-1 | SP 800-90ARev.1", "HMAC-SHA-1 | A5868 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5876 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5877 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5864 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5879 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5883 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5889 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5868 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5876 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5877 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5878 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5879 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5883 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5889 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5868 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5876 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5877 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5878 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5879 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5883 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5889 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5868 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5876 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5877 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5878 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5879 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5883 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5889 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5868 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5876 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5877 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5878 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5879 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5883 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5889 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A5869 | Key Length - Key Length: 112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5868 | Domain Parameter Generation Methods - P-224,P-256,P-384,P-521 Scheme ephemeralUnified KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5876 | Domain Parameter Generation Methods - P-224,P-256,P-384,P-521 Scheme ephemeralUnified KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5877 | Domain Parameter Generation Methods - P-224,P-256,P-384,P-521 Scheme ephemeralUnified KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5878 | Domain Parameter Generation Methods - P-224,P-256,P-384,P-521 Scheme ephemeralUnified KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A5879 | Domain Parameter Generation Methods - P-224,P-256,P-384,P-521 Scheme - | SP 800-56A Rev.3", "KAS-ECC-SSCSp800-56Ar3 | A5883 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5889 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5898 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5868 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5876 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5877 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KAS1-KAS Role-initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5878 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5879 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5883 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-IFC-SSC | A5889 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rskpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A5863 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A5897 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev.2", "KDA TwoStep SP800-56Cr2 | A5897 | Capabilities-MAC Salting Methods-default, randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-S shared Secret Length:224-2048 Increment8 | SP 800-56C Rev.2", "KDF ANS 9.42(CVL) | A5868 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5869 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5876 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5877 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5878 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5879 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A5883 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5885 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:112-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.42(CVL) | A5889 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5868 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5869 | Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5876 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5877 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5878 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5879 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5883 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5885 | Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A5889 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096Increment8 | SP800-135Rev.1", "KDF SP800-108 | A5899 | Capabilities-KDF Mode-CounterSupported Lengths-Supported Lengths:112-4096Increment8 | SP800-108Rev.1", "KDF SSH(CVL) | A5884 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5893 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5894 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5895 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5896 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KDF SSH(CVL) | A5900 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "KTS-IFC | A5868 | Modulo -2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5876 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5877 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5878 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5879 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5883 | Modulo -2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "KTS-IFC | A5889 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-768 | SP 800-56BRev.2", "PBKDF | A5868 | CapabilitiesIteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5869 | CapabilitiesIteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5876 | CapabilitiesIteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5877 | CapabilitiesIteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5878 | CapabilitiesIteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "PBKDF | A5879 | Capabilities-Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP800-132", "PBKDF | A5883 | Capabilities-Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP800-132", "PBKDF | A5885 | Capabilities-Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP800-132", "PBKDF | A5889 | Capabilities-Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-128Increment1 | SP800-132", "RSA KeyGen(FIPS186-5) | A5868 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5876 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5877 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5878 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048 | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5879 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5883 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA KeyGen(FIPS186-5) | A5889 | Capabilities-Key Generation Mode-probableWithProbableAuxProperties-Modulo-2048Primality Tests-2powSecStrPrivate Key Format-standard | FIPS186-5", "RSA SigGen(FIPS186-5) | A5868 | Capabilities-Properties-Modulo-2048Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigGen(FIPS186-5) | A5869 | Capabilities-Properties-Modulo-2048Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigGen(FIPS186-5) | A5876 | Capabilities-Properties-Modulo-2048Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigGen(FIPS186-5) | A5877 | Capabilities-Properties-Modulo-2048Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigGen(FIPS186-5) | A5878 | Capabilities-Properties-Modulo-2048Signature Type-pkcs1v1.5 | FIPS186-5", "RSA SigGen(FIPS186-5) | A5879 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5883 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5885 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5889 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-2) | A5868 | Capabilities - Signature Type - PKCSPSS Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5876 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5877 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5878 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5879 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5883 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A5889 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1536 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5868 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5876 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5877 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5878 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5879 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5883 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-4) | A5889 | Capabilities-Signature Type-PKCS1.5Properties-Modulo-1024 | FIPS186-4", "RSA SigVer(FIPS186-5) | A5868 | Capabilities-Properties-Modulo-2048SignatureType-pkcs1v1.5 | FIPS186-5", "RSA SigVer(FIPS186-5) | A5869 | Capabilities-Properties-Modulo-2048SignatureType-pkcs1v1.5 | FIPS186-5", "RSA SigVer(FIPS186-5) | A5876 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5877 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5878 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5879 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5883 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5885 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5889 | Capabilities- Properties- Modulo-2048 Signature Type-pkcs1v1.5 | FIPS 186-5", "SHA-1 | A5868 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5864 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5868 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5876 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5877 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5878 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5879 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5883 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A5889 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A5869 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A5885 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5869 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A5885 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5869 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A5885 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5869 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A5885 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A5869 | Output Length - Output Length:16-65536Increment8 | FIPS 202", "SHAKE-128 | A5885 | Output Length - Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A5869 | Output Length - Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A5885 | Output Length - Output Length:16-65536Increment8 | FIPS 202" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5095", "Certificate Number": "5095", "Vendor Name": "Ctrl IQ, Inc.", "Module Name": "Rocky Linux 8 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "11/24/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5095.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5095", "module_name": "Rocky Linux 8 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/23/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Rocky Linux 8 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES" ], "algorithms_detailed": [ "AES-CBC | A5807, A5810, A5813, A5816, A5819 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5807, A5810, A5816, A5819 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A5807, A5810, A5816, A5819 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A5807, A5810, A5816, A5819 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A5807, A5810, A5816, A5819 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A5807, A5810, A5813, A5816, A5819 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5807, A5808, A5809, A5810, A5811, A5812, A5813, A5814, A5815, A5816, A5817, A5818, A5819, A5820, A5821 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A5807, A5809, A5810, A5812, A5813, A5815, A5816, A5818, A5819, A5821 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5808, A5811, A5814, A5817, A5820 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - B.3.1.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5807, A5810, A5816, A5819 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A5807, A5810, A5816, A5819 | Direction - Decrypt, Encrypt | SP 800-38F" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5094", "Certificate Number": "5094", "Vendor Name": "IBM Corporation", "Module Name": "IBM COS Linux Kernel Cryptographic API Cryptographic Module", "Module Type": "Software", "Validation Date": "11/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5094.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5094", "module_name": "IBM COS Linux Kernel Cryptographic API Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/13/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6801,A6806,A6809,A6812 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A6801,A6806,A6809,A6812 | Direction-decrypt, encryptKey Length - 128,192,256 | SP 800-38A", "AES-CCM | A6801,A6806,A6812 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB128 | A6801,A6806,A6812 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CMAC | A6801,A6806,A6812 | Direction- GenerationKey Length - 128,192,256 | SP 800-38B", "AES-CTR | A6801,A6806,A6809,A6812 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-ECB | A6801,A6804,A6805,A6806,A6807,A6808,A6809,A6810,A6811,A6812,A6813,A6814 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-GCM | A6801,A6805,A6806,A6808,A6809,A6811,A6812,A6814 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length - 128,192,256 | SP 800-38D", "AES-GCM | A6804,A6807,A6810,A6813 | Direction- Decrypt, EncryptIV Generation- InternalIV Generation Mode-8.2.1Key Length - 128,192,256 | SP 800-38D", "AES-GMAC | A6801,A6806,A6812 | Direction- Decrypt, EncryptIV Generation- ExternalKey Length - 128,192,256 | SP 800-38D", "AES-KW | A6801,A6806,A6812 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38F", "AES-OFB | A6801,A6806,A6812 | Direction- Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A6801,A6806,A6809,A6812 | Direction- Decrypt, EncryptKey Length - 128,256 | SP 800-38E", "CounterDRBG | A6801,A6804,A6805,A6806,A6807,A6808,A6809,A6810,A6811,A6812,A6813,A6814 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-5) | A6801 | Curve-P-256,P-384Secret GenerationMode-testing candidates | FIPS186-5", "ECDSA SigVer(FIPS186-4) | A6802 | Component-NoCurve-P-256,P-384Hash Algorithm-SHA-1 | FIPS186-4", "ECDSA SigVer(FIPS186-5) | A6802 | Curve-P-256,P-384Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-256,SHA3-384,SHA3-512 | FIPS186-5", "Hash DRBG | A6801,A6815,A6816,A6817 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A6801,A6815,A6816,A6817 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A6801,A6815,A6816,A6817,A6818 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A6801,A6815,A6816,A6817,A6818 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A6801,A6815,A6816,A6817,A6818 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A6801,A6815,A6816,A6817 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A6801,A6815,A6816,A6817 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A6801 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A6801 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A6801 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A6801 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A6801 | Domain Parameter GenerationMethods-P-256,P-384Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A6801 | Domain Parameter GenerationMethods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA OneStepSP800-56Cr2 | A6803 | Derived Key Length-2048Shared Secret Length-SharedSecret Length:224-2048Increment8 | SP 800-56CRev.2", "KDF SP800-108 | A6803 | KDF Mode-CounterSupported Lengths-SupportedLengths:112-4096Increment8 | SP 800-108Rev.1", "RSA SigVer(FIPS186-4) | A6801 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6801 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5 | FIPS 186-5", "SHA-1 | A6801,A6815,A6816,A6817,A6818 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A6801,A6815,A6816,A6817,A6818 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A6801,A6815,A6816,A6817,A6818 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A6801,A6815,A6816,A6817 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A6801,A6815,A6816,A6817 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA3-224 | A6801 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A6801 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A6801 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A6801 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "AES-GCM with external IV | Encryption with external IV(not compliant to FIPS 140-3 IG C.H)", "KBKDF (libkcapi) | Key derivation with implementation not tested by CAVP", "HKDF (libkcapi) | Key derivation with implementation not tested by CAVP", "RSA | Encryption primitive; Decryption primitive(not compliant to SP800-56Br2)", "RSA with PKCS#1 v1.5 padding | Signature generation(pre-hashed message); Signature verification(pre-hashed message); Key encapsulation(not compliant to SP800-56Br2); Key un-encapsulation(not compliant to SP800-56Br2)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5093", "Certificate Number": "5093", "Vendor Name": "SAP SE", "Module Name": "SAP CommonCryptoLib Crypto Kernel", "Module Type": "Software", "Validation Date": "11/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5093.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5093", "module_name": "SAP CommonCryptoLib Crypto Kernel", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/13/2030", "overall_level": 1, "caveat": "When operated in approved mode. When installed, initialized, and configured as specified in Section 11.1 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SAP CommonCryptoLib Crypto Kernel v8.6.1 is a shared library, i.e. it consists of software only. SAP CommonCryptoLib Crypto Kernel provides an API in terms of C/C++ methods for key management and operation of cryptographic functions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "RAM | Volatile system memory shared with the linked application. | Dynamic", "Module: Finalization | Zeroization of SSPs that are stored under control of the module for longer than a single API call (internal Counter DRBG instance). | To prevent the unintended reuse of SSPs, those stored in volatile memory are explicitly overwritten with zeros before the memory is deallocated. This zeroing process occurs during the module\\_final() API function call or when the module is unloaded, ensuring that no residual data remains in memory after finalization or unloading. | Finalizing / unloading the module.", "AES keys | Keys used for AES encryption/decryption | 128,192,或256bits-128,192,或256bits | AES key-CSP | AES key generation | AES encryption/ decryptionAES GCMencryption/ decryption(randomIV)AES GCMencryption/ decryption(TLS1.2)AES GCMencryption/ decryption(TLS", "HMAC keys | Keys used for HMAC generation | >=112bits->=112bits | HMAC key-CSP | HMAC generation", "EdDSA private keys | Keys used for EdDSA signature generation | 32or57bytes-128or224bits | EdDSA privatekey-CSP | EdDSA keypairgeneration | Ed25519signature generationEd448 signature generation", "EdDSA public keys | Keys used for EdDSA signature verification | 32or57bytes-128or224bits | EdDSA publickey-PSP | EdDSA keypairgeneration | Ed25519signature verificationEd448 signature verificationEdDSA public key validation", "ECDSA private keys | Keys used for ECDSA signature generation | Up to521bits-112to256bits | ECDSA privatekey-CSP | ECDSA keypairgeneration | ECDSA signature generation", "ECDSA public keys | Keys used for ECDSA signature verification | Up to521bits-<=80(P-192)or112to256bits(other curves) | ECDSA publickey-PSP | ECDSA keypairgeneration | ECDSA signature verificationECDSA public key validation", "DSA public keys | Keys used for DSA signature verification | Up to3072bits-<=80(L:1024/N:160)or112to128bits(other groups) | DSA publickey-PSP | DSA signature verificationDSA domain parameter validation", "RSA private keys | Keys used for RSA signature generation | Variable-112 to 256 bits | RSA private key-CSP | RSA key pair generation | RSA PKCS1-v1.5 signature generationRSA PSS signature generationRSA signature generation with pre-computed hash(CVL)", "RSA public keys | Keys used for RSA signature verification | Variable-<=80(1024 bits modulus)or112to256bits(longer modulus) | RSA public key-PSP | RSA key pair generation | RSA PKCS1-v1.5 signature verificationRSA PSS signature verification", "KAS-ECCprivate key | Own private keysused for KAS-ECC | Up to521bits-112to256bits | ECDSA privatekey-CSP | KAS-SSCECC | KAS-SSCECC", "KAS-ECCpublic key | Own public keysused for KAS-ECC | Up to521bits-112to256bits | ECDSA publickey-PSP | KAS-SSCECC | ECDSA publickey validationKAS-SSCECC", "KAS-FFCprivate key | Own private keysused for KAS-FFC | Up to3072bits-112to128bits | DSA privatekey-CSP | KAS-SSCFFC | KAS-SSCFFC", "KAS-FFCpublic key | Own public keysused for KAS-FFC | Up to3072bits-112to128bits | DSA publickey-PSP | KAS-SSCFFC | KAS-SSCFFC", "ReceivedKAS-ECCpublic key | Received publickeysused forKAS-ECC | Up to521bits-112to256bits | ECDSA publickey-PSP | KAS-SSCECC", "ReceivedKAS-FFCpublic key | Received publickeysused forKAS-FFC | Up to3072bits-112to128bits | DSA publickey-PSP | KAS-SSCFFC", "KTS-IFC private key | Own private keys used for KTS-IFC | Variable-112 to 256 bits | RSA private key-CSP | KTS-IFC | KTS-IFC", "KTS-IFC public key | Own public keys used for KTS-IFC | Variable-112 to 256 bits | RSA public key-PSP | KTS-IFC | KTS-IFC", "Received KTS-IFC public key | Received public keys used for KTS-IFC | Variable-112 to 256 bits | RSA public key-PSP | KTS-IFC", "Shared secret | Output of KAS-ECC and KAS-FFC | Variable-112 to 256 bits | Shared secret-CSP | KAS-SSC FFC KAS-SSC ECC", "Counter DRBG key | Key of the internal state of the AES-256 Counter DRBG instance | 256 bits-256 bits | Counter DRBG key-CSP | Random number generation | Random number generationAES encryption/decryptionAES GCM encryption/decryption(random IV)AES CFB encryption/decryptionRSA PKCS1-v1.5 signature generationRSA PSS signature generationECDSA signature generationDSA domain parameter", "Counter DRBGV | Value V of the internal state of theAES-256 CounterDRBG instance | 128 bits-128bits | Counter DRBGvalue V-CSP | Randomnumbergeneration | Random number generationAES encryption/decryptionAES GCMencryption/decryption(randomIV)AES CFBencryption/decryptionRSA PKCS1-v1.5 signature generationRSA PSSsignature generationECDSAsignature generationDSA domain", "Intermediate key generation values | Temporary values used during key generation | Variable-N/A | Values used forDSA, ECDSA,EdDSA,RSA key generation-CSP | EdDSA key pair generationECDSA key pair generationRSA key pair generationKAS-SSC FFCKTS-IFCKAS-SSCECC", "Keying material | Input/output ofKTS-IFC | Variable-N/A | Keying material-CSP | KTS-IFC | KTS-IFC", "KAS-ECCdomain parameters | Domain parameters used by the KAS-SSC ECC | Variable-N/A | Domainparameters-PSP | KAS-SSCECC", "KAS-FFCdomain parameters | Domain parameters used by the KAS-SSC FFC | Variable-N/A | SP800-56Ar3FFC domainparameters-PSP | KAS-SSCFFC | KAS-SSCFFC", "AES keys | API Input API output | RAM:Plaintext | For a single API call | Module:Automatic Procedural", "HMAC keys | API Input API output | RAM:Plaintext | For a single API call | Procedural", "EdDSA private keys | API Input API output | RAM:Plaintext | For a single API call | Module:Automatic Procedural | EdDSA public keys:Paired With", "EdDSA public keys | API Input API output | RAM:Plaintext | For a single API call | Module:Automatic Procedural | EdDSA private keys:Paired With", "ECDSA private keys | API Input API output | RAM:Plaintext | For a single API call | Procedural | ECDSA public keys:Paired With", "ECDSA public keys | API Input | RAM:Plaintext | For a single API call | Procedural | ECDSA private keys:Paired With", "DSA public keys | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural", "RSA private keys | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | RSA public keys:Paired With", "RSA public keys | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | RSA private keys:Paired With", "KAS-ECC private key | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | KAS-ECC public key:Paired WithReceived KAS-ECC publickey:Used With", "KAS-ECC public key | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | KAS-ECC private key:Paired With", "KAS-FFC private key | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | KAS-FFC public key:Paired WithReceived KAS-FFC publickey:Used With", "KAS-FFC public key | APIInputAPIoutput | RAM:Plaintext | For a single APIcall | Procedural | KAS-FFC private key:Paired With", "Received KAS-ECCpublic key | APIInput | RAM:Plaintext | For a single APIcall | Procedural | KAS-ECC private key:Used With", "Received KAS-FFC public key | API Input API output | RAM:Plaintext | For a single API call | Procedural | KAS-FFC private key:Used With", "KTS-IFC private key | API Input API output | RAM:Plaintext | For a single API call | Procedural | KTS-IFC public key:Paired WithKTS-IFC public key:Used With", "KTS-IFC public key | API Input API output | RAM:Plaintext | For a single API call | Procedural | KTS-IFC private key:Paired With", "Received KTS-IFC public key | API Input API output | RAM:Plaintext | For a single API call | Procedural | KTS-IFC private key:Used With", "Shared secret | API output | RAM:Plaintext | For a single API call | Procedural | KAS-ECC private key:Derived FromReceived KAS-ECC public key:Derived FromKAS-FFC private key:DerivedFromReceived KAS-FFC public key:Derived From", "Counter DRBG key | RAM:Plaintext | Until finalization of the module | Module:Finalization | Counter DBRG seed:entropy source output:Derived FromCounter DRBG V:Paired With", "Counter DRBG V | RAM:Plaintext | Until finalization of the module | Module:Finalization | Counter DRBG key:Paired With", "Intermediate key generation values | RAM:Plaintext | For a single API call | Module:Automatic | Counter DRBG key:Derived FromEdDSA private keys:GeneratesECDSA public keys:GeneratesRSA private keys:GeneratesRSA public keys:GeneratesECDSA private keys:GeneratesEdDSA public keys:GeneratesKAS-ECC private key:GeneratesKAS-ECC public key:GeneratesKAS-FFC private key:GeneratesKAS-FFC public key:GeneratesKTS-IFC private key:GeneratesKTS-IFC public key:GeneratesCounter DRBG V:Derived From", "Keying material | APIInputAPIoutput | RAM:Plaintext | For a single API call | Procedural | KTS-IFC private key:DecryptsReceived KTS-IFC publickey:Encrypts", "KAS-ECC domain parameters | APIInputAPIoutput | RAM:Plaintext | For a single API call | Procedural | KAS-ECC private key:Used WithKAS-ECC public key:Used WithReceived KAS-ECC publickey:Used With", "KAS-FFC domain parameters | APIInputAPIoutput | RAM:Plaintext | For a single API call | Procedural | KAS-FFC private key:Used WithKAS-FFC public key:Used WithReceived KAS-FFC publickey:Used With", "HMAC-SHA2-256(A5497) | Key length:32 bytes | The integrity of the module binary is tested by computing an HMAC over the entire shared library file.The correct reference value is stored in a separate file with the file extension\"sha256\" | SW/FW Integrity | Return code<0in case of a failure. | The HMAC-SHA2-256 is self-tested using a KAT before this integrity test is performed", "HMAC-SHA2-256(A5497) | Key length:20bytes | KAT | CAST | Returncode<0incase ofafailure. | HMAC generation | Moduleinitialization", "SHAKE-128(A5497) | N/A | KAT | CAST | Returncode<0in | XOF generation | Moduleinitialization", "SHAKE-256(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | XOF generation | Module initialization", "SHA-1(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA2-224(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA2-256(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA2-384(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA2-512(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA3-224(A5497) | N/A | KAT | CAST | Return code<0in case of a failure. | Hash generation | Module initialization", "SHA3-256(A5497) | N/A | KAT | CAST | Return code<0in | Hash generation | Module initialization", "SHA3-384(A5497) | N/A | KAT | CAST | Return code<0in case of a failure | Hash generation | Module initialization", "SHA3-512(A5497) | N/A | KAT | CAST | Return code<0in case of a failure | Hash generation | Module initialization", "DSA SigVer(FIPS186-4)(A5497) | Group:FB(L:2048/N:224) | KAT | CAST | Return code<0in case of a failure | Signature verification using a fixed 32-byte hash | Module initialization", "ECDSA SigGen(FIPS186-5)(A5497) | Curve:P-256 | KAT | CAST | Return code<0in case of a failure | Signature generation using a fixed 32-byte hash | Module initialization", "ECDSA SigVer(FIPS186-5)(A5497) | Curve:P-256 | KAT | CAST | Return code<0in case of a failure | Signature verification using a fixed 32-byte hash | Module initialization", "EDDSA SigGen(A5497) with Edwards25519 | Curve:Edwards25519 | KAT | CAST | Return code<0in case of a failure | Signature generation | Module initialization", "EDDSA SigVer(A5497) with Edwards25519 | Curve:Edwards25519 | KAT | CAST | Return code<0in case of a failure | Signature verification | Module initialization", "EDDSA SigGen(A5497) with Edwards448 | Curve:Edwards448 | KAT | CAST | Return code<0 in case of a failure | Signature generation | Module initialization", "EDDSA SigVer(A5497) with Edwards448 | Curve:Edwards448 | KAT | CAST | Return code<0 in case of a failure | Signature verification | Module initialization", "RSA SigGen(FIPS186-5)(A5497) | Modulus size:2048 bits,Padding:PKCS1-v1.5 | KAT | CAST | Return code<0 in case of a failure | Signature generation using a fixed32-byte hash | Module initialization", "RSA SigVer(FIPS186-5)(A5497) | Modulus size:2048 bits,Padding:PKCS1-v1.5 | KAT | CAST | Return code<0 in case of a failure | Signature verification using a fixed32-byte hash | Module initialization", "KAS-ECC-SSCSp800-56Ar3(A5497) | Curve:P-256 | KAT | CAST | Return code<0 in case of a failure | Shared secret computation with two fixed key pairs | Module initialization", "KAS-FFC-SSCSp800-56Ar3(A5497) | Group:FB(L:2048/N:224)和ffdhe2048 | KAT | CAST | Return code<0 in case of a failure | Shared secret computation with fixed keys(withg^x>p) | Module initialization", "AES-ECB(A5497) | Key length:128,192,and 256bits | KAT | CAST | Return code<0 in case of a failure | Encryption and decryption | Module initialization", "AES-GCM(A5497) | Key length:128bits | KAT | CAST | Return code<0 in case of a failure | Encryption and decryption | Module initialization", "Counter DRBG(A5497) | Key length:256bits | KAT | CAST | Return code<0in case of a failure | Instantiation with fixed entropy input, generation of random bytes with additional input(generated bytes are tested against known answer), reseed with fix entropy input and again generation of random bytes, now without additional input(generated bytes are tested against known answer) | Module initialization", "DSA PQGGen(FIPS186-4)(A5497) | Group:FB(L:2048/N:224) | KAT | CAST | Return code<0in case of a failure | Generation ofp,q,and gwith fixed randomness | Module initialization", "DSA PQGVer(FIPS186-4)(A5497) | Group:FB(L:2048/N:224) | KAT | CAST | Return code<0in case of a failure | Domain parameter validation of fixed, correct parameters | Module initialization", "RSA SigGen和SigVer(FIPS186-5)(A5497) | Padding:PKCS1-v1.5 | PCT | PCT | Return code<0in case of a failure | RSA signature generation and verification ofa random32-byte pseudo-hash | AfterRSA和KTS-IFCkey pair generation和RSA key pair import", "RSA key-pair consistency(SP800-56Br2) | N/A | PCT | PCT | Return code<0in case of a failure | Key-pair consistency checkas specified inSection6.4.1.2.3ofSP800-56Br2 | AfterRSA和KTS-IFCkey pair generation", "ECDSA SigGen和SigVer | N/A | PCT | PCT | Return code<0in case of a failure | ECDSA signature generation and verification ofa random32-byte pseudo-hash | AfterECDSA key pair", "KAS-ECC pairwise consistency(SP 800-56Ar3) | N/A | PCT | PCT | Return code<0in case of a failure | Key-pair consistency check as specified in Section 5.6.2.1.4 of SP 800-56Ar3 | After ECDSA and KAS-ECC key pair generation and import", "EdDSA SigGen and SigVer(FIPS186-5)(A5497) | N/A | PCT | PCT | Return code<0in case of a failure | EdDSA signature generation and verification of a fixed 7-byte message | After EdDSA key pair generation and import", "KAS-FFC pairwise consistency(SP 800-56Ar3) | N/A | PCT | PCT | Return code<0in case of a failure | Key-pair consistency check as specified in Section 5.6.2.1.4 of SP 800-56Ar3 | After KAS-FFC key pair generation and import", "HMAC-SHA2-256(A5497) | The integrity of the module binary is tested | SW/FW Integrity | On demand | Module reinitialization.", "HMAC-SHA2-256(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHAKE-128(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHAKE-256(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA-1(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA2-224(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA2-256(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA2-384(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA2-512(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA3-224(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA3-256(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA3-384(A5497) | KAT | CAST | On demand | Module reinitialization.", "SHA3-512(A5497) | KAT | CAST | On demand | Module reinitialization.", "DSA SigVer(FIPS186-4)(A5497) | KAT | CAST | On demand | Module reinitialization.", "ECDSA SigGen(FIPS186-5)(A5497) | KAT | CAST | On demand | Module reinitialization", "ECDSA SigVer(FIPS186-5)(A5497) | KAT | CAST | On demand | Module reinitialization", "EDDSA SigGen(A5497) with Edwards25519 | KAT | CAST | On demand | Module reinitialization", "EDDSA SigVer(A5497) with Edwards25519 | KAT | CAST | On demand | Module reinitialization", "EDDSA SigGen(A5497) with Edwards448 | KAT | CAST | On demand | Module reinitialization", "EDDSA SigVer(A5497) with Edwards448 | KAT | CAST | On demand | Module reinitialization", "RSA SigGen(FIPS186-5)(A5497) | KAT | CAST | On demand | Module reinitialization", "RSA SigVer(FIPS186-5)(A5497) | KAT | CAST | On demand | Module reinitialization", "KAS-ECC-SSC Sp800-56Ar3(A5497) | KAT | CAST | On demand | Module reinitialization", "KAS-FFC-SSC Sp800-56Ar3(A5497) | KAT | CAST | On demand | Module reinitialization", "AES-ECB(A5497) | KAT | CAST | On demand | Module reinitialization", "AES-GCM(A5497) | KAT | CAST | On demand | Module reinitialization", "Counter DRBG(A5497) | KAT | CAST | On demand | Module reinitialization", "DSA PQGGen(FIPS186-4)(A5497) | KAT | CAST | On demand | Module reinitialization", "DSA PQGVer(FIPS186-4)(A5497) | KAT | CAST | On demand | Module reinitialization", "RSA SigGen and SigVer(FIPS186-5)(A5497) | PCT | PCT | On demand | RSA and KTS-IFC key pair generation and import", "RSA key-pair consistency(SP 800-56Br2) | PCT | PCT | On demand | RSA and KTS-IFC key pair generation", "ECDSA SigGen and SigVer(FIPS186-5)(A5497) | PCT | PCT | On demand | ECDSA key pair generation and import", "KAS-ECC pair-wise consistency(SP800-56Ar3) | PCT | PCT | On demand | ECDSA and KAS-ECC key pair generation and import", "EdDSA SigGen and SigVer(FIPS186-5)(A5497) | PCT | PCT | On demand | EdDSA key pair generation and import", "KAS-FFC pair-wise consistency(SP800-56Ar3) | PCT | PCT | On demand | KAS-FFC key pair generation and import", "Error reading shared library or checksum file | ERR\\_CRYPT\\_CHECKSUMIO", "Package | Shared library file | HMAC file | SHA2-256 checksum", "aix-6.1-ppc-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | D5E4BCO0EB784AE9F0179361B7189B495933ACFFEF50D1789A659E6F5827A364", "aix-7.2-ppc-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 1A5D901BEA61ED1D0BFC138A5BF9698C4C076A88AADAD60AB94506A21062F5C2", "hpux-b.11.31-ia-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 4B55441FA1F732499A20F979A00FEF335C7E252804DFED956356959DF1F1157A", "linux-gcc-11.2-armv8-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 5106BBAA77B89DB6B320CCF46706FF92C D343DD53588AB1D58637D225F6E580D", "linux-gcc-4.3-ia-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 3AFF87073CFC5397525577A3141F160D8A9C08458D5791CB1E01FD73C715040E0", "linux-gcc-4.3-s390x-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | B649BD3CED07C8473F27A102C48A957AD A35399CDDCF239B31D1AEB89F93C865", "linux-gcc-4.3-x86-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | FAEA6FE2320E29990DB52DE893E33D85186E5F3C8DE255510355648E22D5FF", "linux-gcc-4.8-ppcle-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 8DA6D5555B2A0DF40D105662696A4F43A537D2E3E65155F0D3689F80CE1B29", "linux-musl-1.2.4-x86-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 881BF8113DB20671975EF4EBF30957F8D9916526D88A6BC1388AAF3CD2F36E1", "macosx-arm-64 | libslcryptokernel.dylib | libslcryptokernel.dylib.sha256 | DA403272726E62140992D4FDE9D3A9CA557020750F81F45D68E23B9BBC9D8DF7A", "macosx-x86-64 | libslcryptokernel.dylib | libslcryptokernel.dylib.sha25 | FEBD7C3E85E0F0817D6B903835E93060E231368784028CAE2DE8C672076DFDF1", "sunos-5.10-sparc-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | 39653C77CFF17D9EFE61CF6F31F7FB1BAF580DF4D6585CECB68F6853278EDF", "sunos-5.10-x86-64 | libslcryptokernel.so | libslcryptokernel.so.sha256 | F9260FB594EE262247518CFC4C4EDA44E803B5681D7C77042E68FCE47E60392", "windows-x86-64 | slcryptokernel.dll | slcryptokernel.dll.sha256 | 42D88658272851A24510F14316491B08056B421012DF0C13E08A9F39E5AB92A", "Shared library | Read, execute | Read, write, execute", "HMAC file | Read | Read, write" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5092", "Certificate Number": "5092", "Vendor Name": "DataLocker, Inc.", "Module Name": "K350", "Module Type": "Hardware", "Validation Date": "11/12/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5092.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5092", "module_name": "K350", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/11/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The module is an encrypted portable storage device, featuring three crypto processors, which provide layers of cryptographic protection. It requires no additional software or drivers to be installed on the host PC. The module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated encrypted storage.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "SHA", "SHS" ], "algorithms_detailed": [ "AES-CTR | AES 3971 | Key Length - 128,192,256 | SP 800-38A", "AES-GCM | AES 3971 | Direction-Decrypt,Encrypt", "AES-XTS | AES 5695 | Direction - Decrypt, EncryptKey Length-256 | SP 800-38E", "ECDSA KeyGen(FIPS186-5) | A5176 | Curve-P-256Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A5176 | Curve-P-256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5176 | Curve-P-256Hash Algorithm-SHA2-256 | FIPS 186-5", "Hash DRBG | A5176 | Prediction Resistance-NoMode-SHA2-256 | SP 800-90ARev.1", "HMAC-SHA2-256 | HMAC 2589 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5176 | Domain Parameter Generation Methods-P-256Scheme-ephemeralUnified-KAS Role-responder | SP 800-56ARev.3", "KDA OneStep Sp800-56Cr1 | A5176 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:256-2048 Increment8 | SP 800-56CRev.2", "PBKDF | A5176 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:8-64 Increment1 | SP 800-132", "SHA2-256 | SHS 3275 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "SHA2-256 | SHS 3299 | Message Length-Message Length:0-51200Increment8 | FIPS 180-4", "SHA2-256 | SHS 4565 | Message Length-Message Length:8-51200Increment8 | FIPS 180-4", "SHA3-256 | A4438 | Message Length-Message Length:0-65536Increment8 | FIPS 202", "CKG XTS | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H per Section 6.3 approved method1 and Section 4 example 1. Applicable to AES-XTS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5091", "Certificate Number": "5091", "Vendor Name": "DataLocker, Inc.", "Module Name": "DL4FE", "Module Type": "Hardware", "Validation Date": "11/12/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5091.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5091", "module_name": "DL4FE", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/11/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The module is an encrypted portable storage device, featuring three crypto processors, which provide layers of cryptographic protection. It requires no additional software or drivers to be installed on the host PC. The module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated encrypted storage.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "SHA", "SHS" ], "algorithms_detailed": [ "AES-CTR | AES 3971 | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | AES 3971 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38D", "AES-XTS | AES 5695 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "ECDSA KeyGen(FIPS186-5) | A5176 | Curve - P-256Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A5176 | Curve - P-256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5176 | Curve - P-256Hash Algorithm - SHA2-256 | FIPS 186-5", "Hash DRBG | A5176 | Prediction Resistance - NoMode - SHA2-256 | SP 800-90ARev. 1", "HMAC-SHA2-256 | HMAC 2589 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5176 | Domain Parameter Generation Methods - P-256Scheme -ephemeralUnified -KAS Role - responder | SP 800-56ARev. 3", "KDA OneStep Sp800-56Cr1 | A5176 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: 256-2048 Increment 8 | SP 800-56CRev. 2", "PBKDF | A5176 | Iteration Count - Iteration Count: 1000-10000Increment 1Password Length - Password Length: 8-64 Increment1 | SP 800-132", "SHA2-256 | SHS 3275 | Message Length - Message Length: 0-51200Increment 8 | FIPS 180-4", "SHA2-256 | SHS 3299 | Message Length - Message Length: 0-51200Increment 8 | FIPS 180-4", "SHA2-256 | SHS 4565 | Message Length - Message Length: 8-51200Increment 8 | FIPS 180-4", "SHA3-256 | A4438 | Message Length - Message Length: 0-65536Increment 8 | FIPS 202", "CKGXTS | Key Type:Symmetric | N/A | SP 800-133r2 and IG D.H per Section 6.3 approved method1 and Section 4 example 1. Applicable to AES-XTScompliant to IG C.I because Key\\_1 and Key\\_2 areconcatenated prior to usage.", "CSP Decryption | BC-Auth | SymmetricDecryption | Standard:NIST SP800-38D | AES-GCM: (AES3971)Key Type:SymmetricKey Size: 256-bit", "CSP Encryption | BC-Auth | SymmetricEncryption | Standard:NIST SP800-38D | AES-GCM: (AES3971)Key Type:SymmetricKey Size: 256-bit", "DEC | BC-UnAuth | SymmetricDecryption | Standard:FIPS 197 | AES-CTR: (AES3971)Key Size: 256AES-XTS: (AES 5695)Key Size: 256", "DRBG Generate | DRBG | Random NumberGeneration usingHASH\\_DRBG basedon SHA2-256 | Standard:NIST SP800-90A | Hash DRBG:(A5176)Mode: SHA2-256Returned Bits: 256", "EG | ENT-ESV | Entropy Generation | Standard:NIST SP800-90B | SHA3-256: (A4438)Message LengthMax: 65536 bits", "ENC | BC-UnAuth | SymmetricEncryption | Standard:FIPS 197 | AES-CTR: (AES3971)Key Size: 256AES-XTS: (AES 5695)Key Size: 256", "Integrity | SHA | Message Digest | Standard:FIPS 180-4 | SHA2-256: (SHS4565)Message LengthMax: 51200 bits", "KAS | KAS-Full | Key Agreement forestablishing securesession | IG:IG D.F Scenario2, path 2, splitKeyconfirmation:NoKey derivation:KDA(separately tested)Caveat:Keyestablishmentmethodologyprovides 128 bits ofsecurity strength | KAS-ECC-SSC Sp800-56Ar3: (A5176)Scheme: EphemeralUnifiedCurve: P-256KDA OneStepSp800-56Cr1:(A5176)Derived Key Length:2048", "KAS-KG | CKGKAS-KeyGen | Asymmetric keygeneration duringKAS | Standard:NIST SP800-56Ar3 | ECDSA KeyGen(FIPS186-5):(A5176)Curve: P-256CKG: ()Key Type:Symmetric andAsymmetric", "PBKDF | PBKDF | Password Based KeyDerivation Option1a | Standard:NIST SP800-132 | PBKDF: (A5176)Salt Length: 256 bitsPassword Length: 8- 64 bytesHMAC-SHA2-256:(HMAC 2589)SHA2-256: (SHS3275)", "PKV | AsymKeyPair-PubKeyVal | Public keyvalidation | Standards:NIST SP800-56Ar3, FIPS186-5 | ECDSA KeyVer(FIPS186-5):(A5176)Curve: P-256", "SigVer | DigSig-SigVer | SignatureVerification | Standard:FIPS 186-4 | ECDSA SigVer(FIPS186-5):(A5176)Curves: P-256SHA2-256: (SHS3299)Message LengthMax: 51200 bits", "SymKG | CKG | Symmetric KeyGeneration | Standard:NIST SP800-133r2 | CKG XTS: ()Key Type:SymmetricHash DRBG:(A5176)", "DataLockerJENT | Non-Physical | STMicroelectronicsSTM32L452ve | 256bits | Fullentropy | SHA3-256 Cert.#A4438", "CreateSecondaryAccount | CreateSecondary COStandardaccount | Successfulservicecompletion | Password | Status | ENCDECSymKGDRBGGenerateCSPEncryption | Crypto Officer(CO) Admin- System BaseKey (SBK): E- Passphrase: W- DRBG-State:G,E- Key EncryptionKey (KEK): G,E- Data", "Reset | Soft Reset. Theequivalent ofpower cycling | Successfulservicecompletion. | None | None | None | Crypto Officer(CO) Admin- Key EncryptionKey (KEK): Z- SessionEncryption Key(SEK): Z- KAS-ECC PrivateKey (KAS-pr): Z- KAS-ECC PublicKey (KAS-pub): Z- KAS-ECC PeerPublic Key (KAS-peer-pub): ZCrypto Officer(CO) Standard- Key EncryptionKey (KEK): Z- SessionEncryption Key(SEK): Z- KAS-ECC PrivateKey (KAS-pr): Z- KAS-ECC PublicKey (KAS-pub): Z- KAS-ECC PeerPublic Key (KAS-peer-pub):Z", "SecureChannel | Establish anAES-CTRencryptedsecure channelwith Host PC | Successfulservicecompletion. | None | Status | PKVENCDECDRBGGenerateKAS-KGKAS | Crypto Officer(CO) Admin- DRBG-State: E- System BaseKey (SBK): E- SessionEncryption Key(SEK): G,E- KAS-ECC PrivateKey (KAS-pr): G,E- KAS-ECC PublicKey (KAS-pub):G,E,R- KAS-ECC Peer", "Self-Destruct | The modulemay beconfigured toeither destroydevice (DEK andfirmware aredestroyed) ordestroy dataonly (DEK isdestroyed anddata is lost) | Successfulservicecompletion. | None | None | None | Crypto Officer(CO) Admin- DRBG-State: Z- DataEncryption Key(DEK): ZCrypto Officer(CO) Standard- DRBG-State: Z- DataEncryption Key(DEK): Z", "SilentKill | Destroys allcopies of theDEK, invalidatespassphrases,and generates anew DEK | Successfulservicecompletion. | Silent Kill code | Status | ENCDECSymKGDRBGGenerateEGPBKDF | Crypto Officer(CO) Admin- DRBG-EI: G,E- DRBG-State:G,E,Z- Passphrase:W,E- Key EncryptionKey (KEK): G,E- DataEncryption Key(DEK): G,Z- System BaseKey (SBK): ECrypto Officer(CO) Standard- DRBG-EI: G,E- DRBG-State:G,E,Z- Passphrase:W,E- Key EncryptionKey (KEK): G,E- DataEncryption Key(DEK): G,Z- System BaseKey (SBK): E", "ZeroizeDrive | Destroys allcopies of theDEK, invalidatespassphrases,and generates anew DEK. If thecommand isreceived via theSDK, then themodule may beconfigured todestroy deviceinstead (DEK | Successfulservicecompletion | None | Status | ENCDECSymKGDRBGGenerateEG | Crypto Officer(CO) Admin- DRBG-State:G,E,Z- Passphrase:G,E,Z- Key EncryptionKey (KEK): Z- DataEncryption Key(DEK): G,E,Z- KAS-ECC PrivateKey (KAS-pr): Z- Session", "Flash(Encrypted) | Encrypted with the KEK in the ARM Cortex secure flash along with a SHA2-256hash | Static", "I1 | Outside the module | RAM | Plaintext | Manual | Direct | PBKDF (A5176)", "12 | Outside the module | RAM | Plaintext | Automated | Electronic | KAS", "O1 | RAM | Outside the module | Plaintext | Automated | Electronic | KAS", "DRBG-EI | DRBG entropy input to the Hash\\_DRBG. | 512 bits - 512 | ESV - CSP | EG | DRBGGenerate", "DRBG-State | Hash\\_DRBG internal state secrets, namely V and C. | 994 - 256 | DRBG - CSP | Hash DRBG(A5176) | DRBGGenerate", "FW-Load-Pub | ECDSA P-256 Public Key for firmware integrity andupgrade signature verification. Also used to verifybootloader integrity. | P-256 - 128 | ECDSA - PSP | Externally | SigVer", "KAS-ECC PeerPublic Key (KAS-peer-pub) | ECC P-256 key used to establish the SessionEncryption Key | P-256 - 128 | ECDSA - PSP | Externally | KAS", "KAS-ECC PrivateKey (KAS-pr) | ECC key used to establish the Session EncryptionKey. | P-256 - 128 | KAS - CSP | KAS-KG | KAS", "KAS-ECC Public Key(KAS-pub) | ECC P-256 key used to establish the SessionEncryption Key. | P-256 - 128 | ECDSA - PSP | KAS-KG | KAS", "Key Encryption Key(KEK) | Key derived from the passphrase using PBKDF2. TheKey Encryption Key is used to encrypt the DataEncryption Key. | 256 - NA | Symmetric - CSP | PBKDF | CSPDecryptionCSPEncryption", "Passphrase | Operator authentication passphrase | 8-64characters -Varies | Authentication -CSP | Externally | PBKDF", "Session EncryptionKey (SEK) | Symmetric key is established by KAS-ECC and usedfor encryption of the USB session with the clientapplication | 256 - 128 | Symmetric - CSP | KAS | DECENC", "Shared Secret (Z) | The shared secret calculated per NIST SP800-56A-rev3. Used as input to the SP800-56C-rev1 KDA toestablish the Session Encryption Key. | 256 bit - 128 | Shared Secret -CSP | KAS | KAS", "VCD-Load-Pub | ECDSA P-256 Public Key for update of the VirtualCD-ROM contents (operator data stored in arestricted volume). | P-256 - 128 | ECDSA - PSP | Externally | SigVer", "DRBG-EI | RAM:Plaintext | Persists only for the lie f theDRBG instantiation process | Z1 | DRBG-State:Derives", "DRBG-State | RAM:Plaintext | Until use | Z2Z3 | DRBG-El:Derived From", "KAS-ECC Peer Public Key(KAS-peer-pub) | I2 | RAM:Plaintext | Until use | Z1Z2Z3 | Shared Secret (Z):Derives", "KAS-ECC Private Key(KAS-pr) | RAM:Plaintext | Until Use | Z1Z2Z3 | KAS-ECC Public Key (KAS-pub):PairedWithDRBG-State:Generated fromShared Secret (Z):Derives", "KAS-ECC Public Key (KAS-pub) | 01 | RAM:Plaintext | Until use | z2Z3 | KAS-ECC Private Key (KAS-pr):PairedWithDRBG-State:Generated from", "Session Encryption Key(SEK) | RAM:Plaintext | Until use | Z1Z2Z3 | Shared Secret (Z):Derived From", "Shared Secret (Z) | RAM:Plaintext | Until Use | Zz2Z3 | Session Encryption Key (SEK):DerivesKAS-ECC Peer Public Key (KAS-peer-pub):Derived FromKAS-ECC Private Key (KAS-pr):DerivedFrom", "System Base Key (SBK) | Flash(Plaintext):Plaintext | Until use | Z1Z2Z3 | DRBG-State:Generated from", "FirmwareIntegrity ofBootloader | ECDSA (Cert.#A5176) P-256 | ECDSASignatureVerification | SW/FWIntegrity | Success: No ErrorCode; Failure:Error Code | ECDSA P-256 DigitalSignatureVerification", "FirmwareIntegrity ofFirmware | ECDSA (Cert.#A5176) P-256 | ECDSASignatureVerification | SW/FWIntegrity | Success: No ErrorCode; Failure:Error Code | ECDSA P-256 DigitalSignatureVerification", "AES-CTREncrypt (AES3971) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Encrypt KAT | Power-up,Periodically& on-demand", "AES-CTRDecrypt (AES3971) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Decrypt KAT | Power-up,Periodically& on-demand", "AES-GCMEncrypt (AES3971) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Encrypt KAT | Power-up,Periodically& on-demand", "AES-GCMDecrypt (AES3971) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Decrypt KAT | Power-up,Periodically& on-demand", "AES-XTSEncrypt (AES5695) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Encrypt KAT | Power-up,Periodically& on-demand", "AES-XTSDecrypt (AES5695) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | Decrypt KAT | Power-up,Periodically& on-demand", "ECDSA SigVer(FIPS186-5)(A5176) | P-256 | KAT | CAST | Success: NoError Code;Failure:Error Code | ECDSA SignatureVerification KAT | Power-up,Periodically& on-demand", "Hash DRBG(A5176) | Instantiate,Generate,and Reseed | KAT | CAST | Success: NoError Code;Failure:Error Code | Performs a fixedinput KAT and all SP800-90A health testmonitoring functions | Power-up,Periodically& on-demand", "KAS-ECC-SSCSp800-56Ar3(A5176) | P-256 | KAT | CAST | Success: NoError Code;Failure:Error Code | KAS-ECC SharedSecret ComputationKAT per IG D.F | Power-up,Periodically& on-demand", "KDA OneStepSp800-56Cr1(A5176) | 256-bit | KAT | CAST | Success: NoError Code;Failure:Error Code | KDA KAT | Power-up,Periodically& on-demand", "PBKDF(A5176) | Salt: 256-bits | KAT | CAST | Success: NoError Code;Failure:Error Code | PBKDF KAT, whichalso satisfies HMACSHA2-256 KAT | Power-up,Periodically& on-demand", "SHA2-256(SHS 3275) | N/A | KAT | CAST | Success: NoError Code;Failure:Error Code | SHA2-256 KAT | Power-up,Periodically& on-demand", "SHA2-256(SHS 3299) | N/A | KAT | CAST | Success: NoError Code;Failure:Error Code | SHA2-256 KAT | Power-up,Periodically& on-demand", "SHA2-256(SHS 4565) | N/A | KAT | CAST | Success: NoError Code; | SHA2-256 KAT | Power-up,Periodically", "SHA3-256(A4438) | N/A | KAT | CAST | Success: NoError Code;Failure:Error Code | SHA3-256 KAT | Power-up,Periodically& on-demand", "AES-XTS Key1Key2 Check | N/A | N/A | CriticalFunction | Success: NoError Code;Failure:Error Code | Occurs anytime themodule generatesthe DEK. Per IG C.Ithis check explicitlythat Key\\_1 andKey\\_2 are distinct. | AES-XTS KeyGeneration", "FirmwareLoad Test | ECDSA P-256 | DigitalSignatureVerification | SW/FWLoad | Success: NoError Code;Failure:Error Code | Firmware load testoccurs during'Firmware Update'service. | DuringFirmwareUpdates", "Public KeyValidation | P-256 | N/A | CriticalFunction | Success: NoError Code;Failure:Error Code | Occurs during KASupon receipt of theconnected hostapplication publickey (KAS-ECC PeerPublic Key). | During keyagreement", "ECC CDH PairWiseConsistencyTest | P-256 | PCT | PCT | Success: NoError Code;Failure:Error Code | Occurs during KASupon the generationof the KAS-ECCprivate and publickeypair. | During keyagreement", "Firmware Integrityof Bootloader | ECDSA SignatureVerification | SW/FW Integrity | Every Power-On | Automaticinvocation of self-test service", "Firmware Integrityof Firmware | ECDSA SignatureVerification | SW/FW Integrity | Every Power-On | Automaticinvocation of self-test service", "AES-CTR Encrypt(AES 3971) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-CTR Decrypt(AES 3971) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-GCM Encrypt(AES 3971) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-GCM Decrypt(AES 3971) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-XTS Encrypt(AES 5695) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-XTS Decrypt(AES 5695) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "ECDSA SigVer(FIPS186-5) (A5176) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "Hash DRBG (A5176) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "KAS-ECC-SSC Sp800-56Ar3 (A5176) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "KDA OneStepSp800-56Cr1(A5176) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "PBKDF (A5176) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "SHA2-256 (SHS3275) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "SHA2-256 (SHS3299) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "SHA2-256 (SHS4565) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "SHA3-256 (A4438) | KAT | CAST | 24 hours | Automaticinvocation of self-test service", "AES-XTS Key1 Key2Check | N/A | Critical Function | N/A | N/A" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5090", "Certificate Number": "5090", "Vendor Name": "Ezurio", "Module Name": "Summit Linux FIPS Core Crypto Module", "Module Type": "Firmware-hybrid", "Validation Date": "11/12/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5090.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5090", "module_name": "Summit Linux FIPS Core Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/11/2030", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11.1 of the Security Policy; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Summit FIPS Core Crypto Module is defined as a Firmware-Hybrid, running on Ezurio's System on Module (SoM) and wireless bridge.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4712 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A4716 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A4719 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A4721 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A5004 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A5004 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4714 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4718 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4720 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4722 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A5004 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4712 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A4716 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A4719 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A4721 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CCM | A5004 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4724 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4724 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A4712 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "AES-CMAC | A4716 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A4719 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A4721 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CMAC | A5004 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4712 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4716 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4719 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4721 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4711 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4712 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4715 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4716 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4717 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4719 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4721 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5019 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4712 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A4715 | Direction - Decrypt, Encrypt | IV Generation - External | SP 800-38D | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256", "AES-GCM | A4717 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A4719 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A4721 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A5008 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4712 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4719 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4721 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5008 | Direction - Decrypt, Encrypt | IV Generation - External | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4723 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-OFB | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "AES-XTS | Testing Revision | 2.0 | A4712 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing Revision | 2.0 | A4716 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing Revision | 2.0 | A4719 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing Revision | 2.0 | A4721 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "AES-XTS | Testing Revision | 2.0 | A5004 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A4711 | Prediction Resistance - No, Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "Counter DRBG | A4712 | Prediction Resistance - No, Yes", "Counter DRBG | A4715 | Prediction Resistance - No, Yes", "Counter DRBG | A4717 | Prediction Resistance - No, Yes", "Counter DRBG | A4719 | Prediction Resistance - No, Yes", "Counter DRBG | A4721 | Prediction Resistance - No, Yes", "Counter DRBG | A5015 | Prediction Resistance - No, Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "ECDSA KeyGen | (FIPS186-5) | A4711 | Curve - P-256, P-384 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyGen | (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 | Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer | (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "ECDSA SigGen | (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-", "512, SHA2-512/224, SHA2-512/256 | Component - No | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A5020 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Component - No | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A5018 | Curve - P-224, P-256, P-384, P-521", "512, SHA2-512/224, SHA2-512/256 | FIPS 186-5", "ECDSA SigVer | (FIPS186-5) | A5020 | Curve - P-224, P-256, P-384, P-521", "Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5", "EDDSA KeyGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigVer | A5016 | Curve - ED-25519, ED-448 | FIPS 186-5", "Hash DRBG | A5015 | Prediction Resistance - No, Yes", "Mode - SHA-1, SHA2-256, SHA2-512 | SP 800-90A | Rev. 1", "HMAC DRBG | A5015 | Prediction Resistance - No, Yes", "HMAC-SHA-1 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 224 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 256 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 384 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "HMAC-SHA2- | 384 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4711 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4712 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A4716 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/224 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2- | 512/256 | A5018 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 224 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 256 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 384 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A4713 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3- | 512 | A5020 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4711 | Domain Parameter Generation Methods - P-256, P-384 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-ECC-SSC | Sp800-56Ar3 | A5018 | Domain Parameter Generation Methods - P-224, P-256, P-384, | P-521 | Scheme - | ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A5014 | Domain Parameter Generation Methods - ffdhe2048, | ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, | MODP-3072, MODP-4096, MODP-6144, MODP-8192 | Scheme - | SP 800-56A | Rev. 3 | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert | dhEphem - | KAS Role - initiator, responder", "KAS-IFC-SSC | A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - | KAS1 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF | Sp800-56Cr1 | A5013 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-2048 | Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384,", "SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-", "256, SHA3-384, SHA3-512 | SP 800-56C | Rev. 2", "KDA OneStep | SP800-56Cr2 | A5012 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-2048 | Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep | SP800-56Cr2 | A5012 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-2048 | Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.42", "(CVL) | A5018", "KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384,", "SHA2-512, SHA2-512/224, SHA2-512/256 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "(CVL) | A5020", "Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "KDF ANS 9.63", "512, SHA2-512/224, SHA2-512/256 | Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 | Rev. 1", "KDF KMAC | Sp800-108r1 | A5017 | Derived Key Length - Derived Key Length: 112-4096 | Increment 8 | SP 800-108 | Rev. 1", "KDF SP800-108 | A5017", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 112, 128, 776, 3456, | 4096 | SP 800-108 | Rev. 1", "KDF SSH (CVL) | A5019", "Cipher - AES-128, AES-192, AES-256, TDES", "Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "KDF TLS (CVL) | A5018", "TLS Version - v1.0/1.1 | SP 800-135 | Rev. 1 | KMAC-128 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert | KMAC-256 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "KTS-IFC | A5018 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1- | prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme -", "KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 768 | SP 800-56B | Rev. 2", "PBKDF | A5018 | Iteration Count - Iteration Count: 1000-10000 Increment 1 | Password Length - Password Length: 14-128 Increment 1 | SP 800-132", "PBKDF | A5020 | Iteration Count - Iteration Count: 1000-10000 Increment 1 | Password Length - Password Length: 14-128 Increment 1 | SP 800-132", "RSA KeyGen | (FIPS186-5) | A5018 | Key Generation Mode - probableWithProbableAux | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5", "RSA SigGen | (FIPS186-5) | A5018 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer | (FIPS186-5) | A5018 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Safe Primes Key | Generation | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- | 4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3 | Safe Primes Key | Verification | A5014 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- | 4096, MODP-6144, MODP-8192 | SP 800-56A | Rev. 3", "SHA-1 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4711 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4712 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4 | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "SHA2-512 | A4716 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512/224 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512/256 | A5018 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA3-224 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-224 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-256 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-256 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-384 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-384 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-512 | A4713 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHA3-512 | A5020 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 202", "SHAKE-128 | A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A5020 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TLS v1.2 KDF", "RFC7627 (CVL) | A5018", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF", "(CVL) | A5013 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1 | Name | Implementation | Asymmetric keygen (CKG) | Type:asymmetric | N/A | Section 4 example 1 per SP 800-133rev2 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "FIPS provider PBKDF with salt length less than 128 bits | © 2025 Ezurio / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Use and Function", "FIPS provider TLSv1.0 and TLSv1.1 KDF using EMS", "FIPS provider TLSv1.2 KDF without using EMS", "FIPS provider AES GCM using externally generated IV | Encryption/Decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5089", "Certificate Number": "5089", "Vendor Name": "Red Hat, Inc.", "Module Name": "Red Hat Enterprise Linux 8 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "11/04/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5089.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5089", "module_name": "Red Hat Enterprise Linux 8 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/3/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 8 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5720 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5726 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A5729 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A5723 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A5733 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A5720 | KeyLength-128,192,256 | SP800-38C", "AES-CCM | A5729 | KeyLength-128,192,256 | SP800-38C", "AES-CFB128 | A5722 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A5732 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A5720 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CMAC | A5729 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A5720 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5726 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CTR | A5729 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5720 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5724 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5725 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5726 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5727 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5728 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5729 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5730 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5731 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A5720 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5724 | Direction-EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5725 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5726 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5727 | Direction-EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5728 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A5729 | Direction-Decrypt,EncryptIV Generation-External | SP 800-38D", "AES-GCM | A5730 | Direction-EncryptIV Generation-InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "AES-GCM | A5731 | Direction-Decrypt,EncryptIV Generation-ExternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5720 | Direction-Decrypt,EncryptIV Generation-ExternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "AES-GMAC | A5729 | Direction-Decrypt,EncryptIV Generation-ExternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "AES-XTS TestingRevision2.0 | A5720 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "AES-XTS TestingRevision2.0 | A5726 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "AES-XTS TestingRevision2.0 | A5729 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "Counter DRBG | A5720 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5724 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5725 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5726 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5727 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5728 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5729 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5730 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "Counter DRBG | A5731 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Hash DRBG | A5720 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5724 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5725 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5726 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5727 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5728 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5729 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5730 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5731 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5734 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5735 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "Hash DRBG | A5736 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5720 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5724 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5725 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A5726 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5727 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5728 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5729 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5730 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5731 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5734 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5735 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A5736 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA-1 | A5720 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5734 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5735 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA-1 | A5736 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5720 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5734 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5735 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5736 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5720 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5734 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5735 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5736 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5720 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5734 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5735 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5736 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5720 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5734 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5735 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5736 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5721 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5721 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5721 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5721 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "RSA SigVer(FIPS186-5) | A5720 | Signature Type-PKCS 1.5 Modulo-3072 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5734 | Signature Type-PKCS 1.5 Modulo-3072 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5735 | Signature Type-PKCS 1.5 Modulo-3072 | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5736 | Signature Type-PKCS 1.5 Modulo-3072 | FIPS 186-5", "SHA-1 | A5720 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA-1 | A5734 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA-1 | A5735 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA-1 | A5736 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A5720 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A5734 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-224 | A5735 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-224 | A5736 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-256 | A5720 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-256 | A5734 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-256 | A5735 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-256 | A5736 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-384 | A5720 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-384 | A5734 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-384 | A5735 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-384 | A5736 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-512 | A5720 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-512 | A5734 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-512 | A5735 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA2-512 | A5736 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 180-4", "SHA3-224 | A5721 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes -1,2 | FIPS 202", "SHA3-256 | A5721 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A5721 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A5721 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2 | FIPS 202", "Encryption with AES | BC-UnAuth | Encrypt a plaintext with AES | Key size(s):128,192,256 bits(XTS mode 128 and 256 bits only) | AES-CBC:(A5720,A5726,A5729)AES-CBC-CS3:(A5723,A5733)AES-CFB128:(A5722,A5732)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5088", "Certificate Number": "5088", "Vendor Name": "IBM(R) Corporation", "Module Name": "IBM® NVMe FlashCore™ Module 3", "Module Type": "Hardware", "Validation Date": "11/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5088.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5088", "module_name": "IBM® NVMe FlashCore™ Module 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/2/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The IBM(R) NVMe FlashCore(TM) Module 3 is a NVMe-connected self-encrypting non-volatile storage module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5087", "Certificate Number": "5087", "Vendor Name": "Google, LLC.", "Module Name": "OpenSK Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5087.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5087", "module_name": "OpenSK Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/22/2030", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Implemented with Google's \"Titan\" secure microcontroller and custom firmware, the OpenSK Cryptographic Module is a FIPS-compliant Universal 2nd Factor (U2F) authenticator and hardware root of trust.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5101 | - | SP 800-38A", "AES-ECB | A5101 | - | SP 800-38A", "ECDSA KeyGen(FIPS186-4) | A5101 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5101 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5101 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5101 | - | FIPS 186-4", "HMAC DRBG | A5101 | - | SP 800-90A Rev.1", "HMAC-SHA2-256 | A2352 | - | FIPS 198-1", "HMAC-SHA2-256 | A5101 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5101 | - | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A5101 | - | SP 800-56C Rev.2", "SHA2-256 | A2352 | - | FIPS 180-4", "SHA2-256 | A5101 | - | FIPS 180-4", "KDF | KDF:Asymmetric Key Derivation Method | Titan OpenSK Gnubby cryptographic library | N/A" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5086", "Certificate Number": "5086", "Vendor Name": "Hitachi Vantara, Ltd.", "Module Name": "Hitachi Embedded Storage Manager Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "10/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5086.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5086", "module_name": "Hitachi Embedded Storage Manager Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/22/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Embedded", "description": "Hitachi Embedded Storage Manager Kernel Crypto API Cryptographic Module provides cryptographic services for Hitachi Virtual Storage Platform (VSP).", "detail_available": true, "algorithms": [ "AES", "HMAC", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5827,A5828,A5829,A5830,A5831,A5834 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5827,A5828,A5829,A5830,A5831,A5833 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A5827,A5828,A5829,A5830,A5831,A5833 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A5827,A5828,A5829,A5830,A5831,A5834 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5827,A5828,A5829,A5830,A5831,A5834 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-KW | A5827,A5828,A5830,A5831 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-XTS TestingRevision2.0 | A5827,A5828,A5829,A5830,A5831,A5834 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "HMAC-SHA-1 | A5830,A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A5828,A5830,A5831,A5833 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A5828,A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A5828,A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA3-256 | A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA3-384 | A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA3-512 | A5831 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "SHA-1 | A5830,A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS180-4", "SHA2-256 | A5828,A5830,A5831,A5832,A5833 | Message Length-MessageLength:0-65536Increment8 | FIPS180-4", "SHA2-384 | A5828,A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS180-4", "SHA2-512 | A5828,A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS180-4", "SHA3-256 | A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS202", "SHA3-384 | A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS202", "SHA3-512 | A5831 | Message Length-MessageLength:0-65536Increment8 | FIPS202", "RSA-sigGen(pkcs1pad(rsa-generic,sha256/sha384/sha512)) | Used for RSA signature generation.", "RSA-sigVer(pkcs1pad(rsa-generic,sha256/sha384/sha512)) | Used for RSA signature verification.", "RSA-signaturePrimitive(rsa-generic) | Used for RSA signature primitive operation.", "RSA-decryptionPrimitive(rsa-generic) | Used for RSA decrypt primitive operation." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5085", "Certificate Number": "5085", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Turin\")", "Module Type": "Hardware", "Validation Date": "10/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5085.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5085", "module_name": "AMD ASP Cryptographic CoProcessor (\"Turin\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/21/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The AMD ASP Cryptographic CoProcessor cryptographic module defined as a sub-chip hardware module in a single chip embodiment, with hardware and firmware components implementing general purpose cryptographic algorithms.", "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A5794 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A5794 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A5794 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5794 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A | AMD ASP Cryptographic CoProcessor (\"Turin\") | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "AES-ECB | A5795 | Direction - Encrypt | Key Length - 256 | SP 800-38A | Conditioning", "Component AES-CBC- | MAC SP800-90B | A5337 | Key Length - 256 | SP 800-90B", "Counter DRBG | A5795 | Prediction Resistance - No", "Mode - AES-256 | Derivation Function Enabled - No | SP 800-90A | Rev. 1", "ECDSA KeyGen | (FIPS186-5) | A5794 | Curve - P-384 | Secret Generation Mode - extra bits | FIPS 186-5", "ECDSA SigGen | (FIPS186-5) | A5794 | Curve - P-384", "Hash Algorithm - SHA2-224, SHA2-", "256, SHA2-384, SHA2-512, SHA3-224,", "SHA3-256, SHA3-384, SHA3-512 | Component - No | FIPS 186-5", "ECDSA SigVer | (FIPS186-4) | A5794 | Component - No | Curve - P-384", "Hash Algorithm - SHA-1 | FIPS 186-4", "ECDSA SigVer | (FIPS186-5) | A5794 | Curve - P-384", "SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5", "HMAC-SHA-1 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5794 | Key Length - Key Length: 112-524288 | Increment 8 | FIPS 198-1", "KDF SP800-108 | A5794", "KDF Mode - Counter | Supported Lengths - Supported | Lengths: 112-4096 Increment 8 | SP 800-108 | Rev. 1", "RSA KeyGen (FIPS186- | 5) | A5794 | Key Generation Mode - probable | Modulo - 2048, 3072, 4096 | Primality Tests - 2powSecStr | Private Key Format - standard | FIPS 186-5 | AMD ASP Cryptographic CoProcessor (\"Turin\") | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | CAVP | Cert", "RSA SigGen (FIPS186- | 5) | A5794 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "RSA SigVer (FIPS186-2) | A5794 | Signature Type - PKCSPSS | Modulo - 1536 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A5794 | Signature Type - PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A5794 | Modulo - 2048, 3072, 4096 | Signature Type - pss | FIPS 186-5", "SHA-1 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 180-4", "SHA2-224 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 180-4", "SHA2-256 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 180-4", "SHA2-384 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 180-4", "SHA2-512 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 180-4", "SHA3-224 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 202", "SHA3-256 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 202", "SHA3-384 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 202", "SHA3-512 | A5794 | Message Length - Message Length: 0- | 65536 Increment 8 | FIPS 202", "SHAKE-128 | A5794 | Output Length - Output Length: 1344 | FIPS 202", "SHAKE-256 | A5794 | Output Length - Output Length: 1088 | FIPS 202 | Name | Implementation Reference | CKG | (asymmetric) | Key | Type:Asymmetric | N/A | SP 800-133r2, Section 4, | example 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | Name | Caveat | Use and | Function | RTL key de- | obfuscation | When used to de-obfuscate data using the weak | RTL key | De- | obfuscation | Non-Approved, Not Allowed Algorithms: | AMD ASP Cryptographic CoProcessor (\"Turin\") | FIPS 140-3 Non-Proprietary Security Policy | © 2025 Advanced Micro Devices (AMD), atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | Name | Use and Function", "HMAC with key | lengths less than | 112 bits | Deterministic", "ECDSA key pair | generation | Key pair generation", "Deterministic RSA | key pair generation | Key pair generation", "ECDSA (pre-hashed | message) | Signature generation, Signature verification", "ECDSA with SHA-1 | Signature generation", "RSA with 1024 or | 1536 bits modulus | Key pair generation, Signature generation", "RSA (pre-hashed | message) | Signature generation, Signature verification", "RSA with SHA-1 | Signature generation", "SHA-384 with non- | standard initial hash | value | PCR-based memory measurement | CCP_HAL algorithm", "Message digest (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512), XOF (SHAKE128,", "SHAKE256), encryption, decryption (AES ECB, CBC, OFB, CFB, CTR,", "GCTR, IAPM, XTS), message authentication (AES CMAC) | SIB_HAL algorithm | Random number generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5084", "Certificate Number": "5084", "Vendor Name": "Cloudera, Inc.", "Module Name": "Cloudera Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "10/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5084.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5084", "module_name": "Cloudera Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cloudera Cryptographic Module for Java is a FIPS 140-3 Validated Cryptographic provider for use with Cloudera products. The module delivers core cryptographic functions to Cloudera products and features robust algorithm support.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "HMAC | A6047 | SHA sizes: SHA-1, SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between112 and256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between112 and200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between112和152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMAC SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,One Step | A6047 | PRFs:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA,Two Step | A6047 | PRFs:HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF,using Pseudorandom Functions^{7}$ | A6047 | Modes:Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | SSH KDFAES:128SHA sizes: SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA6047 | TLS 1.2 KDFSHA sizes: SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwith Option1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-4,ANSI X9.31-1998\\] | Signature Generation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS andPKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1v2.1(PSSandPKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1v2.1(PSSandPKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5083", "Certificate Number": "5083", "Vendor Name": "CGI Federal Inc.", "Module Name": "CGI Momentum™ Java Cryptographic Module", "Module Type": "Software", "Validation Date": "10/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5083.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5083", "module_name": "CGI Momentum™ Java Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "CGI Momentum™ Java Cryptographic Module is a standards-based cryptographic engine for native Java environments. CGI Momentum™ product suite uses this module as Java JCA/JCE provider thus providing data at rest encryption, transport level encryption, PKI key management, digital signature generation and other crypto operations through a trusted and verified implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS 197,SP 800-38A\\],AES FF1 Format Preserving Encryption\\[SP 800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256 bits | \\[Addendum to SP 800-38A,Oct 2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping Using AES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing 128,192 or 256 bits of encryption strength) | \\[SP 800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES 128,AES 192,AES 256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,k-233,k-283,k-409,k-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA-324,SHA-3256,SHA-384,SHA-3512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA-324,HMAC-SHA-3256,HMAC-SHA-384,HMAC-SHA-3512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA-324,HMAC-SHA-3256,HMAC-SHA-384,HMAC-SHA-3512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-324,SHA-3256,SHA-384,SHA-3512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific8 | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVLA6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVLA6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant $ ^{15} $) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant $ ^{16} $) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5082", "Certificate Number": "5082", "Vendor Name": "Arctera US LLC", "Module Name": "Arctera Cryptographic Module for Java", "Module Type": "Software", "Validation Date": "10/21/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5082.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5082", "module_name": "Arctera Cryptographic Module for Java", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Arctera Cryptographic Module for Java delivers core cryptographic functions for use in Arctera products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providing between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/SHA-512/SHA-512/SHA-512/SHA-384,SHA-352,SHA-384,SHA-352,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/SHA-512/SHA-512/SHA-384,HMAC-SHA-384,HMAC-SHA-384,SHA-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/SHA-512/SHA-512/SHA-512/SHA-384,HMAC-SHA-384,HMAC-SHA-384,SHA-128,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-324,SHA-324,SHA-325,SHA-384,SHA-352 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific$^8$ | CVLA6047 | ANSI X9.63 KDFSHA sizes: SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, Existing Application-Specific$^8$ | CVLA6047 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS#1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from aDRBG:Section5.1(Asymmetric seeds from DRBG)Section6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant10) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant11) | non-compliant key agreement methods", "DSA(non-compliant12) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant13) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5081", "Certificate Number": "5081", "Vendor Name": "Gigamon Inc.", "Module Name": "SL-FJA3 (SafeLogic FIPS Java API)", "Module Type": "Software", "Validation Date": "10/21/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5081.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5081", "module_name": "SL-FJA3 (SafeLogic FIPS Java API)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Gigamon's SL-FJA3 (SafeLogic FIPS Java API) is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "KAS-ECC6 | A6047 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between 112 and 256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A6047 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified aboveproviding between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A6047 | RSASVE with,and without,keyconfirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A6047 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, One Step | A6047 | PRFs: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDA, Two Step | A6047 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, usingPseudorandomFunctions^{7}$ | A6047 | Modes: Counter Mode,Feedback Mode,Double-Pipeline IterationModeTypes:CMAC-basedKBKDFwithAES(128,192,256)HMAC-basedKBKDFwithSHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-322,SHA3-256,SHA3-384,SHA3-512 | \\[SP 800-108\\] | Key Derivation", "KDF, ExistingApplication-Specific$^8$ | CVL A6047 | ANSI X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be usedalong withKAS-SSC", "KDF, ExistingApplication-Specific$^8$ | CVL A6047 | IKEv2 KDFSHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific8 | CVLA6047 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A6047 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096providing between112and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A6047 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-5,PKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998\\] | SignatureGeneration", "RSA | A6047 | Key sizes:2048,3072,4096 | \\[FIPS 186-5,PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,2048,3072,4096^{9}$ | \\[FIPS 186-4,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA | A6047 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS 186-2,ANSI X9.31-1998 and PKCS #1 v2.1(PSS and PKCS1.5)\\] | Signature Verification", "RSA Decryption Primitive | CVL A6047 | Key size:2048 | \\[SP 800-56Br2\\] | Component Test", "RSA Signature Primitive | CVL A6047 | Key size:2048 | \\[FIPS 186-4\\] | Component Test", "SHA-3,SHAKE | A6047 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHA-3 Derived Functions | A6047 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "SHS | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | Digital Signature Generation,Digital Signature Verification,non-Digital Signature Applications", "CKG | Used for the generation of symmetric keys and asymmetric seeds | OtherCryptographic key generation | \\[SP 800-133r2\\]CKG using output from DRBG,Vendor Affirmed per IG D.H.The resulting key or a generated seed is an unmodified output from a DRBG:Section 5.1(Asymmetric seeds from DRBG)Section 6.1(Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant$ ^{10}$) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant$ ^{11}$) | non-compliant key agreement methods", "DSA(non-compliant$ ^{12}$) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant$ ^{13}$) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant15) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant16) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5080", "Certificate Number": "5080", "Vendor Name": "Zscaler Inc.", "Module Name": "Zscaler Java Crypto Module", "Module Type": "Software", "Validation Date": "10/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5080.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5080", "module_name": "Zscaler Java Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Zscaler Java Crypto Module is a standards-based cryptographic engine for native Java environments. The module delivers core cryptographic functions to mobile and server platforms and features robust algorithm support.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "SHA", "TLS" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping Using AES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG, Hash DRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A6047 | SHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-163⁵ | \\[FIPS 186-4\\] | KeyVerification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES (non-compliant¹⁰) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS (non-compliant¹¹) | non-approlied key agreement methods", "DSA (non-compliant¹²) | non-FIPS digest signatures using DSA", "ECDSA (non-compliant¹³) | non-FIPS digest signatures using ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5079", "Certificate Number": "5079", "Vendor Name": "Persistent Systems, LLC", "Module Name": "Wave Relay® User Space Crypto Module", "Module Type": "Software", "Validation Date": "10/08/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5079.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5079", "module_name": "Wave Relay® User Space Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/7/2030", "overall_level": 2, "caveat": "When operated in approved mode, No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Single Chip", "description": "Persistent Systems LLC Wave Relay® User Space Crypto Module is a Software cryptographic module embedded in the Wave Relay® System that provides FIPS Validated cryptographic algorithms which are used by user space system services & protocols (e.g., TLS, IPsec, etc.).", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5177 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A5177 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A5177 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A5177 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A5177 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A5177 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A5177 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A5177 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A5177 | Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A5177 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A5177 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A5177 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5177 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-KW | A5177 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A5177 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A5177 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS TestingRevision2.0 | A5177 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "CounterDRBG | A5177 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-No,Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A5177 | Curve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret GenerationMode-TestingCandidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A5177 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A5177 | Component-No,YesCurve-B-233,B-283,B-409,B-571,k-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521HashAlgorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A5177 | Component-No,YesCurve-B-163,B-233,B-283,B-409,B-571,k-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521HashAlgorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "Hash DRBG | A5177 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A5177 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A5177 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC CDH-ComponentSP800-56Ar3(CVL) | A5177 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521 | SP800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A5177 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Scheme-ephmeralUnified-KAS Role-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A5177 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP800-56ARev.3", "KAS-IFC-SSC | A5177 | Modulo -2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskpg1-crt,rskpg1-prime-factor,rskpg2-basic,rskpg2-crt,rskpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDFSP800-56Cr2 | A5177 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A5177 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A5177 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A5177 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A5177 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF IKEv2(CVL) | A5177 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:224,8192Derived Keying Material Length-Derived Keying Material Length:160,16384Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SP800-108 | A5177 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8-4096Increment8 | SP 800-108Rev.1", "KDF SSH(CVL) | A5177 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A5177 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A5177 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A5177 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5177 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SignaturePrimitive(CVL) | A5177 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5177 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A5177 | Message Length-Message Length:160,0-65536Increment8 | FIPS 180-4", "SHA2-224 | A5177 | Message Length - Message Length: 224,0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A5177 | Message Length - Message Length: 256,0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A5177 | Message Length - Message Length: 384,0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A5177 | Message Length - Message Length: 512,0-65536 Increment8 | FIPS 180-4", "SHA2-512/224 | A5177 | Message Length - Message Length: 224,0-65536 Increment8 | FIPS 180-4", "SHA2-512/256 | A5177 | Message Length - Message Length: 256,0-65536 Increment8 | FIPS 180-4", "SHA3-224 | A5177 | Message Length - Message Length: 0-65536 Increment8 | FIPS 202", "SHA3-256 | A5177 | Message Length - Message Length: 0-65536 Increment8 | FIPS 202", "SHA3-384 | A5177 | Message Length - Message Length: 0-65536 Increment8 | FIPS 202", "SHA3-512 | A5177 | Message Length - Message Length: 0-65536 Increment8 | FIPS 202", "SHAKE-128 | A5177 | Output Length - Output Length: 16-65536 Increment8 | FIPS 202", "SHAKE-256 | A5177 | Output Length - Output Length: 16-65536 Increment8 | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A5177 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "TLS v1.3 KDF (CVL) | A5177 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135 Rev.1", "AES(GCM)-ExtIV | GCM with Externally Generated IVs" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5078", "Certificate Number": "5078", "Vendor Name": "IBM(R) Corporation", "Module Name": "IBM® NVMe FlashCore™ Module 2", "Module Type": "Hardware", "Validation Date": "10/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5078.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5078", "module_name": "IBM® NVMe FlashCore™ Module 2", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/2/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The IBM(R) NVMe FlashCore(TM) Module2 is a NVMe-connected self-encrypting non-volatile storage module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5077", "Certificate Number": "5077", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "10/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5077.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5077", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/2/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true, "algorithms": [ "AES", "DES", "HMAC", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4289 | - | SP 800-38A", "AES-CCM | A4289 | - | SP 800-38C", "AES-CMAC | A4289 | - | SP 800-38B", "AES-CTR | A4289 | - | SP 800-38A", "AES-ECB | A4289 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4289 | - | SP 800-38E", "HMAC-SHA-1 | A4289 | - | FIPS 198-1", "HMAC-SHA2-256 | A4289 | - | FIPS 198-1", "HMAC-SHA2-384 | A4289 | - | FIPS 198-1", "HMAC-SHA2-512 | A4289 | - | FIPS 198-1", "HMAC-SHA3-224 | A4289 | - | FIPS 198-1", "HMAC-SHA3-256 | A4289 | - | FIPS 198-1", "HMAC-SHA3-384 | A4289 | - | FIPS 198-1", "HMAC-SHA3-512 | A4289 | - | FIPS 198-1", "SHA-1 | A4289 | - | FIPS 180-4", "SHA2-256 | A4289 | - | FIPS 180-4", "SHA2-384 | A4289 | - | FIPS 180-4", "SHA2-512 | A4289 | - | FIPS 180-4", "SHA3-224 | A4289 | - | FIPS 202", "SHA3-256 | A4289 | - | FIPS 202", "SHA3-384 | A4289 | - | FIPS 202", "SHA3-512 | A4289 | - | FIPS 202", "AES-GCM | encryption, decryption", "DES-CBC | encryption, decryption", "DES-ECB | encryption, decryption", "TDES(two independent keys) | encryption, decryption", "TDES(three independent keys) | encryption, decryption", "HMAC SHA-1 with key size other than 512 bits | message authentication code", "HMAC SHA2-256 with key sizes other than 512 bits | message authentication code", "HMAC SHA2-384 with key sizes other than 512 bits | message authentication code", "HMAC SHA2-512 with key sizes other than 512 bits | message authentication code", "HMAC SHA3-224 with key sizes other than 512 bits | message authentication code", "HMAC SHA3-256 with key sizes other than 512 bits | message authentication code", "HMAC SHA3-384 with key sizes other than 512 bits | message authentication code", "HMAC SHA3-512 with key sizes other than 512 bits | message authentication code", "AEAD-SHA-1 AES-CBC | encryption, decryption (with message authentication code)", "AEAD-SHA-1 AES-CTR | encryption, decryption (with message authentication code)", "AEAD-SHA-1 DES-CBC | encryption, decryption (with message authentication code)", "AEAD-SHA-1 TDES-CBC | encryption, decryption (with message authentication code)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5076", "Certificate Number": "5076", "Vendor Name": "Ruckus Wireless LLC", "Module Name": "Ruckus FastIron ICXTM 7550/7650/7850 Series Switch/Router", "Module Type": "Hardware", "Validation Date": "10/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5076.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5076", "module_name": "Ruckus FastIron ICXTM 7550/7650/7850 Series Switch/Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/2/2030", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ICX® family of fixed form-factor switches works together to deliver a complete, scalable, and high-performance network solution that supports today's demanding video, Unified Communications (UC), VDI, and mobile applications. They leverage the innovative Campus Fabric technology, which provides simplified network deployment and management, scale-out networking, and investment protection with the industry's lowest total cost of ownership.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5076 | - | SP 800-38A", "AES-CFB128 | A5076 | - | SP 800-38A", "AES-CMAC | A5076 | - | SP 800-38B", "AES-CTR | A5076 | - | SP 800-38A", "AES-ECB | A5076 | - | SP 800-38A", "AES-GCM | A5076 | - | SP 800-38D", "AES-KW | A5076 | - | SP 800-38F", "AES-KWP | A5076 | - | SP 800-38F", "Counter DRBG | A5076 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5076 | - | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A5076 | - | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A5076 | - | FIPS 186-5", "HMAC-SHA-1 | A5076 | - | FIPS 198-1", "HMAC-SHA2-256 | A5076 | - | FIPS 198-1", "HMAC-SHA2-384 | A5076 | - | FIPS 198-1", "HMAC-SHA2-512 | A5076 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5076 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5076 | - | SP 800-56A Rev.3", "KDF SNMP(CVL) | A5076 | - | SP 800-135 Rev.1", "KDF SP800-108 | A5076 | - | SP 800-108 Rev.1", "KDF SSH(CVL) | A5076 | - | SP 800-135 Rev.1", "RSA KeyGen(FIPS186-5) | A5076 | - | FIPS 186-5", "RSA SigGen(FIPS186-5) | A5076 | - | FIPS 186-5", "RSA SigVer(FIPS186-5) | A5076 | - | FIPS 186-5", "SHA-1 | A5076 | - | FIPS 180-4", "SHA2-256 | A5076 | - | FIPS 180-4", "SHA2-384 | A5076 | - | FIPS 180-4", "SHA2-512 | A5076 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A5076 | - | SP 800-135 Rev.1", "AES-ECB | AES 4550 | - | SP 800-38A", "AES-GCM | AES 4550 | - | SP 800-38D" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5075", "Certificate Number": "5075", "Vendor Name": "Ruckus Wireless LLC", "Module Name": "Ruckus FastIron ICXTM 7150/8200 Series Switch/Router", "Module Type": "Hardware", "Validation Date": "10/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5075.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5075", "module_name": "Ruckus FastIron ICXTM 7150/8200 Series Switch/Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/2/2030", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ICX® family of fixed form-factor switches works together to deliver a complete, scalable, and high-performance network solution that supports today's demanding video, Unified Communications (UC), VDI, and mobile applications. They leverage the innovative Campus Fabric technology, which provides simplified network deployment and management, scale-out networking, and investment protection with the industry's lowest total cost of ownership.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5076 | - | SP 800-38A", "AES-CFB128 | A5076 | - | SP 800-38A", "AES-CTR | A5076 | - | SP 800-38A", "AES-ECB | A5076 | - | SP 800-38A", "AES-GCM | A5076 | - | SP 800-38D", "Counter DRBG | A5076 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-5) | A5076 | - | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A5076 | - | FIPS186-5", "ECDSA SigVer(FIPS186-5) | A5076 | - | FIPS186-5", "HMAC-SHA-1 | A5076 | - | FIPS198-1", "HMAC-SHA2-256 | A5076 | - | FIPS198-1", "HMAC-SHA2-384 | A5076 | - | FIPS198-1", "HMAC-SHA2-512 | A5076 | - | FIPS198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5076 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5076 | - | SP 800-56A Rev.3", "KDF SNMP(CVL) | A5076 | - | SP 800-135 Rev.1", "KDF SSH(CVL) | A5076 | - | SP 800-135 Rev.1", "RSA KeyGen(FIPS186-5) | A5076 | - | FIPS186-5", "RSA SigGen(FIPS186-5) | A5076 | - | FIPS186-5", "RSA SigVer(FIPS186-5) | A5076 | - | FIPS186-5", "SHA-1 | A5076 | - | FIPS 180-4", "SHA2-256 | A5076 | - | FIPS 180-4", "SHA2-384 | A5076 | - | FIPS 180-4", "SHA2-512 | A5076 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A5076 | - | SP 800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5074", "Certificate Number": "5074", "Vendor Name": "Giesecke+Devrient ePayments GmbH", "Module Name": "Sm@rtCafé Expert 8.1", "Module Type": "Hardware", "Validation Date": "10/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5074.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5074", "module_name": "Sm@rtCafé Expert 8.1", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/2/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Sm@rtCafé Expert 8.1 is a dual interface smart card (ISO/IEC 7816, ISO/IEC 14443) conforming to the Java Card 3.1 and GlobalPlatform 2.3.1 specifications, designed to address the high security and strong cryptography needs of US Federal agencies and Enterprises that require FIPS 140-3 validated applications for authorized access, authentication and identification, such as PIV and corporate ID.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5073", "Certificate Number": "5073", "Vendor Name": "ICU Medical", "Module Name": "ICU Medical FIPS Module for OpenSSL 3", "Module Type": "Software", "Validation Date": "09/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5073.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5073", "module_name": "ICU Medical FIPS Module for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The ICU Medical FIPS Module for OpenSSL is a general-purpose cryptographic module integrated in ICU Medical products (Plum Solo, Plum Duo, Plum 360, Medfusion 5000, CADD Solis) to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A7142 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A7142 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-512 Increment8 | SP 800-38A", "AES-CBC-CS2 | A7142 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:128-512 Increment8 | SP 800-38A", "AES-CBC-CS3 | A7142 | Direction-decrypt, encryptKey Length-128,192,256Payload Length-Payload Length:136-512 Increment8 | SP 800-38A", "AES-CCM | A7142 | Key Length-128,192,256Tag Length-112,128,32,48,64,80,96IV Length-IV Length:56-104 Increment8Payload Length-Payload Length:0-256 Increment8AAD Length-AAD Length:0-524288 Increment8 | SP 800-38C", "AES-CFB1 | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A7142 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A7142 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8Payload Length - Payload Length: 8-65536 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A7142 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-KW | A7142 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KWP | A7142 | Direction - Decrypt, EncryptCipher - Cipher, Inverse | SP 800-38F", "AES-OFB | A7142 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A7142 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode - HexData Unit Length Matches Payload Length - Yes | SP 800-38E", "Counter DRBG | A7142 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128, AES-192, AES-256Derivation Function Enabled - No, YesAdditional Input - Additional Input: 0-256 Increment 256, Additional Input: 256, Additional Input: 320, Additional Input: 384Entropy Input - Entropy Input: 128-256 Increment 128, Entropy Input: 256, Entropy Input: 256-512 Increment 128, Entropy Input: 320, Entropy Input: 384Nonce - Nonce: 0, Nonce: 128Personalization String Length - Personalization String Length: 0-256 Increment 256, Personalization String Length: 256, Personalization String Length: 320, Personalization String Length: 384Returned Bits - 256 | SP 800-90A Rev. 1", "DSA KeyGen (FIPS186-4) | A7142 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGGen (FIPS186-4) | A7142 | P/Q Generation Methods - ProbableG Generation Methods - Canonical, UnverifiableL - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer (FIPS186-4) | A7142 | P/Q Generation Methods - ProbableG Generation Methods - Canonical, UnverifiableL - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigGen (FIPS186-4) | A7142 | L - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer (FIPS186-4) | A7142 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen (FIPS186-4) | A7142 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A7142 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen (FIPS186-4) | A7142 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA SigVer (FIPS186-4) | A7142 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "EDDSA KeyGen | A7142 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A7142 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A7142 | Curve - ED-25519, ED-448 Context Length - Context Length: 0-255 Increment 1 PreHash - No Pure - Yes | FIPS 186-5", "EDDSA SigVer | A7142 | Curve - ED-25519, ED-448 PreHash - No Pure - Yes | FIPS 186-5", "Hash DRBG | A7142 | Prediction Resistance - Yes Supports Reeseed - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Entropy Input - Entropy Input: 128-256 Increment 64, Entropy Input: 192-256 Increment 64, Entropy Input: 256-320 Increment 64 Nonce - Nonce: 128-160 Increment 32, Nonce: 96-128 Increment 32 Personalization String Length - Personalization String Length: 0-256 Increment 128 Additional Input - Additional Input: 0-256 Increment 128 Returned Bits - 160, 224, 256, 384, 512 | SP 800-90A Rev. 1", "HMAC DRBG | A7142 | Prediction Resistance - Yes Supports Reeseed - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input: 192-256 Increment 64, Entropy Input: 256-512 Increment 64, Entropy Input: 384-512 Increment 64, Entropy Input: 512-1024 Increment 64 Nonce - Nonce: 128, Nonce: 64, Nonce: 96 Personalization String Length - Personalization String Length: 0-192 Increment 64, Personalization String Length: 0-256 Increment 128 Additional Input - Additional Input: 0-256 Increment 128, Additional Input: 192 Returned Bits - 160, 224, 256, 384, 512 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A7142 | MAC - MAC: 32-160 Increment 8 Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A7142 | MAC-MAC:32-224 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A7142 | MAC-MAC:32-256 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A7142 | MAC-MAC:32-384 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A7142 | MAC-MAC:32-512 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A7142 | MAC-MAC:32-224 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A7142 | MAC-MAC:32-256 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A7142 | MAC-MAC:32-224 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A7142 | MAC-MAC:32-256 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A7142 | MAC-MAC:32-384 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A7142 | MAC-MAC:32-512 Increment8KeyLength-KeyLength:112-2048Increment8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A7142 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSC Sp800-56Ar3 | A7142 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A7142 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A7142 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1 | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A7142 | Fixed Info Pattern - algorithmmld", "KDA OneStep SP800-56Cr2 | A7142 | Auxiliary Function Methods -Auxiliary Function Name - SHA2-512MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDA TwoStep SP800-56Cr2 | A7142 | MAC Salting Methods - default, randomFixed Info Pattern - algorithmmld", "KDF ANS 9.42 (CVL) | A7142 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512Other Info Length - Other Info Length: 0-4096 Increment 8zz Length - zz Length: 8-4096 Increment 8 | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A7142 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Field Size - 224, 571Shared Info Length - Shared Info Length: 0, 1024Key Data Length - Key Data Length: 128, 4096 | SP 800-135 Rev. 1", "KDF SP800-108 | A7142 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AE5128, CMAC-AE5192, CMAC-AE5256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096Fixed Data Order - Before Fixed DataCounter Length - 32Supports Empty IV - No, YesCustom Key In Length - 0Requires Empty IV - Yes | SP 800-108 Rev. 1", "KDF SSH (CVL) | A7142 | Cipher - AES-128, AES-192, AES-256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "KTS-IFC | A7142 | Function - keyPairGen, partialValIUT ID - CAFEFACEModulo - 2048, 3072, 4096, 6144Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factorFixed Public Exponent - 010001Scheme -KTS-OAEP-basic -KAS Role - initiator, responderKey Transport Method -Hash Algorithms - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3- | SP 800-56B Rev. 2", "PBKDF | A7142 | Iteration Count - Iteration Count: 1-10000 Increment 1HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Password Length - Password Length: 8-128 Increment 8Salt Length - Salt Length: 128-4096 Increment 8Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-132", "RSA KeyGen (FIPS186-4) | A7142 | Key Generation Mode - B.3.3Modulo - 2048, 3072, 4096Primality Tests - Table C.2Info Generated By Server - YesPublic Exponent Mode - RandomPrivate Key Format - Standard | FIPS 186-4", "RSA SigGen (FIPS186-4) | A7142 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSSModulo - 2048, 3072, 4096Hash Pair -Hash Algorithm - SHA2-256 | FIPS 186-4", "RSA SigGen (FIPS186-5) | A7142 | Hash Pair -Hash Algorithm - SHA2-224Modulo - 2048, 3072, 4096Signature Type - pkcs1v1.5, pssMask Function - MGF1 | FIPS 186-5", "RSA Signature Primitive (CVL) | A7142 | Private Key Format - crtPublic Exponent Mode - fixedFixed Public Exponent - 010001 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A7142 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSSModulo - 1024, 2048, 3072, 4096Hash Pair -Hash Algorithm - SHA-1Public Exponent Mode - Random | FIPS 186-4", "RSA SigVer (FIPS186-5) | A7142 | Hash Pair -Hash Algorithm - SHA2-224Modulo - 2048, 3072, 4096Signature Type - pkcs1v1.5, pssMask Function - MGF1Public Exponent Mode - random | FIPS 186-5", "SHA-1 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-224 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-256 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-384 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-512 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-512/224 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-512/256 | A7142 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA3-224 | A7142 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-256 | A7142 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-384 | A7142 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-512 | A7142 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHAKE-128 | A7142 | Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A7142 | Supports Bit-Oriented Messages - No Supports Empty Message - Yes Supports Bit-Oriented Output - No Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "TLS v1.2 KDF RFC7627 (CVL) | A7142 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 Key Block Length-Key Block Length:1024 | SP 800-135 Rev.1", "TLS v1.3 KDF (CVL) | A7142 | HMAC Algorithm-SHA2-256,SHA2-384 KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135 Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5072", "Certificate Number": "5072", "Vendor Name": "Ceragon Networks Ltd.", "Module Name": "IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E", "Module Type": "Hardware", "Validation Date": "09/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5072.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5072", "module_name": "IP-20G, IP-20C, IP-20S, IP-20C-HP, IP-20N, IP-20A, IP-50C, IP-50E", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/15/2030", "overall_level": 2, "caveat": "When operated in approved mode, installed, initialized and configured as specified in Section 11.3 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Ceragon Networks IP-20 and IP-50 are a Point-to-Point wireless broadband solution for mission-critical communications in government, industrial and public safety spaces. Integrated with leading networking functionality with the industry most advanced microwave technologies, the platform creates a superior transport solution.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5071", "Certificate Number": "5071", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series)", "Module Type": "Hardware", "Validation Date": "09/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5071.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5071", "module_name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 4200 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. This unified software is capable of offering the functions of ASA and FirePOWER deployed on Cisco Firepower 4200 Series", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4446 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4446 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "Counter DRBG | A4446 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4446 | Key Length - Key Length:256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4446 | Key Length - Key Length:256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4446 | Key Length - Key Length:256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4446 | Key Length - Key Length:256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4446 | Key Length - Key Length:256-448 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme dhEphem-KAS Role initiator, responder | SP 800-56ARev.3", "KDF IKEv2(CVL) | A4446 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A4446 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4446 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode-B.3.4Modulo-2048,3072Hash Algorithm-SHA2-256Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072 | FIPS 186-4", "SHA-1 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4446 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "AES-CBC | C1026 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | C1026 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP800-38D", "Hash DRBG | C1026 | Prediction Resistance-NoMode-SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | C1026 | - | FIPS198-1", "HMAC-SHA2-256 | C1026 | - | FIPS198-1", "HMAC-SHA2-384 | C1026 | - | FIPS198-1", "HMAC-SHA2-512 | C1026 | - | FIPS198-1", "SHA-1 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-256 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-384 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4", "SHA2-512 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5070", "Certificate Number": "5070", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 1000 Series)", "Module Type": "Hardware", "Validation Date": "09/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5070.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5070", "module_name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 1000 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. This unified software is capable of offering the functions of ASA and FirePOWER deployed on Cisco Firepower 1000 Series", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4446 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4446 | Direction-Decrypt,EncryptIV Generation-InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "Counter DRBG | A4446 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4446 | Key Length-Key Length:256-448Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4446 | Key Length-Key Length:256-448Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4446 | Key Length-Key Length:256-448Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4446 | Key Length-Key Length:256-448Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4446 | Key Length-Key Length:256-448Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme-dhEphem-KAS Role-initiator,responder | SP800-56ARev.3", "KDF IKEv2(CVL) | A4446 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP800-135Rev.1", "KDF SNMP(CVL) | A4446 | Password Length-Password Length:256,64 | SP800-135Rev.1", "KDF SSH(CVL) | A4446 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256 | SP800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode-B.3.4Modulo-2048,3072 | FIPS186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072 | FIPS 186-4", "SHA-1 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4446 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5069", "Certificate Number": "5069", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series)", "Module Type": "Hardware", "Validation Date": "09/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5069.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5069", "module_name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 1000 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Next generation security services on Cisco Firepower 1000 Series, capable of running multiple (firewall (NGFW), traffic management) security services simultaneously.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "Counter DRBG | A4446 | Prediction Resistance - YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role-initiator,responder | SP800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme-dhEphem-KAS Role-initiator,responder | SP800-56ARev.3", "KDF IKEv2(CVL) | A4446 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP800-135Rev.1", "KDF SNMP(CVL) | A4446 | Password Length-Password Length:256,64 | SP800-135Rev.1", "KDF SSH(CVL) | A4446 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode-B.3.4Modulo-2048,3072Hash Algorithm-SHA2-256Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072 | FIPS 186-4", "SHA-1 | A4446 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4446 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "KAS-ECC-KeyGen(SSHv2) | KAS-KeyGenCKG | KAS ECCkeygen used inSSHv2 service | Bit-strengthCaveat:Providesbetween128and256bitsencryptionstrength | Counter DRBG:(A4446)CKG:()", "KAS-FFC-KeyGen(SSHv2) | KAS-KeyGenCKG | KAS FFCkeygen used inSSHv2 service | Bit-strengthCaveat:Providesbetween112and152bitsencryptionstrength | Counter DRBG:(A4446)SafePrimes KeyGeneration:(A4446)SafePrimeGroups:modp2048,modp3072,modp4096CKG:()", "KAS-ECC-KeyGen(TLSv1.2) | KAS-KeyGenCKG | KAS ECCkeygen used inTLSv1.2服务 | Bit-strengthCaveat:Providesbetween128and256bitsencryptionstrength | Counter DRBG:(A4446)CKG:()", "KAS-FFC-KeyGen(TLSv1.2) | KAS-KeyGenCKG | KAS FFCkeygen used inTLSv1.2服务 | Bit-strengthCaveat:Providesbetween112and152bitsencryptionstrength | Counter DRBG:(A4446)SafePrimes KeyGeneration:(A4446)SafePrimeGroups:ffdhe2048,ffdhe3072,ffdhe4096CKG:()", "KAS-ECC-KeyGen(IKEv2) | KAS-KeyGenCKG | KAS ECCkeygen used inTLSv1.2服务 | Bit-strengthCaveat:Providesbetween128和256 bitsencryptionstrength | Counter DRBG:(A4446)CKG:()", "KAS-FFC-KeyGen(IKEv2) | KAS-KeyGenCKG | KAS FFCkeygen used inTLSv1.2服务 | Bit-strengthCaveat:Providesbetween112和152 bitsencryptionstrength | Counter DRBG:(A4446)SafePrimes KeyGeneration:(A4446)SafePrimeGroups:modp2048,modp3072,modp-", "KAS-ECC(SSHv2) | KAS-Full | KAS-ECC for SSHv2 service | Bit-strengthCaveat:Providesbetween128and256bitsofencryptionstrength | KDFSSH:(A4446)KAS-ECC-SSCSp800-56Ar3:(A4446)", "KAS-FFC(SSHv2) | KAS-Full | KAS-FFCSSHv2service | Bit-strengthCaveat:Providesbetween112and152bitsofencryptionstrength | KDFSSH:(A4446)KAS-FFC-SSCSp800-56Ar3:(A4446)DomainParameterGenerationMethod:modp2048,modp3072,modp4096", "KAS-ECC(TLSv1.2) | KAS-Full | KAS-ECCforTLSv1.2service | Bit-strengthCaveat:Providesbetween128and256bitsofencryptionstrength | TLSv1.2KDFRFC7627:(A4446)KAS-ECC-SSCSp800-56Ar3:(A4446)", "KAS-FFCTLSv1.2) | KAS-Full | KAS-FFCforTLSv1.2service | Bit-strengthCaveat:Providesbetween112to152bitsofencryptionstrength | TLSv1.2KDFRFC7627:(A4446)KAS-FFC-SSCSp800-56Ar3:(A4446)DomainParameterGenerationMethod:ffdhe2048,ffdhe3072,ffdhe4096", "KAS-ECC(IKEv2) | KAS-Full | KAS-ECCforIKEv2Service | Bit-strengthCaveat:Providesbetween112and256bitsofencryptionstrength | KAS-ECC-SSCSp800-56Ar3:(A4446)KDFIKEv2:(A4446)", "KAS-FFCIKEv2) | KAS-Full | KAS-FFCforIKEv2服务 | Bit-strengthCaveat:Providesbetween112and152bitsof | KAS-FFC-SSCSp800-56Ar3:(A4446)KDFIKEv2:", "KTS(TLSv1.2with AES and HMAC) | KTS-Wrap | KTS via TLSv1.2service by usingAES and HMAC | Bit-strengthCaveat:Providesbetween128and256bits ofencryption strength | AES-CBC:(A4446)Key Length:128,256HMAC-SHA-1:(A4446)HMAC-SHA2-256:(A4446)HMAC-SHA2-384:(A4446)SHA-1:(A4446)SHA2-256:(A4446)SHA2-384:(A4446)", "KTS(TLSv1.2with AES-GCM) | KTS-Wrap | KTS via TLSv1.2service by usingAES-GCM | Bit-strengthCaveat:Providesbetween128and256bits ofencryption strength | AES-GCM:(A4446)Key Length:128,256", "KTS(SSHv2with AES and HMAC) | KTS-Wrap | KTS via SSHv2service by usingAES and HMAC | Bit-strengthCaveat:Providesbetween128and256bits ofencryption strength | AES-CBC:(A4446)Key Length:128,256HMAC-SHA-1:(A4446)HMAC-SHA2-256:(A4446)SHA-1:(A4446)SHA2-256:(A4446)", "KTS(SSHv2with AES-GCM) | KTS-Wrap | KTS via SSHv2service by usingAES-GCM | Bit-strengthCaveat:Providesbetween128and256bits ofencryption strength | AES-GCM:(A4446)Key Length:128,256", "RSA KeyGen(SSHv2,TLSv1.2,IKEv2) | AsymKeyPair-KeyGenCKG | RSA KeyGen forSSHv2, | RSA KeyGen(FIPS186-4):(A4446)", "ECDSA KeyGen(SSHv2,TLSv1.2 and IKEv2) | AsymKeyPair-KeyGenCKG | ECDSA KeyGen for TLSv1.2 and IKEv2 services | ECDSA KeyGen(FIPS186-4):(A4446)Counter DRBG:(A4446)CKG:()", "RSA SigGen(SSHv2,TLSv1.2,IKEv2) | DigSig-SigGen | RSA SigGen for SSH2,TLSv1.2,and IKEv2 services | RSA SigGen(FIPS186-4):(A4446)", "ECDSA SigGen(SSHv2,TLSv1.2 and IKEv2) | DigSig-SigGen | ECDSA SigGen for TLSv1.2,and IKEv2 services | ECDSA SigGen(FIPS186-4):(A4446)", "RSA SigVer(SSHv2,TLSv1.2,and IKEv2) | DigSig-SigVer | RSA SigVer for SSH2,TLSv1.2,and IKEv2 services | RSA SigVer(FIPS186-4):(A4446)", "ECDSA SigVer(SSHv2,TLSv1.2,and IKEv2) | DigSig-SigVer | ECDSA SigVer for TLSv1.2and IKEv2 services | ECDSA SigVer(FIPS186-4):(A4446)", "Block Cipher(SSHv2) | BC-AuthBC-UnAuth | Block Cipher for SSHv2 service | AES-CBC:(A4446)Key Length:128,256AES-GCM:(A4446)Key Length:128,256", "Block Cipher(TLSv1.2) | BC-AuthBC-UnAuth | Block Cipher for TLSv1.2 service | AES-GCM:(A4446)Key Length:128,256AES-CBC:(A4446)Key Length:128,256", "Block Cipher(IPSec/IKE) | BC-AuthBC-UnAuth | Block Cipher for IPSec/IKEv2service | AES-CBC:(A4446)AES-GCM:(A4446)", "Block Cipher(SNMPv3) | BC-UnAuth | Block Cipher for SNMPv3 service | AES-CBC:(A4446)KDF SNMP:(A4446)", "MAC(SSHv2) | MAC | MAC for SSHv2 service | HMAC-SHA-1:(A4446)HMAC-SHA2-256:(A4446)SHA-1:(A4446)SHA2-256:(A4446)", "MAC(TLSv1.2) | MAC | Message Authentication for TLSv1.2 services | HMAC-SHA-1:(A4446)HMAC-SHA2-256:(A4446)HMAC-SHA2-384:(A4446)SHA-1:(A4446)SHA2-256:(A4446)SHA2-384:(A4446)", "MAC(IPSec/IKEv2) | MAC | Message Authentication for IPSec/IKEv2 services | HMAC-SHA2-256:(A4446)HMAC-SHA2-384:(A4446)HMAC-SHA2-512:(A4446)SHA2-256:(A4446)SHA2-384:(A4446)SHA2-512:(A4446)", "MAC(SNMPv3) | MAC | Message Authentication for SNMPv3 service | HMAC-SHA-1:(A4446)SHA-1:(A4446)KDF SNMP:(A4446)HMAC-SHA2-256:(A4446)HMAC-SHA2-384:(A4446)SHA2-256:(A4446)SHA2-384:(A4446)HMAC-SHA2-224:(A4446)SHA2-224:(A4446)", "Firmware Load Test | MAC | MAC for firmware load test | HMAC-SHA2-512:(A4446)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5068", "Certificate Number": "5068", "Vendor Name": "Cloudian Inc.", "Module Name": "Cloudian-FJA (FIPS Java API)", "Module Type": "Software", "Validation Date": "09/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5068.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5068", "module_name": "Cloudian-FJA (FIPS Java API)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cloudian FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java and based on Bouncy Castle. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5067", "Certificate Number": "5067", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 4200 Series)", "Module Type": "Hardware", "Validation Date": "09/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5067.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5067", "module_name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 4200 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/21/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Next generation security services on Cisco Firepower 4200 Series, capable of running multiple (firewall (NGFW), traffic management) security services simultaneously.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4446 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A4446 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "Counter DRBG | A4446 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4446 | Key Length-Key Length:256-448 Increment 8 | FIPS198-1", "HMAC-SHA2-224 | A4446 | Key Length-Key Length:256-448 Increment 8 | FIPS198-1", "HMAC-SHA2-256 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4446 | Key Length - Key Length: 256-448 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme ephemeralUnified KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, modp-3072, modp-4096 Scheme dhEphem KAS Role - initiator, responder | SP 800-56A Rev.3", "KDF IKEv2 (CVL) | A4446 | Diffie-Hellman Shared Secret Length - Diffie-Hellman Shared Secret Length: 2048 Derived Keying Material Length - Derived Keying Material Length: 3072 Hash Algorithm - SHA-1 | SP 800-135 Rev.1", "KDF SNMP (CVL) | A4446 | Password Length - Password Length: 256, 64 | SP 800-135 Rev.1", "KDF SSH (CVL) | A4446 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-256 | SP 800-135 Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode - B.3.4 Modulo - 2048, 3072 Hash Algorithm - SHA2-256 Private Key Format - Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072 | FIPS 186-4", "SHA-1 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4446 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "AES-CBC | C1026 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | C1026 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP800-38D", "Hash DRBG | C1026 | Prediction Resistance-NoMode-SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | C1026 | - | FIPS198-1", "HMAC-SHA2-256 | C1026 | - | FIPS198-1", "HMAC-SHA2-384 | C1026 | - | FIPS198-1", "HMAC-SHA2-512 | C1026 | - | FIPS198-1", "SHA-1 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-256 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-384 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4", "SHA2-512 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5066", "Certificate Number": "5066", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series)", "Module Type": "Hardware", "Validation Date": "09/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5066.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5066", "module_name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 2100 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/21/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Next generation security services on Cisco Firepower 2100 Series, capable of running multiple (firewall (NGFW), traffic management) security services simultaneously.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4446 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4446 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "Counter DRBG | A4446 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - Yes | SP 800-90A | Rev. 1", "ECDSA KeyGen | (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen | (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256,", "SHA2-384, SHA2-512 | FIPS 186-4", "ECDSA SigVer | (FIPS186-4) | A4446 | Curve - P-256, P-384, P-521 | FIPS 186-4", "HMAC-SHA-1 | A4446 | Key Length - Key Length: 256-448 Increment | 8 | FIPS 198-1", "HMAC-SHA2-224 | A4446 | Key Length - Key Length: 256-448 Increment | 8 | FIPS 198-1", "HMAC-SHA2-256 | A4446 | Key Length - Key Length: 256-448 Increment | 8 | FIPS 198-1", "HMAC-SHA2-384 | A4446 | Key Length - Key Length: 256-448 Increment | 8 | FIPS 198-1", "HMAC-SHA2-512 | A4446 | Key Length - Key Length: 256-448 Increment | 8 | FIPS 198-1", "KAS-ECC-SSC | Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - P- | 256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-FFC-SSC | Sp800-56Ar3 | A4446 | Domain Parameter Generation Methods - | ffdhe2048, ffdhe3072, ffdhe4096, modp-2048, | modp-3072, modp-4096 | SP 800-56A | Rev. 3", "KDF IKEv2 (CVL) | A4446", "Diffie-Hellman Shared Secret Length - Diffie-", "Hellman Shared Secret Length: 2048 | Derived Keying Material Length - Derived | Keying Material Length: 3072", "Hash Algorithm - SHA-1 | SP 800-135 | Rev. 1", "KDF SNMP", "(CVL) | A4446 | Password Length - Password Length: 256, 64 | SP 800-135 | Rev. 1", "KDF SSH (CVL) | A4446", "Cipher - AES-128, AES-192, AES-256 | SP 800-135 | Rev. 1", "RSA KeyGen | (FIPS186-4) | A4446 | Key Generation Mode - B.3.4 | Modulo - 2048, 3072", "Hash Algorithm - SHA2-256 | Private Key Format - Standard | FIPS 186-4 | © 2021-2025 Cisco Systems, Inc. | This document may be freely reproduced and distributed whole and intact including this Copyright Notice. | CAVP | Cert", "RSA SigGen | (FIPS186-4) | A4446 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072 | FIPS 186-4", "RSA SigVer | (FIPS186-4) | A4446 | Signature Type - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072 | FIPS 186-4 | Safe Primes Key | Generation | A4446 | Safe Prime Groups - ffdhe2048, ffdhe3072, | ffdhe4096, modp-2048, modp-3072, modp- | 4096 | SP 800-56A | Rev. 3", "SHA-1 | A4446 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length - Message Length: 0-65536 | Increment 8 | FIPS 180-4", "TLS v1.2 KDF", "RFC7627 (CVL) | A4446", "Hash Algorithm - SHA2-256, SHA2-384,", "SHA2-512 | SP 800-135 | Rev. 1 | Octeon III Family Crypyto Engine | CAVP | Cert", "AES-CBC", "AES 3301 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM", "AES 3301 | Direction - Decrypt, Encrypt | IV Generation - External | Key Length - 128, 192, 256 | SP 800-38D", "Hash DRBG", "DRBG 819 Prediction Resistance - No", "Mode - SHA2-512 | SP 800-90A | Rev. 1", "HMAC-SHA-1", "HMAC | 2095 | - | FIPS 198-1", "HMAC-SHA2- | 256", "HMAC-SHA2- | 384", "HMAC-SHA2- | 512", "SHA-1", "SHS 2737 | Message Length - Message Length: 8- | 51200 Increment 8 | FIPS 180-4", "SHA2-256", "SHA2-384", "SHS 2737 | Message Length - Message Length: 8- | 102400 Increment 8 | FIPS 180-4", "SHA2-512", "SHS 2737 | Message Length - Message Length: 8- | 102400 Increment 8 | FIPS 180-4 | © 2021-2025 Cisco Systems, Inc. | This document may be freely reproduced and distributed whole and intact including this Copyright Notice. | Name Properties | Implementation Reference | CKG | Key Type:Asymmetric N/A | SP 800-133r2 Section 4, Method 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | N/A for this module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5065", "Certificate Number": "5065", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v13.0 [Apple silicon, User, Software, SL1]", "Module Type": "Software", "Validation Date": "09/22/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5065.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5065", "module_name": "Apple corecrypto Module v13.0 [Apple silicon, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/21/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple Cryptographic Module for Apple silicon user space environment.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDH", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3423 | - | SP 800-38A", "AES-CBC | A3424 | - | SP 800-38A", "AES-CBC | A3425 | - | SP 800-38A", "AES-CBC | A3426 | - | SP 800-38A", "AES-CBC | A3483 | - | SP 800-38A", "AES-CBC | A3484 | - | SP 800-38A", "AES-CBC | A3485 | - | SP 800-38A", "AES-CBC | A3486 | - | SP 800-38A", "AES-CCM | A3424 | - | SP 800-38C", "AES-CCM | A3426 | - | SP 800-38C", "AES-CCM | A3427 | - | SP 800-38C", "AES-CCM | A3484 | - | SP 800-38C", "AES-CCM | A3486 | - | SP 800-38C", "AES-CCM | A3487 | - | SP 800-38C", "AES-CFB128 | A3486 | - | SP 800-38A", "AES-CFB8 | A3424 | - | SP 800-38A", "AES-CFB8 | A3426 | - | SP 800-38A", "AES-CFB8 | A3484 | - | SP 800-38A", "AES-CFB8 | A3486 | - | SP 800-38A", "AES-CMAC | A3426 | - | SP 800-38B", "AES-CMAC | A3486 | - | SP 800-38B", "AES-CTR | A3424 | - | SP 800-38A", "AES-CTR | A3426 | - | SP 800-38A", "AES-CTR | A3427 | - | SP 800-38A", "AES-CTR | A3484 | - | SP 800-38A", "AES-CTR | A3486 | - | SP 800-38A", "AES-CTR | A3487 | - | SP 800-38A", "AES-ECB | A3426 | - | SP 800-38A", "AES-ECB | A3427 | - | SP 800-38A", "AES-ECB | A3483 | - | SP 800-38A", "AES-ECB | A3484 | - | SP 800-38A", "AES-ECB | A3486 | - | SP 800-38A", "AES-ECB | A3487 | - | SP 800-38A", "AES-GCM | A3424 | - | SP 800-38D", "AES-GCM | A3426 | - | SP 800-38D", "AES-GCM | A3427 | - | SP 800-38D", "AES-GCM | A3484 | - | SP 800-38D", "AES-GCM | A3486 | - | SP 800-38D", "AES-GCM | A3487 | - | SP 800-38D", "AES-KW | A3424 | - | SP 800-38F", "AES-KW | A3426 | - | SP 800-38F", "AES-KW | A3484 | - | SP 800-38F", "AES-KW | A3486 | - | SP 800-38F", "AES-OFB | A3426 | - | SP 800-38A", "AES-OFB | A3483 | - | SP 800-38A", "AES-OFB | A3484 | - | SP 800-38A", "AES-OFB | A3486 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3423 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A3424 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A3426 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A3483 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A3484 | - | SP 800-38E", "AES-XTS Testing Revision 2.0 | A3486 | - | SP 800-38E", "Counter DRBG | A3424 | - | SP 800-90A Rev.1", "Counter DRBG | A3426 | - | SP 800-90A Rev.1", "Counter DRBG | A3427 | - | SP 800-90A Rev.1", "Counter DRBG | A3484 | - | SP 800-90A Rev.1", "Counter DRBG | A3486 | - | SP 800-90A Rev.1", "Counter DRBG | A3487 | - | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A3486 | - | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3488 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3426 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3428 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3486 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3488 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3426 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3428 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3486 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3488 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3426 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3428 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3486 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3488 | - | FIPS 186-4", "HMAC-SHA-1 | A3428 | - | FIPS 198-1", "HMAC-SHA-1 | A3486 | - | FIPS 198-1", "HMAC-SHA-1 | A3488 | - | FIPS 198-1", "HMAC-SHA2-224 | A3426 | - | FIPS 198-1", "HMAC-SHA2-224 | A3428 | - | FIPS 198-1", "HMAC-SHA2-224 | A3486 | - | FIPS 198-1", "HMAC-SHA2-224 | A3488 | - | FIPS 198-1", "HMAC-SHA2-256 | A3426 | - | FIPS 198-1", "HMAC-SHA2-256 | A3428 | - | FIPS 198-1", "HMAC-SHA2-256 | A3429 | - | FIPS 198-1", "HMAC-SHA2-256 | A3486 | - | FIPS 198-1", "HMAC-SHA2-256 | A3488 | - | FIPS 198-1", "HMAC-SHA2-256 | A3489 | - | FIPS 198-1", "HMAC-SHA2-512 | A3426 | - | FIPS 198-1", "HMAC-SHA2-512 | A3428 | - | FIPS 198-1", "HMAC-SHA2-512 | A3486 | - | FIPS 198-1", "HMAC-SHA2-512 | A3488 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A3426 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A3428 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A3486 | - | FIPS 198-1", "HMAC-SHA2-512/256 | A3488 | - | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3426 | - | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3486 | - | SP 800-56A Rev.3", "KDF SP800-108 | A3426 | - | SP 800-108 Rev.1", "KDF SP800-108 | A3428 | - | SP 800-108 Rev.1", "KAS-FFC-SSC Sp800-56Ar3 | A3426 | - | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3486 | - | SP 800-56A Rev.3", "KDF SP800-108 | A3486 | - | SP 800-108 Rev.1", "KDF SP800-108 | A3488 | - | SP 800-108 Rev.1", "PBKDF | A3426 | - | SP 800-132", "PBKDF | A3428 | - | SP 800-132", "PBKDF | A3486 | - | SP 800-132", "PBKDF | A3488 | - | SP 800-132", "RSA KeyGen(FIPS186-4) | A3426 | - | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A3428 | - | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A3486 | - | FIPS 186-4", "RSA KeyGen(FIPS186-4) | A3488 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3426 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3428 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3486 | - | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3488 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3428 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3486 | - | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3488 | - | FIPS 186-4", "SHA-1 | A3426 | - | FIPS 180-4", "SHA-1 | A3428 | - | FIPS 180-4", "SHA-1 | A3486 | - | FIPS 180-4", "SHA-1 | A3488 | - | FIPS 180-4", "SHA2-224 | A3426 | - | FIPS 180-4", "SHA2-224 | A3428 | - | FIPS 180-4", "SHA2-224 | A3486 | - | FIPS 180-4", "SHA2-224 | A3488 | - | FIPS 180-4", "SHA2-256 | A3429 | - | FIPS 180-4", "SHA2-256 | A3486 | - | FIPS 180-4", "SHA2-256 | A3488 | - | FIPS 180-4", "SHA2-256 | A3489 | - | FIPS 180-4", "SHA2-384 | A3426 | - | FIPS 180-4", "SHA2-384 | A3428 | - | FIPS 180-4", "SHA2-384 | A3486 | - | FIPS 180-4", "SHA2-384 | A3488 | - | FIPS 180-4", "SHA2-512 | A3426 | - | FIPS 180-4", "SHA2-512 | A3428 | - | FIPS 180-4", "SHA2-512 | A3486 | - | FIPS 180-4", "SHA2-512 | A3488 | - | FIPS 180-4", "SHA2-512/256 | A3426 | - | FIPS 180-4", "SHA2-512/256 | A3428 | - | FIPS 180-4", "SHA2-512/256 | A3486 | - | FIPS 180-4", "SHA2-512/256 | A3488 | - | FIPS 180-4", "Cryptographic Key Generation(CKG) | RSA Key Generation:Modulus:2048,3072,4096;Key strength:from 112 to 150-bitsECDSA Key Generation:P-224,P-256,P-384,P-521;Key strength:from 112 to 256-bitsSafe Prime Key Generation:Safe prime groups:MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192 Key strength:from 112 to 200-bits | Apple corecrypto Module [Apple ARM,User,Software,SL1](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/c_ltc) | FIPS 140-3 IG D.H.and\\[SP800-133rev2\\]sections4 and5.1", "CKG | RSA Key Generation:Modulus:2048,3072,4096;Key strength:from 112 to 150-bitsECDSA Key Generation:P-224,P-256,P-384,P-521;Key strength:from 112 to 256-bitsSafe Prime KeyGeneration:MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192 Key strength:from 112 to 200-bits | Apple corecrypto Module [Apple ARM,User,Software,SL1](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/vng_ltc) | FIPS 140-3 IG D.H.and\\[SP800-133rev2\\]sections4 and5.1", "ANSI X9.63 KDF | Hash based Key Derivation Function", "DES | Encryption/Decryption Key Size:56-bits", "Diffie-Hellman | Shared Secret Computation using key size<2048", "ECDSA | Generation/Verification/SigGen/SigVer with curveP-192", "ECDSA KeyGen | Key Pair Generation for compact point representation of points", "EC Diffie-Hellman | Shared Secret Computation using curves4096bits) | Key pair generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5030", "Certificate Number": "5030", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]", "Module Type": "Hardware", "Validation Date": "06/25/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5030.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5030", "module_name": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/24/2030", "overall_level": 2, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] is a Hardware module implemented as a sub-chip running on a single-chip processor.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "EDDSA", "HMAC", "KDF", "KTS", "SHA", "SHS" ], "algorithms_detailed": [ "AES-CBC | A1469 | Direction - EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A2842 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A2843 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A2844 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A2845 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A2863 | Direction - EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A510 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A1362 | Direction - EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A1469 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2842 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2843 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2845 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2847 | - | SP 800-38A", "AES-ECB | A2863 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2864 | Direction - EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A501 | Direction - Encrypt Key Length - 256 | SP 800-38A", "AES-ECB | A510 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-KW | A2843 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-KW | A2845 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-KW | A2846 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "Counter DRBG | A1362 | Prediction Resistance - YesMode - AES-256Derivation Function Enabled - No | SP 800-90A Rev. 1", "Counter DRBG | A2864 | Prediction Resistance - YesMode - AES-256Derivation Function Enabled - No | SP 800-90A Rev. 1", "Counter DRBG | A501 | Prediction Resistance - YesMode - AES-256Derivation Function Enabled - No | SP 800-90A Rev. 1", "HMAC-SHA-1 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A2849 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A2848 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "SHA-1 | A2845 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA-1 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-224 | A2845 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-224 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-256 | A2845 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-256 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-256 | A2849 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-384 | A2845 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-384 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-512 | A2845 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-512 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "SHA2-512/256 | A2848 | Message Length - Message Length: 0-32768Increment 8 | FIPS 180-4", "Ed25519 Key generation | EdDSA signature scheme", "Ed25519 shared secret generation | EdDSA shared secret generation", "ECDH Key Pair Generation | Elliptic Curve Integrated Encryption Scheme (ECIES)Key Generation", "ECDH Shared Secret Computation | Elliptic Curve Integrated Encryption Scheme (ECIES)Encryption/Decryption", "ANSI X9.63 KDF | Elliptic Curve Integrated Encryption Scheme (ECIES)Encryption/Decryption", "AES-GCM | Elliptic Curve Integrated Encryption Scheme (ECIES)Encryption/Decryption", "HKDF RFC5869 | HMAC based Key Derivation Function", "PBKDF | Key Derivation", "ECDSA implemented in FW | Key generation as part of Ref key generation serviceand validation, Signature generation and verificationas part of Device keybag service", "ECDSA implemented in HW PKA | Key generation as part of Ref key generation serviceSignature generation primitive", "ECDH implemented in FW | Shared secret computation", "ECDH implemented in HW PKA | Shared secret computation", "AES KW using class D key, keys fromDevice keybag, keys from iCloudkeybag or NVM storage controller key | Key wrapping and unwrapping", "UnauthenticatedSymmetricEncryption andDecryption | BC-UnAuth | AESEncrypt/Decrypt | AES \\[FIPS 197;SP 800-38A\\]:CBC, ECB | AES-CBC:(A2842, A2843,A2844, A2845,A510, A1469,A2863)KeySize/Strength:128, 192, 256AES-ECB:(A2842, A2843,A2845, A510,A2847, A1469,A2863, A2864,A1362)KeySize/Strength:128, 192, 256AES-ECB: (A501)KeySize/Strength:256", "key wrapping /key unwrapping | KTS-Wrap | AES KeyWrapping | KTS (AES) \\[SP800-38F\\]:AES-KW | AES-KW: (A2843,A2845, A2846)Key", "RandomNumberGeneration | DRBG | Random numbergenerator usingAES-256 | CTR\\_DRBG\\[SP800-90ARev1\\]:AES-256; NoDerivationFunction;PredictionResistanceEnabled | Counter DRBG:(A501, A2864,A1362)KeySize/Strength:256", "HMAC MessageAuthentication | MAC | Key Length 8 -262144 bits/ KeyStrength: 112 to256 bits | HMAC \\[FIPS198\\]:SHA-1,SHA-224, SHA-256, SHA-384,SHA-512, SHA-512/256 | HMAC-SHA-1:(A2845, A2848)HMAC-SHA2-224: (A2845,A2848)HMAC-SHA2-256: (A2845,A2848, A2849)HMAC-SHA2-384: (A2845,A2848)HMAC-SHA2-512: (A2845,A2848)HMAC-SHA2-512/256:(A2848)", "Message Digest | SHA | Hash function | SHS \\[FIPS 180-4\\]:SHA-1, SHA-224, SHA-256,SHA-384, SHA-512, SHA-512/256 | SHA-1: (A2845,A2848)SHA2-224:(A2845, A2848)SHA2-256:(A2845, A2848,A2849)SHA2-384:(A2845, A2848)SHA2-512:(A2845, A2848)", "Symmetric KeyGeneration | CKG | AES KeyGeneration | CKG \\[SP800-133Rev2\\]:KeyLength/KeyStrength: 256-bits | CKG: ()AES key: KeyLength/ KeyStrength: 256Counter DRBG:(A1362, A2864,A501", "Apple corecryptophysical entropysource | Physical | See TestedOperationalEnvironment Table | 256 bit | 256 bit | SHA-256 \\[ACVPcert. # C1223\\]", "AES-KW | Unwrapping function | key wrapping / keyunwrapping | 256-bits | 60,000,000 \\* 1 /2^256", "User | Role | Authenticated | AES-KW", "User KeybagServices viaMailbox | Step 1: Themodule receivesUser credentialand thereference to theclass C or A keyfrom the Userkeybag; Step 2.Obfuscation isperformed on | Successreturned fromAPI | Usercredential,referen | status(success/error) | UnauthenticatedSymmetricEncryption | User- Class A,Class C,Class AK,ClassAKU,Class CK,Class CKUin UserKeybag(AES", "key for the AES", "docum | \\- Entropyinputstring:W,E- DRBG", "guidan | ed DEK | (AES", "unwraps theDEK using AES-KW. If the class", "Backup keybaggeneration | The modulegenerates newset of back upkeybags usingthe DRBG | Success | N/A | status | Random | User- Class A,", "guidan | (AES", "Backup keybagservice | Step 1. Themodule receiveswrapped DEKand the classkey referencefor C and Afrom the userkeybag; 2. Usingthe referencedclass key, themoduleunwraps theDEK using AES-KW. If the classkey is notavailable, an | Successreturned fromAPIlisted inthecustomer | wrappedDEK,reference to | wrappedDEK | keywrapping /keyunwrappin | User- Class A,Class C,Class AK,Class", "guidan | user | (AES", "AES-KW; 5. | Class", "Escrow keybagcreation | The modulegenerates newset of escrowkeybag usingthe DRBG | Successreturned fromAPIlisted inthecustomer | N/A | status(success/error) | RandomNumberGeneration | User- Class A,Class C,Class AK,", "Export Keybag | Step 1. Themodule receivesreference to akeybag; Step 2:A HMAC key istaken as inputbased on thehardwarespecific data forthe SKS; Step 3:HMAC value is | Successreturned fromAPI | reference to akeybagto be | keybagwithHMACtag | HMACMessageAuthentication | User- HMACkey: W,E- Class A,", "the entire | docum | (AES", "Step 4: HMAC is | Class", "ce | (AES", "(AES", "Class D key FileSystem Services towrap or unwrap DEK | Wrapping of provided plaintext DEK orunwrapping of provided wrapped DEKusing class D key from Backup keybag orFlash in SEP | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Class D key service toencrypt or decryptdata | Encryption of provided plaintext ordecryption of provided ciphertext usingclass D key from Device or iCloudKeybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Class DK/DKU FileSystem Services towrap or unwrapkeychain | Wrapping of provided plaintext keychainor unwrapping of provided wrappedkeychain using class DK/DKU key fromBackup keybag or User keybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Class DK/DKU keyservice for dataencrypt or decrypt | Encryption of provided plaintext ordecryption of provided ciphertext usingDK/DKU key from Device or iCloudkeybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Encryption anddecryption using Ref-key | shared secret is generated using userprovided key and existing ref keyfollowed by HKDF is applied to derived akey which is used to encrypt theprovided plaintext or decrypt theprovided ciphertext | AES-GCMHKDF RFC5869ECDSAimplemented inFWECDSAimplemented inHW PKAAES KW usingclass D key, keysfrom Devicekeybag, keys | CryptoOffficer", "Generate SharedSecret using Ref-key | Shared secret generation | Ed25519 sharedsecretgenerationCurve 25519shared secretgenerationECDH SharedSecretComputationECDHimplemented inFWECDHimplemented inHW PKA | CryptoOfficer", "Device Keybag servicefor data encrypt ordecrypt | Encryption of provided plaintext ordecryption of provided ciphertext usingany key from Device Keybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "iCloud Keybag servicefor data encrypt ordecrypt | Encryption of provided plaintext ordecryption of provided ciphertext usingany key from iCloud Keybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Escrow keybag servicefor key wrapping andunwrapping | Wrapping of provided plaintext key orunwrapping of provided wrapped keyusing any key from Escrow Keybag | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloud | CryptoOfficer", "Encrypt or Decryptservice using Class BCurve 22519 key fromany keybag | shared secret is computed by generatingnew ephemeral keypair and existingCurve25519 key followed by HKDF isapplied to derived a key which is useddoe data encryption or decryption.During encryption operations, thewrapped key and the ephemeral publickey is sent to the user | Curve 25519 keygenerationCurve 25519shared secretgenerationHKDF RFC5869AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Wrap or unwrapservice for DEK orkeychain using anyCurve 22519 key fromasymmetric keybag | shared secret is computed by generatingnew ephemeral keypair and existingCurve25519 key followed by HKDF isapplied to derived a key which is usedto wrap and unwrap DEK or keychain.During wrapping operation, the wrappedkey and the ephemeral public key is sentto the user | Curve 25519 keygenerationCurve 25519shared secretgenerationHKDF RFC5869AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Asymmetric (Ed25519)backup keybag wrapand unwrap | Pointer toDK/DKU/CK/CKU/AK/AKU/AKPU keyfrom asymmetric keybag, plaintextkeychain during wrapping operation orwrapped keychain during unwrappingoperation | Ed25519 KeygenerationEd25519 sharedsecretgenerationHKDF RFC5869AES KW usingclass D key, keysfrom Device | CryptoOfficer", "Wrap or unwrapservice for keychainusing DK/DKU/CK/CKU/AK/AKU/AKPUEd25519 key fromasymmetric keybag | shared secret is computed by generatingnew ephemeral keypair and existingCurve25519 key followed by HKDF isapplied to derived a key which is usedto wrap and unwrap. The wrapped keyand the ephemeral public key is sent tothe user | Ed25519 KeygenerationEd25519 sharedsecretgenerationHKDF RFC5869AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | Crypto Officer", "NVM StorageController Key Service | wrapping DEK using NVM storagecontroller key | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Elliptic CurveIntegrated EncryptionScheme (ECIES)Encryption | Encryption | ECDH SharedSecretComputationANSI X9.63 KDFAES-GCM | Crypto ficer", "Elliptic CurveIntegrated EncryptionScheme (ECIES)Decryption | Decryption | ECDH SharedSecretComputationANSI X9.63 KDFAES-GCM | CryptoOfficer", "PBKDF Key Derivation | Hash-based Key Derivation | PBKDF | CryptoOfficer", "File system DEKservice | Unwrap the DEK using referenced classkey and re-wrap using NVM storagecontroller key | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOficer", "Generation of DEK viaIPC using class D key | Requesting generate DEK service via IPCChannel using class D keys | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Requesting backupkeybag service via IPCusing class D key | Requesting backup keybag service viaIPC Channel using class D keys | AES KW usingclass D key, keysfrom Devicekeybag, keysfrom iCloudkeybag or NVMstoragecontroller key | CryptoOfficer", "Class A, ClassC, Class AK,Class AKU,Class CK,Class CKU inUser Keybag(AES keys) | AES keysin userkeybag | 256-bits -256-bits | Symmetric -CSP | Unauthenticated SymmetricEncryption andDecryptionkey wrapping /keyunwrapping", "Class A, ClassC, Class AK,Class AKU,Class CK,Class CKU inBackupKeybag (AESkeys) | AES keysin backupkeybag | 256-bits -256-bits | Symmetric -CSP | Symmetric KeyGeneration | key wrapping /keyunwrapping", "Class A, ClassC, Class AK,Class AKU,Class CK,Class CKU in | AES keysin escrowkeybag | 256-bits -256-bits | Symmetric -CSP | Symmetric KeyGeneration | key wrapping /keyunwrapping", "DataEncryptionKey (DEK)(AES key) | AES keysin userkeybag | 256-bits -256-bits | Symmetric -CSP | Symmetric KeyGeneration | key wrapping /keyunwrappingRandomNumberGeneration", "DRBG seed | DRBGseedderivedfromentropyinput (IGD.Lcompliant) | 384-bits -256-bits | Seed - CSP | RandomNumberGeneration | RandomNumberGeneration", "DRBGinternal state(V value, Key) | Internalstatevaluesassociated withCTR\\_DRBG | 384-bits -256-bits | DRBG - CSP | RandomNumberGeneration | RandomNumberGeneration", "HMAC key | HMACkey | 112-bits -112-bits | MessageAuthentication Key - CSP | Symmetric KeyGeneration | RandomNumberGeneration", "Class A, ClassC, Class AK,Class AKU,Class CK,Class CKU inUser Keybag(AES keys) | ExportKeybag fromFlashPre-loadedfrom Factory | Flash:Encrypted | Fromfactoryinstall todevice-wipe | DeviceWipe", "DataEncryptionKey (DEK)(AES key) | ExportKeybag fromRAM | RAM:Encrypted | Fromserviceinvocation toservice | ContextobjectdestructionPowerDown", "Entropyinput string | Obtainedfrom ENT (P) | RAM:Encrypted | Fromserviceinvocation toservicecompletion | ContextobjectdestructionPowerDown | DRBG seed:Derives", "DRBG seed | RAM:Encrypted | Fromserviceinvocation toservicecompletion | ContextobjectdestructionPowerDown | Entropy inputstring:Derived FromDRBG internal state(V value,Key):Generates", "HMAC key | RAM:Encrypted | Fromserviceinvocation toservicecompletion | ContextobjectdestructionPowerDown", "HMAC-SHA2-256(A2845) | 112-bitkey | MessageAuthentication | SW/FWIntegrity | If the testfails, thenthe moduleenters anError State. | The HMAC value is pre-computed at build timeand stored in themodule. The HMACvalue is recalculatedduring runtime andcompared with thestored value.", "HMAC-SHA2-512(A2845) | 112-bit key | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "HMAC-SHA2-512(A2848) | 112-bit key | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "HMAC-SHA2-256(A2849) | 112-bit key | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "SHA2-256(A2845) | N/A | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "SHA2-256(A2848) | N/A | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "SHA-1(A2845) | N/A | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "SHA-1(A2848) | N/A | KAT | CAST | Modulebecomesoperational | Messageauthentication | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2842) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2842) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-KW(A2843) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore the", "AES-KW(A2843) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2844) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2844) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-KW(A2845) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-KW(A2845) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-KW(A2846) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-KW(A2846) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A2847) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A2847) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A510) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A510) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A501) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A501) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A1362) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A1362) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore the", "AES-CBC(A1469) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A1469) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2863) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-CBC(A2863) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A2864) | 128-bit key | KAT | CAST | Modulebecomesoperational | Encryption | Test runs atPower-onbefore theintegritytest", "AES-ECB(A2864) | 128-bit key | KAT | CAST | Modulebecomesoperational | Decryption | Test runs atPower-onbefore theintegritytest", "HMAC-SHA2-256 (A2845) | MessageAuthentication | SW/FW Integrity | Whenevermodule ispowered on | Upon everypower-on", "HMAC-SHA2-512 (A2845) | KAT | CAST | On Demand | Manually", "HMAC-SHA2-512 (A2848) | KAT | CAST | On Demand | Manually", "HMAC-SHA2-256 (A2849) | KAT | CAST | On Demand | Manually", "SHA2-256(A2845) | KAT | CAST | On Demand | Manually", "SHA2-256(A2848) | KAT | CAST | On Demand | Manually", "SHA-1 (A2845) | KAT | CAST | On Demand | Manually", "SHA-1 (A2848) | KAT | CAST | On Demand | Manually", "AES-CBC(A2842) | KAT | CAST | On Demand | Manually", "AES-KW (A2843) | KAT | CAST | On Demand | Manually", "AES-CBC(A2844) | KAT | CAST | On Demand | Manually", "AES-KW (A2845) | KAT | CAST | On Demand | Manually", "AES-KW (A2846) | KAT | CAST | On Demand | Manually", "AES-ECB (A2847) | KAT | CAST | On Demand | Manually", "AES-CBC (A510) | KAT | CAST | On Demand | Manually", "AES-ECB (A501) | KAT | CAST | On Demand | Manually", "AES-ECB (A1362) | KAT | CAST | On Demand | Manually", "AES-CBC(A1469) | KAT | CAST | On Demand | Manually", "AES-CBC(A2863) | KAT | CAST | On Demand | Manually", "AES-ECB (A2864) | KAT | CAST | On Demand | Manually", "Counter DRBG(A1362) | KAT | CAST | On Demand | Manually", "Counter DRBG(A2864) | KAT | CAST | On Demand | Manually", "Counter DRBG(A501) | KAT | CAST | On Demand | Manually", "Errorstate | The HMAC-SHA-256value computed over themodule did not matchthe pre- computed value,OR the computed valuein the invokedConditional CAST did notmatch the known value.No cryptographicservices are provided,and data output isprohibited | Pre-operationalFirmwareIntegrity Testfailure ORConditionalCAST failure | Poweroff/on | for Integrity: print statement\"FAILED:fipspost\\_post\\_integrity\" tostdout;for CAST: sprint statement\"FAILED: \" to stdout( refers to any of thecryptographic functionslisted in the Conditional Self-test Table)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5029", "Certificate Number": "5029", "Vendor Name": "Kingston Technology Company, Inc.", "Module Name": "IronKey D500S Series USB Flash Drive", "Module Type": "Hardware", "Validation Date": "06/24/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5029.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5029", "module_name": "IronKey D500S Series USB Flash Drive", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/23/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Kingston Technology Company, Inc. IronKey D500S Series USB Flash Drive is a hardware cryptographic module designed for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware‐based 256‐bit AES on‐the‐fly encryption to guard sensitive information in case the drive is lost or stolen. Its strong, durable, metal casing provides robust physical protection. Its strong password rules and lock‐down control protects against brute force attacks.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "IronKey D500S Series USB Flash Drive | IronKey D500S/8GB | 3.06 | Kingston PS2251-15USB AES Micro-Controller | 8GB of user data storage", "A3268 | AES-CBC | FIPS 197 NIST SP 800-38A | CBC | Key Length:256-bit Strength:256 bits | Prerequisite for KW Data Encryption/Decryption", "A3268 | AES-ECB | FIPS 197 NIST SP 800-38A | ECB | Key Length:256-bit Strength:256 bits | Prerequisite for KW Data Encryption/Decryption", "A3268 | AES-KW | FIPS 197 NIST SP 800-38F | KW | Key Length:256-bit Strength:256 bits | DEK\\_CO and DEK\\_U Encryption/Decryption", "A3268 | AES-XTS¹ | FIPS 197 NIST SP 800-38E | XTS | Key Length:256-bit Strength:256 bits | Mass-Storage Data Encryption/Decryption", "A3268 | ECDSA KeyGen | FIPS 186-5 | Key Generation | Curve:P-256 Strength:128 bits | Key Generation of KAS keys", "A3268 | ECDSA KeyVer | FIPS 186-4 | Key Verification | Curve:P-256 Strength:128 bits | Key Verification of KAS keys", "A3268 | HMAC-SHA2-256 | FIPS 198-1 | SHA2-256 | Key Length:256-bit Strength:256 bits | Prerequisite for KDA Message Authentication", "A3268 | HMAC DRBG | NIST SP 800-90A | HMAC-SHA2-256 | Security strength:256 bits | Deterministic Random Bit Generation", "A3268 | KAS-ECC-SSC | NIST SP 800-56Ar3 | ECC CDH C(2e,0s) | Curve:P-256 Strength:128 bits | Key Agreement Shared Secret calculation", "A3268 | KDA | NIST SP 800-56Cr2 | Two-Step KDF (HMAC-SHA2-256) | Derived Key Length:256 bits Shared Secret Length:256 bits | Key derivation as part of KAS", "A3268 | PBKDF² | NIST SP 800-132 (option 2A) | HMAC-SHA2-256 | Password length:8 to 136 bytes (refer to Section 4.1) Salt Length:256-bit | Deriving KEK\\_CO, KEK\\_U, KEK\\_R", "A3268 | RSA SigVer(PKCS1 v1.5) | FIPS 186-4 | Digital Signature Verification | Modulo:2048 Strength:128 bits | Digital Signature Verification", "A3268 | SHA2-256 | FIPS 180-4 | SHA2-256 | Strength:128bits | Prerequisite for HMAC Message Digest", "KAS | KAS-Full | NIST SP 800-56Arev3 per IG D.F Scenario 2 path(2) | Standards:NIST SP 800-56Arev3,NIST SP 800-56Crev2,FIPS 186-4 | KAS-ECC-SSC:(A3268)", "KDA:(A3268)", "ECDSA KeyVer:(A3268)", "KTS | KTS-Unwrap | Key unwrapping per NIST SP 800-38F Per IG D.G. Used for the entry of the operator's password. | Standards:FIPS 197,FIPS 198-1,NIST SP 800-38A | AES-CBC:(A3268)", "HMAC-SHA2-256:(A3268)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5028", "Certificate Number": "5028", "Vendor Name": "HID Global", "Module Name": "HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform", "Module Type": "Hardware", "Validation Date": "06/18/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5028.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5028", "module_name": "HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/17/2030", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "HID Global ActivID Applet 2.7.7 & 2.7.8 on Thales IDCore 3230 Platform cryptographic module, validated to FIPS 140-3 overall Level 2, is a single-chip “contact and contactless” module implementing the Global Platform operational environment, with Card Manager as well as the ActivID Applet Suite.", "algorithms": [ "KAS", "KDF", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "KAS-ECC Sp800-56Ar3 | A2877 | Domain Parameter Generation Methods - P-256Function - Partial ValidationScheme-onePassDh-KAS Role - ResponderKDF Methods-oneStepKdf-Key Length-512 | SP 800-56A Rev.3", "KDF SP800-108 | A2877 | KDF Mode-CounterSupported Lengths-Supported Lengths:128-256Increment64 | SP 800-108Rev.1", "KTS-IFC | A2877 | Modulo-2048,3072,4096Key Generation Methods-rsakpg1-basic,rskapg1-crtScheme-KTS-OAEP-basic-KAS Role-responderKey Transport Method-Key Length-512 | SP 800-56B Rev.2", "RSA KeyGen(FIPS186-5) | A2877 | Key Generation Mode-probableHash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Primality Tests-2pow100Modulo-2048,3072Private Key Format-standard | FIPS186-5", "RSA SigGen(FIPS186-5) | A2877 | Modulo-2048,3072Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigVer(FIPS186-5) | A2877 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "SHA2-224 | A2877 | Message Length-Message Length:8-65536 Increment8 | FIPS180-4", "SHA2-256 | A2877 | Message Length-Message Length:8-65536 Increment8 | FIPS180-4", "SHA2-384 | A2877 | Message Length-Message Length:8-65536 Increment8 | FIPS180-4", "SHA2-512 | A2877 | Message Length-Message Length:8-65536 Increment8 | FIPS180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5027", "Certificate Number": "5027", "Vendor Name": "IDEMIA", "Module Name": "ID-One PIV 243 in SPE Configurations", "Module Type": "Hardware", "Validation Date": "06/17/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5027.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5027", "module_name": "ID-One PIV 243 in SPE Configurations", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/16/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "ID-One PIV 243 in SPE Configurations, is a dual interface smartcard chip (ISO 7816 & ISO 14443) that contains a Personal Identity Verification (PIV) application with On-Card-Fingerprints-Comparison that has been enhanced from FIPS 201-2 PIV Standard from NIST to offer higher security and stronger cryptography for an overall level 3 validation and address the needs of Governments and Enterprises around the world.", "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4945 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A4945 | Direction-GenerationKeyLength-192,256 | SP800-38B", "AES-ECB | A4945 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "Counter DRBG | A4945 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4945 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-TestingCandidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4945 | Curve-P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4945 | Component-No,YesCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4945 | Component-No,YesCurve-P-224,P-256,P-384,P-521 | FIPS186-4", "HMAC-SHA-1 | A4945 | Key Length-Key Length:8-1016Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4945 | Key Length-Key Length:8-1016Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4945 | Key Length-Key Length:8-1016Increment8 | FIPS 198-1", "KAS-ECCCDH-Component(CVL) | A4945 | Function-Key Pair GenerationCurve-P256,P384,P521 | SP800-56ARev.3", "KAS-ECCSp800-56Ar3 | A4945 | Domain Parameter GenerationMethods-P256,P384,P521Function-Key Pair GenerationScheme-onePassDh-KAS Role-ResponderKDF Methods-oneStepKdf-KeyLength-1024 | SP800-56ARev.3", "KDF SP800-108 | A4945 | KDF Mode-CounterSupported Lenghts-SupportedLengths:64,256 | SP800-108Rev.1", "RSA DecryptionPrimitiveSp800-56Br2(CVL) | A4945 | - | SP800-56BRev.2", "RSA KeyGen(FIPS186-4) | A4945 | Key GenerationMode-B.3.6Modulo-2048,3072,4096Primality Tests-TableC.3Private Key Format-ChineseRemainderTheorem | FIPS186-4", "RSA SigGen(FIPS186-4) | A4945 | SignatureType-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA SignaturePrimitive(CVL) | A4945 | Private KeyFormat-crt | FIPS186-4", "RSA SigVer(FIPS186-4) | A4945 | SignatureType-PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A4945 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS 180-4", "SHA2-224 | A4945 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS 180-4", "SHA2-256 | A4945 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS 180-4", "SHA2-384 | A4945 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS 180-4", "SHA2-512 | A4945 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS 180-4", "CKG | HMAC keys:112 to 1016 bitsAES keys:128,192,256 bitsGenerated by:CTR DRBG | ID-One Cosmo X FIPS | SP800-133r2", "RSA | RSA decryption primitive with 1024-bit modulus only for legacy usage | RSA decryption primitive using 1024-bit modulus" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5026", "Certificate Number": "5026", "Vendor Name": "Ergotron, Inc.", "Module Name": "Ergotron Cryptographic Module", "Module Type": "Software", "Validation Date": "06/16/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5026.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5026", "module_name": "Ergotron Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Erogtron Cryptographic Module is a general-purpose cryptographic library incorporated into the RhythmConnect, Mosaic, Ergotron Mobile Power, YES Charging Cart, and Encore products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5025", "Certificate Number": "5025", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2]", "Module Type": "Hardware", "Validation Date": "06/16/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5025.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5025", "module_name": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/15/2030", "overall_level": 2, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Apple corecrypto Module v12.0 [Apple silicon, Secure Key Store, Hardware, SL2] is a Hardware module implemented as a sub-chip running on a single-chip processor.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "EDDSA", "HMAC", "KDF", "SHA" ], "algorithms_detailed": [ "AES-CBC | A2842 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A2843 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A2844 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A2845 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | A510 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC | C314 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C315 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C317 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C318 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C319 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C320 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C322 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C326 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-CBC | C358 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38A", "AES-ECB | A2842 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A2843 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A2845 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A2847 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A501 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | A510 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | AES5261 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | AES5272 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | AES5273 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | AES5274 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | AES5275 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | AES5278 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | C314 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C315 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C317 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C318 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C319 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C320 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C322 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C323 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | C324 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | C326 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-ECB | C331 | Direction-EncryptKeyLength-256 | SP800-38A", "AES-ECB | C358 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-KW | A2843 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KW | A2845 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KW | A2846 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "Counter DRBG | A501 | Prediction Resistance - Yes Mode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | C323 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | C324 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | C331 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2014 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2022 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2023 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2024 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2025 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "Counter DRBG | DRBG 2028 | Prediction Resistance - YesMode-AES-256Derivation Function Enabled-No | SP 800-90A Rev.1", "HMAC-SHA-1 | A2845 | Key Length - Key Length: 8-262144Increment 8 | FIPS 198-1", "HMAC-SHA-1 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-224 | A2845 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-224 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-256 | A2845 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-256 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-256 | A2849 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-384 | A2845 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-384 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-512 | A2845 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-512 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A2848 | Key Length - Key Length: 8-262144Increment8 | FIPS198-1", "SHA-1 | A2845 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA-1 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-224 | A2845 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-224 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A2845 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-256 | A2849 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-384 | A2845 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-384 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-512 | A2845 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-512 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "SHA2-512/256 | A2848 | Message Length - Message Length:0-32768Increment8 | FIPS 180-4", "Ed25519 Key generation | EdDSA signature scheme", "Ed25519 shared secret generation | EdDSA shared secret generation", "ECDH Key Pair Generation | Elliptic Curve Integrated Encryption Scheme (ECIES)Key Generation", "ECDH Shared Secret Computation | Elliptic Curve Integrated Encryption Scheme (ECIES)Encryption/Decryption", "ANSI X9.63 KDF | Elliptic Curve Integrated Encryption Scheme (ECIES)Encryption/Decryption", "AES-GCM | Elliptic Curve Integrated Encryption Scheme(ECIES)Encryption/Decryption", "HKDF RFC5869 | HMAC based Key Derivation Function", "PBKDF | Key Derivation", "ECDSA implemented in FW | Key generation as part of Ref key generation service and validation, Signature generation and verificationas part of Device keybag service", "ECDSA implemented in HW PKA | Key generation as part of Ref key generation serviceSignature generation primitive", "ECDH implemented in FW | Shared secret computation", "ECDH implemented in HW PKA | Shared secret computation", "AES KW using class D key, keys fromDevice keybag, keys from iCloudkeybag or NVM storage controller key | Key wrapping and unwrapping" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5024", "Certificate Number": "5024", "Vendor Name": "IDEMIA", "Module Name": "ID-One PIV 243 in NPIVP & CIV Configurations", "Module Type": "Hardware", "Validation Date": "06/09/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5024.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5024", "module_name": "ID-One PIV 243 in NPIVP & CIV Configurations", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/8/2030", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "ID-One PIV 243 in NPIVP & CIV Configurations, is a dual interface smartcard chip (ISO 7816 & ISO 14443) that contains a Personal Identity Verification (PIV) application with On-Card-Fingerprints-Comparison that can be configured to strictly comply with NIST FIPS 201-2 Standard for US Government Federal Employees and Contractors (NPIVP configuration), or support enhanced functionalities (ANSI 504), and additional access conditions (SO_PIN), as well as stronger cryptography (ECC P-521) while maintaining backward compatibility with NPIVP, to address Civilian markets worldwide (CIV configuration).", "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4945 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A4945 | Direction- Generation KeyLength-192,256 | SP 800-38B", "AES-ECB | A4945 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "Counter DRBG | A4945 | Prediction Resistance-No Mode-AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4945 | Curve-P224,P256,P384,P521Secret Generation Mode-TestingCandidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4945 | Curve-P224,P256,P384,P521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4945 | Component-No,YesCurve-P224,P256,P384,P521HashAlgorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4945 | Component-No,YesCurve-P224,P256,P384,P521HashAlgorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4945 | KeyLength-KeyLength:8-1016Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4945 | KeyLength-KeyLength:8-1016Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4945 | KeyLength-KeyLength:8-1016Increment8 | FIPS198-1", "KAS-ECCCDH-Component(CVL) | A4945 | Function-KeyPairGenerationCurve-P256,P384,P521 | SP800-56ARev.3", "KAS-ECCSp800-56Ar3 | A4945 | DomainParameterGenerationMethods-P256,P384,P521Function-KeyPairGenerationScheme-onePassDh-KASRole-ResponderKDFMethods-oneStepKdf-KeyLength-1024 | SP800-56ARev.3", "RSADecryptionPrimitiveSp800-56Br2(CVL) | A4945 | - | SP800-56BRev.2", "RSA SigGen(FIPS186-4) | A4945 | Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A4945 | Private Key Format-crt | FIPS186-4", "RSA SigVer(FIPS186-4) | A4945 | Signature Type-PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A4945 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS180-4", "SHA2-224 | A4945 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS180-4", "SHA2-256 | A4945 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS180-4", "SHA2-384 | A4945 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS180-4", "SHA2-512 | A4945 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1 | FIPS180-4", "CKG | HMAC:112 to 1016 bitsAES keys:128,192,256 bit keysGenerated by:CTR DRBG | ID-One Cosmo X FIPS | SP800-133r2", "RSADP | RSA decryption primitive with 1024-bit modulus allowed per iG 2.4.A | RSA decryption primitive" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5023", "Certificate Number": "5023", "Vendor Name": "F5, Inc.", "Module Name": "OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "06/08/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5023.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5023", "module_name": "OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/7/2030", "overall_level": 1, "caveat": "When operated in approved mode, installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic library offering various cryptographic mechanisms to be used by OpenSSL application running on F5 VELOS system controller and blade.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4782 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC | A4783 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4782 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4782 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4783 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4782 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A4783 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4782 | Direction - Decrypt, Encrypt | IV Generation - Internal | SP 800-38D | ____________________________________________________________________________________________________________________ | © 2025 F5, Inc. | This document can be reproduced and distributed only whole and intact, including this copyright notice | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256", "AES-GMAC | A4783 | Direction - Decrypt, Encrypt | IV Generation - Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "Counter DRBG | A4782 | Prediction Resistance - No, Yes", "Mode - AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A Rev. | 1", "Counter DRBG | A4783 | Prediction Resistance - No", "Mode - AES-256 | Derivation Function Enabled - Yes | SP 800-90A Rev. | 1", "ECDSA KeyGen (FIPS186- | 4) | A4782 | Curve - P-256, P-384 | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A4782 | Curve - P-256, P-384 | FIPS 186-4", "ECDSA SigGen (FIPS186-4) | A4782 | Component - No | Curve - P-256, P-384 | FIPS 186-4", "ECDSA SigVer (FIPS186-4) | A4782 | Component - No | Curve - P-256, P-384 | FIPS 186-4", "HMAC-SHA-1 | A4782 | Key Length - Key Length: 8, 16, 64, 128, 1024 | FIPS 198-1", "HMAC-SHA-1 | A4783 | Key Length - Key Length: 8, 16, 64, 128, 1024 | FIPS 198-1", "HMAC-SHA2-256 | A4782 | Key Length - Key Length: 8, 16, 64, 128, 1024 | FIPS 198-1", "HMAC-SHA2-384 | A4782 | Key Length - Key Length: 8, 16, 64, 128, 1024 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4782 | Domain Parameter Generation Methods - P-256, | P-384 | Scheme - | staticUnified - | KAS Role - initiator, responder | SP 800-56A Rev. | 3", "KDF SSH (CVL) | A4782", "Cipher - AES-128, AES-256 | SP 800-135 Rev. | 1", "KDF TLS (CVL) | A4782", "TLS Version - v1.0/1.1 | SP 800-135 Rev. | 1", "RSA KeyGen (FIPS186-4) | A4782 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4 | ____________________________________________________________________________________________________________________ | © 2025 F5, Inc. | This document can be reproduced and distributed only whole and intact, including this copyright notice", "RSA SigGen (FIPS186-4) | A4782 | Signature Type - PKCS 1.5 | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A4782 | Signature Type - PKCS 1.5 | Modulo - 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A4782 | - | FIPS 180-4", "SHA-1 | A4783 | - | FIPS 180-4", "SHA2-256 | A4782 | - | FIPS 180-4", "SHA2-384 | A4782 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627", "(CVL) | A4782 | - | SP 800-135 Rev. | 1 | There are algorithms, modes, and key/moduli sizes that have been CAVP-tested but are not used by any | approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in | this table are used by an approved service of the module. | Name | Implementation | Cryptographic Key | Generation (CKG) | Key | Type:Asymmetric | N/A | Random bit strings required for generating the | cryptographic keys is compliant with section 4 | example 1 of SP800-133r2 | Non-Approved, Allowed Algorithms: | N/A for this module. | The module does not implement any Non-Approved Allowed algorithms in the Approved mode of operation. | Non-Approved, Allowed Algorithms with No Security Claimed: | Name | Caveat | Use and Function | MD5 | Allowed per IG 2.4.A", "Message digest used in TLS 1.0 / 1.1 KDF only | Non-Approved, Not Allowed Algorithms: | ____________________________________________________________________________________________________________________ | © 2025 F5, Inc. | This document can be reproduced and distributed only whole and intact, including this copyright notice | Name | Use and Function", "AES with OFB, CCM, CFB, XTS, KW modes | Symmetric encryption and decryption", "Blowfish, Camellia, CAST5, DES, IDEA, RC2, RC4, SEED, SM2,", "SM4, Triple-DES | Symmetric encryption and decryption", "SHA2-224, SHA2-512, SM3, MD4, MD5 (outside of TLS), MDC2, | RIPEMD, Whirlpool", "HMAC-SHA2-224, HMAC-SHA2-512, AES CMAC, Triple-DES | CMAC | PKCS #1 v1.5 scheme with 1024 and greater than 4096 up to", "16384 modulus, for all SHA sizes", "RSA signature generation and verification | Probabilistic Signature Scheme (PSS), ANSI X9.31 schemes", "RSA signature generation and verification | PKCS #1 v1.5 scheme with modulus size 2048, 3072, 4096 bits", "with SHA-1, SHA2-224, SHA2-512", "RSA signature generation | PKCS #1 v1.5 scheme with modulus size 2048, 3072, 4096 bits", "with SHA2-224, SHA2-512", "RSA signature verification", "ECDSA with P-224, P-521", "ECDSA key generation / verification", "ECDSA with curves P-256, P-384 with SHA-1 SHA2-224, SHA2- | 512", "ECDSA signature generation / verification", "ECDSA using SM2 | Digital signature generation and verification", "RSA with modulus sizes up to 16384 bits", "RSA encrypt / decrypt", "DSA with all key and SHA sizes", "DSA domain parameter generation, domain | parameter verification, key pair generation, | signature generation and verification", "HMAC_DRBG and Hash_DRBG for all SHA sizes | Random number generation", "CTR_DRBG with AES-128, AES-192 | Random number generation | ANSI X9.31 RNG | Random number generation | Diffie-Hellman", "Shared secret computation | EC Diffie-Hellman Ephemeral Unified with curves other than P-", "256, P-384, without KDF. EC Diffie-Hellman without KDF or | using onePassDH / StaticUnified schemes", "Shared secret computation", "Key Derivation function in the context of TLS using SHA2-224 /", "SHA2-512", "TLS KDF", "Key Derivation function in the context of SSH using SHA-1 /", "SHA2-224 / SHA2-512", "SSH KDF | ____________________________________________________________________________________________________________________ | © 2025 F5, Inc. | This document can be reproduced and distributed only whole and intact, including this copyright notice | Name | Use and Function | PKCS #1 v1.5 with keys other than 2048 / 3072 / 4096-bit using", "SHA2-256, SHA2-384", "RSA signature generation and verification" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5022", "Certificate Number": "5022", "Vendor Name": "Red Hat, Inc", "Module Name": "Red Hat Enterprise Linux 9 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/30/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5022.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5022", "module_name": "Red Hat Enterprise Linux 9 NSS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/29/2030", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/.", "algorithms": [ "AES", "DES", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "MD2, MD5, SHA-1 | Message digest", "RC2, RC4, DES, Triple-DES, CDMF, Camellia, SEED, ChaCha20(-Poly1305) | Encryption, Decryption", "AES GCM (external IV) | Encryption", "CBC-MAC,AES XCBC-MAC,AES XCBC-MAC-96 | Message authentication", "HMAC(MD2,MD5,SHA-1;<112-bit keys) | Message authentication", "HMAC/SSLv3 MAC(constant-time implementation) | Message authentication", "MD2,MD5,SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,DES,TripleDES,AES,Camellia,SEED,ANSX9.63KDF,SSL3PRF,IKEv1PRF,TLS1.0/1.1KDF,TLSKDFwithout extended master secret | Key derivation", "KBKDF,HKDF,TLS1.2KDF,IKEv2PRF(<112-bitkeys) | Key derivation", "KBKDF(MD2,MD5) | Key derivation", "J-PAKE | Shared secret computation", "KAS-FFC-SSC(FIPS186-typegroups) | Shared secret computation", "X25519 | Shared secret computation", "DSA | Signature generation,Signature verification", "RSA(primitive;PKCS#1v1.5orPSSwithMD2,MD5,SHA-1) | Signature generation,Signature verification", "RSA(<2048-bitkeys) | Signature generation", "RSA(<1024-bitkeys) | Signature verification", "ECDSA(component) | Signature generation,Signature verification", "RSA | Asymmetric encryption, Asymmetric decryption", "DSA | Parameter generation, Parameter verification,Key pair generation", "RSA(<2048bits;>4096bits) | Key pair generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5021", "Certificate Number": "5021", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "Amazon Linux 2023 OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "05/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5021.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5021", "module_name": "Amazon Linux 2023 OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/25/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon Linux 2023 OpenSSL FIPS Provider is a software library implementing general purpose cryptographic algorithms.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4605,A4606,A4607,A4609,A4610,A4611 | Direction- Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A4605,A4606,A4607,A4609,A4610,A4611 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4605,A4606,A4607,A4609,A4610,A4611,A4635,A4636,A4637,A4638,A4639 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4614,A4615,A4616,A4617,A4620,A4621,A4622,A4623,A4624,A4625,A4626,A4627,A4628 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A4614,A4615,A4616,A4617,A4620,A4621,A4622,A4623,A4624,A4625,A4626,A4627,A4628 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-KW | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTSTesting Revision 2.0 | A4605,A4606,A4607,A4609,A4610,A4611 | Direction-Decrypt,EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A4604 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "ECDSAKeyVer(FIPS185-5) | A4612,A4618,A4629,A4630,A4631,A4632 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Component-No | FIPS 186-5", "ECDSASigGen(FIPS185-5) | A4612,A4618,A4629,A4630,A4631,A4632 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Component-No | FIPS 186-5", "ECDSASigVer(FIPS185-5) | A4612,A4618,A4629,A4630,A4631,A4632 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "ECDSASigVer(FIPS185-5) | A4613,A4619 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-5", "Hash DRBG | A4604 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A4604 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4608,A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4612,A4618,A4629,A4630,A4631,A4632 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4613,A4619 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4613,A4619 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4613,A4619 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4613,A4619 | Key Length - Key Length:112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4612,A4618,A4629,A4630,A4631,A4632 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4642 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MMODP-8192Scheme-dhEphem-KAS Role - initiator, responder | SP 800-56ARev.3", "KDA HKDFSp800-56Cr1 | A4603 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A4641 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048 Increment 8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A4641 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length:224-2048 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4612,A4618,A4629,A4630,A4631,A4632 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:8-4096Increment 8 | SP 800-135Rev.1", "KDF ANS 9.42(CVL) | A4613,A4619 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63 (CVL) | A4612, A4618, A4629, A4630, A4631, A4632 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A4613, A4619 | Hash Algorithm - SHA3-224, SHA3-256, SHA3-384, SHA3-512 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1", "KDF SP800-108 | A4608, A4640 | KDF Mode - Counter, Feedback Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800-108 Rev. 1", "KDF SSH (CVL) | A4635, A4636, A4637, A4638, A4639 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "PBKDF | A4612, A4613, A4618, A4619, A4629, A4630, A4631, A4632 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 Rev. 1", "RSA KeyGen (FIPS186-5) | A4612, A4618, A4629, A4630, A4631, A4632 | Key Generation Mode - probableWithProbableAux Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5", "RSA SigGen (FIPS186-5) | A4612, A4613, A4618, A4619, A4629, A4630, A4631, A4632 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer (FIPS186-4) | A4612, A4618, A4629, A4630, A4631, A4632 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 1024 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A4612, A4613, A4618, A4619, A4629, A4630, A4631, A4632 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A4608, A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A4612, A4618, A4629, A4630, A4631, A4632 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A4613,A4619 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4613,A4619 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4613,A4619 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4613,A4619 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4613,A4619 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "SHAKE-256 | A4613,A4619 | Output Length-Output Length:16-65536Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A4612,A4618,A4629,A4630,A4631,A4632 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4603 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "AES GCM (external IV) | Authenticated encryption", "HMAC (<112-bit keys) | Message authentication", "KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF(<112-bit keys) | Key derivation", "KDA OneStep, KDA TwoStep(SHAKE128,SHAKE256) | Key derivation", "ANS X9.42 KDF(SHAKE128,SHAKE256) | Key derivation", "ANS X9.63 KDF(SHA-1,SHAKE128,SHAKE256) | Key derivation", "SSH KDF(SHA-512/224,SHA-512/256,SHA-3,SHAKE128,SHAKE256) | Key derivation", "TLS 1.2 KDF(SHA-1,SHA-224,SHA-512/224,SHA-512/256,SHA-3) | Key derivation", "TLS 1.3 KDF(SHA-1,SHA-224,SHA-512,SHA-512/224,SHA-512/256,SHA-3) | Key derivation", "RSA(KAS1,KAS2 schemes) | Shared secret computation", "RSA and ECDSA(pre-hashed message) | Signature generation; Signature verification", "RSA-PSS(invalid salt length) | Signature generation; Signature verification", "RSA-OAEP | Asymmetric encryption; Asymmetric decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5020", "Certificate Number": "5020", "Vendor Name": "SSH Communications Security, Oyj.", "Module Name": "SSH Communications Security Cryptographic Module", "Module Type": "Software", "Validation Date": "05/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5020.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5020", "module_name": "SSH Communications Security Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SSH Communications Security Cryptographic Module is a general-purpose cryptographic library incorporated into the PrivX Privileged Access Management systems and other SSH Communications Security products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A6735 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A6735 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A6735 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A6735 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6735 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6735 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "KAS-ECC CDH-Component | SP800-56Ar3 (CVL) | A6735 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A6735 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, | P-256, P-384, P-521 | Scheme -ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A6735 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 | Scheme -dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A6735 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme -KAS1 - | KAS Role - initiator, responder | Scheme -KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF SP800-56Cr2 | A6735 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C | Rev. 2", "KDA OneStep SP800-56Cr2 | A6735 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep SP800-56Cr2 | A6735 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.42 (CVL) | A6735", "KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-", "224, SHA3-256, SHA3-384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "KDF ANS 9.63 (CVL) | A6735", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF SP800-108 | A6735", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800-108 | Rev. 1", "KDF SSH (CVL) | A6735", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "PBKDF | A6735 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "TLS v1.2 KDF RFC7627 (CVL) | A6735", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF (CVL) | A6735 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "DSA KeyGen (FIPS186-4) | A6735 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4", "DSA PQGGen (FIPS186-4) | A6735 | L - 2048, 3072 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer (FIPS186-4) | A6735 | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen (FIPS186-4) | A6735 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A6735 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, | P-521 | FIPS 186-4", "EDDSA KeyGen | A6735 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A6735 | Curve - ED-25519, ED-448 | FIPS 186-5 | Safe Primes Key Generation | A6735 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 | SP 800-56A | Rev. 3 | Safe Primes Key Verification | A6735 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 | SP 800-56A | Rev. 3", "RSA KeyGen (FIPS186-4) | A6735 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "KTS-IFC | A6735 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme -KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "AES-CMAC | A6735 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-GMAC | A6735 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "HMAC-SHA-1 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6735 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1 | KMAC-128 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "SHA-1 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A6735 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A6735 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A6735 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A6735 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "Counter DRBG | A6735 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "Hash DRBG | A6735 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | SP 800-90A | Rev. 1", "HMAC DRBG | A6735 | Prediction Resistance - Yes", "ECDSA SigGen (FIPS186-4) | A6735 | Component - No | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521", "ECDSA SigVer (FIPS186-4) | A6735 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, | P-521", "DSA SigGen (FIPS186-4) | A6735 | L - 2048, 3072 | N - 224, 256", "DSA SigVer (FIPS186-4) | A6735 | L - 1024, 2048, 3072 | N - 160, 224, 256", "EDDSA SigGen | A6735 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigVer | A6735 | Curve - ED-25519, ED-448 | FIPS 186-5", "RSA SigGen (FIPS186-4) | A6735 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen (FIPS186-5) | A6735 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA Signature Primitive (CVL) | A6735 | Private Key Format - crt | FIPS 186-4", "RSA SigVer (FIPS186-4) | A6735 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A6735 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Name | Implementation | CKG Section 4 | NIST, SP 800-133 Rev. 2 | CKG Section 5 | NIST, SP 800-133 Rev. 2 | CKG Section 6.2 | NIST, SP 800-133 Rev. 2", "Hash DRBG with SHA3-256, SHA3-512 | NIST, SP 800-90A Rev. 1", "HMAC DRBG with SHA3-256, SHA3-512 | NIST, SP 800-90A Rev. 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non-Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5019", "Certificate Number": "5019", "Vendor Name": "Musarubra US LLC", "Module Name": "Trellix FIPS Provider", "Module Type": "Software", "Validation Date": "05/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5019.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5019", "module_name": "Trellix FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trellix FIPS Provider is a FIPS 140-3 certified software module that provides OpenSSL 3.x cryptographic functions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC-CS3 | A6884 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 136-512 Increment 8 | SP 800-38A", "AES-CCM | A6884 | Key Length - 128, 192, 256Tag Length - 112, 128, 32, 48, 64, 80, 96IV Length - IV Length: 56-104 Increment 8Payload Length - Payload Length: 0-256 Increment 8AAD Length - AAD Length: 0-524288 Increment 8 | SP 800-38C", "AES-CFB1 | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A6884 | Direction - Generation, VerificationKey Length - 128, 192, 256MAC Length - MAC Length: 128Message Length - Message Length: 0-524288 Increment 8 | SP 800-38B", "AES-CTR | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A6884 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8Payload Length - Payload Length: 8-65536 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-GMAC | A6884 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96 | SP 800-38D", "AES-KW | A6884 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-4096 Increment 128 | SP 800-38F", "AES-KWP | A6884 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 8-4096 Increment 8 | SP 800-38F", "AES-OFB | A6884 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6884 | Direction - Decrypt, EncryptKey Length - 128, 256Payload Length - Payload Length: 128-65536 Increment 128Tweak Mode - HexData Unit Length Matches Payload Length - Yes | SP 800-38E", "Counter DRBG | A6884 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128, AES-192, AES-256Derivation Function Enabled - No, YesAdditional Input - Additional Input: 0-256 Increment 256, Additional Input: 256, Additional Input: 320, Additional Input: 384Entropy Input - Entropy Input: 128-256 Increment 128, Entropy Input: 256, Entropy Input: 256-512 Increment 128, Entropy Input: 320, Entropy Input: 384Nonce - Nonce: 0, Nonce: 128Personalization String Length - Personalization String Length: 0-256 Increment 256, Personalization String Length: 256, Personalization String Length: 320, Personalization String Length: 384Returned Bits - 256 | SP 800-90A Rev. 1", "DSA KeyGen (FIPS186-4) | A6884 | L - 2048, 3072N - 224, 256 | FIPS 186-4", "DSA PQGGen (FIPS186-4) | A6884 | P/Q Generation Methods - ProbableG Generation Methods - Canonical, UnverifiableL - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer (FIPS186-4) | A6884 | P/Q Generation Methods - ProbableG Generation Methods - Canonical, UnverifiableL - 1024, 2048, 3072 | FIPS 186-4", "DSA SigGen (FIPS186-4) | A6884 | L - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer (FIPS186-4) | A6884 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen (FIPS186-4) | A6884 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A6884 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen (FIPS186-4) | A6884 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "EDDSA KeyGen | A6884 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A6884 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigGen | A6884 | Curve - ED-25519, ED-448Context Length - Context Length: 0-255 Increment 1PreHash - NoPure - Yes | FIPS 186-5", "EDDSA SigVer | A6884 | Curve - ED-25519, ED-448PreHash - NoPure - Yes | FIPS 186-5", "Hash DRBG | A6884 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Entropy Input - Entropy Input: 128-256 Increment 64, Entropy Input: 192-256 Increment 64, Entropy Input: 256-320 Increment 64Nonce - Nonce: 128-160 Increment 32, Nonce: 96-128 Increment 32Personalization String Length - Personalization String Length: 0-256 Increment 128Additional Input - Additional Input: 0-256 Increment 128Returned Bits - 160, 224, 256, 384, 512 | SP 800-90A Rev. 1", "HMAC DRBG | A6884 | Prediction Resistance - YesSupports Reseed - YesMode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Entropy Input - Entropy Input: 160-256 Increment 32, Entropy Input: 192-256 Increment 64, Entropy Input: 256- | SP 800-90A Rev. 1", "HMAC-SHA-1 | A6884 | MAC - MAC: 32-160 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A6884 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A6884 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A6884 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A6884 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A6884 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A6884 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A6884 | MAC - MAC: 32-224 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A6884 | MAC - MAC: 32-256 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A6884 | MAC - MAC: 32-384 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A6884 | MAC - MAC: 32-512 Increment 8Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A6884 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A6884 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A6884 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 | SP 800-56A Rev. 3", "KAS-IFC-SSC | A6884 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KAS1-KAS Role-initiator, responderKAS2-KAS Role-initiator, responderFixed Public Exponent-010001 | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A6884 | Fixed Info Pattern-algorithmld", "KDA OneStep SP800-56Cr2 | A6884 | Auxiliary Function Methods-Auxiliary Function Name-SHA2-512MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDA TwoStep SP800-56Cr2 | A6884 | MAC Salting Methods-default,randomFixed Info Pattern-algorithmld", "KDF ANS 9.42 (CVL) | A6884 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512Other Info Length - Other Info Length: 0-4096 Increment 8zz Length - zz Length: 8-4096 Increment 8Key Data Length - Key Data Length: 8-4096 Increment 8Supplemental Information Length - Supplemental Information Length: 0-120 Increment 8OID - AES-128-KW, AES-192-KW, AES-256-KW | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A6884 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Field Size - 224, 571Shared Info Length - Shared Info Length: 0, 1024Key Data Length - Key Data Length: 128, 4096 | SP 800-135 Rev. 1", "KDF SP800-108 | A6884 | KDF Mode - Counter, FeedbackMAC Mode - CMAC-AES128, CMAC-AES192, CMAC-AES256, HMAC-SHA-1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096Fixed Data Order - Before Fixed DataCounter Length - 32Supports Empty IV - No, YesCustom Key In Length - 0Requires Empty IV - Yes | SP 800-108 Rev. 1", "KDF SSH (CVL) | A6884 | Cipher - AES-128, AES-192, AES-256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "KTS-IFC | A6884 | Function - keyPairGen, partialValIUT ID - CAFEFACEModulo - 2048, 3072, 4096, 6144 | SP 800-56B Rev. 2", "PBKDF | A6884 | Iteration Count - Iteration Count:1-10000 Increment1HMAC Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length-Password Length:8-128 Increment8Salt Length-Salt Length:128-4096 Increment8Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A6884 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A6884 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096Hash Pair-Hash Algorithm-SHA2-256 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A6884 | Hash Pair-Hash Algorithm-SHA2-224Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pssMask Function-MGF1 | FIPS 186-5", "RSA Signature Primitive(CVL) | A6884 | Private Key Format-crtPublic Exponent Mode-fixedFixed Public Exponent-010001 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6884 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096Hash Pair-Hash Algorithm-SHA2-256 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6884 | Hash Pair-Hash Algorithm-SHA2-224Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pssMask Function-MGF1Public Exponent Mode-random | FIPS 186-5", "SHA-1 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A6884 | Message Length-Message Length:0-65528 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A6884 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A6884 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A6884 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A6884 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A6884 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A6884 | Supports Bit-Oriented Messages - NoSupports Empty Message - YesSupports Bit-Oriented Output - NoOutput Length - Output Length: 16-65536 Increment 8 | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A6884 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A6884 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBC:(A6884)", "AES-CBC-CS1:(A6884)", "AES-CBC-CS2:(A6884)", "AES-CBC-CS3:(A6884)", "AES-CFB1:(A6884)", "AES-CFB128:(A6884)", "AES-CFB8:(A6884)", "AES-ECB:(A6884)", "AES-OFB:(A6884)", "AES-XTS Testing Revision 2.0:(A6884)", "Cipher(Auth) | BC-Auth | Authentication ciphers | AES-CCM:(A6884)", "AES-GCM:(A6884)", "AES-KW:(A6884)", "AES-KWP:(A6884)", "Key agreement | KAS-SSC | Key agreement | KAS:KAS-ECC-SSC provides between 112 and 256 bits of encryption strength;KAS-FFC-SSC provides between 112 and 200 bits of encryption strength;KAS-IFC-SSC provides between 112 and 200 bits of encryption strength | KAS-ECC CDH-Component SP800-56Ar3:(A6884)", "KAS-ECC-SSC Sp800-56Ar3:(A6884)", "KAS-FFC-SSC Sp800-56Ar3:(A6884)", "KAS-IFC-SSC:(A6884)", "Key derivation | KAS-135KDF", "KAS-56CKDF", "KBKDF", "PBKDF | KAS-KDF HKDF SP800-56Cr2:(A6884)", "KAS-KDF OneStep SP800-56Cr2:(A6884)", "KAS-KDF TwoStep SP800-56Cr2:(A6884)", "KDF ANS 9.42:(A6884)", "KDF ANS 9.63:(A6884)", "KDF SP800-108:(A6884)", "KDF SSH:(A6884)", "PBKDF:(A6884)", "TLS v1.2 KDF RFC7627:(A6884)", "TLS v1.3 KDF:(A6884)", "AsymKeyPair-KeyVer | ECDSA KeyGen(FIPS186-4):(A6884)", "ECDSA KeyVer(FIPS186-4):(A6884)", "Key management Edwards | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | EDDSA KeyGen:(A6884) EDDSA KeyVer:(A6884)", "Key management FFC | AsymKeyPair-KeyGen | DSA KeyGen(FIPS186-4):(A6884) DSA PQGGen(FIPS186-4):(A6884) DSA PQGVer(FIPS186-4):(A6884) Safe Primes Key Generation:(A6884) Safe Primes Key Verification:(A6884)", "Key management IFC | AsymKeyPair-KeyGen | RSA KeyGen(FIPS186-4):(A6884)", "Key transport | KTS-Encap | KTS:2048,3072,4096 or 6144-bit keys provide between 112 and 176 bits of encryption strength | KTS-IFC:(A6884)", "KTS(Cipher w/CMAC,GMAC,HMAC,KMAC) | BC-Auth BC-UnAuth MAC | SP 800-38F Section 3.1 Provisions | KTS:128,192 or 256-bit keys provide between 128 and 256bits of encryption strength | AES-CBC:(A6884) AES-CBC-CS1:(A6884) AES-CBC-CS2:(A6884) AES-CBC-CS3:(A6884) AES-CFB1:(A6884) AES-CFB128:(A6884) AES-CFB8:(A6884) AES-CTR:(A6884) AES-ECB:(A6884) AES-OFB:(A6884) AES-CCM:(A6884) AES-GCM:(A6884) AES-GMAC:(A6884) AES-CMAC:(A6884) HMAC-SHA-1:(A6884) HMAC-SHA2-224:(A6884) HMAC-SHA2-256:(A6884) HMAC-SHA2-384:(A6884) HMAC-SHA2-512:(A6884) HMAC-SHA2-512/224:(A6884) HMAC-SHA2-512/256:(A6884)", "KTS(AES KW,KWP) | BC-Auth | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-KW:(A6884)AES-KWP:(A6884)", "MAC AES(CMAC,GMAC) | MAC | AES-GMAC:(A6884)AES-CMAC:(A6884)", "MAC HMAC | MAC | HMAC-SHA-1:(A6884)HMAC-SHA2-224:(A6884)HMAC-SHA2-256:(A6884)HMAC-SHA2-384:(A6884)HMAC-SHA2-512:(A6884)HMAC-SHA2-512/224:(A6884)HMAC-SHA2-512/256:(A6884)HMAC-SHA3-224:(A6884)HMAC-SHA3-256:(A6884)HMAC-SHA3-384:(A6884)HMAC-SHA3-512:(A6884)", "Message Digest | SHA | SHA-1:(A6884)SHA2-224:(A6884)SHA2-256:(A6884)SHA2-384:(A6884)SHA2-512:(A6884)SHA2-512/224:(A6884)SHA2-512/256:(A6884)SHA3-224:(A6884)SHA3-256:(A6884)SHA3-384:(A6884)SHA3-512:(A6884)", "Message Digest(XOF SHAKE) | XOF | SHAKE-128:(A6884)SHAKE-256:(A6884)", "Random | DRBG | Counter DRBG:(A6884)Hash DRBG:(A6884)HMAC DRBG:(A6884)", "Signature DSA | DigSig-SigGenDigSig-SigVer | DSA SigGen(FIPS186-4):(A6884)DSA SigVer(FIPS186-4):(A6884)", "Signature ECDSA | DigSig-SigGenDigSig-SigVer | ECDSA SigGen(FIPS186-4):(A6884)ECDSA SigVer(FIPS186-4):(A6884)", "Signature EDDSA | DigSig-SigGenDigSig-SigVer | EDDSA SigGen:(A6884)EDDSA SigVer:(A6884)", "Signature RSA | DigSig-SigGenDigSig-SigVer | RSA SigGen(FIPS186-4):(A6884)RSA SigGen(FIPS186-5):(A6884)RSA Signature Primitive:(A6884)RSA SigVer(FIPS186-4):(A6884)RSA SigVer(FIPS186-5):(A6884)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5018", "Certificate Number": "5018", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM1743 Series", "Module Type": "Hardware", "Validation Date": "05/19/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5018.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5018", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM1743 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/18/2030", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Samsung NVMe TCG Opal SSC SEDs PM1743 Series is a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides AES256-XTS on-the-fly encryption/decryption of user data without performance loss. It implements FIPS approved algorithms for providing cryptographic services such as user data encryption, key protection, FW authentication, and key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5017", "Certificate Number": "5017", "Vendor Name": "Riverbed Technology, LLC", "Module Name": "Riverbed Cryptographic Module", "Module Type": "Software", "Validation Date": "05/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5017.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5017", "module_name": "Riverbed Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/13/2030", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Riverbed Cryptographic Module v2.0.1 is a software library providing a C language API for use by other applications requiring cryptographic functionality. Riverbed Cryptographic Module v2.0.1 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including TLS 1.2/1.3).", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A5835 | KeyLength-128,192,256 | SP800-38C", "AES-CFB1 | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB8 | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A5835 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A5835 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A5835 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.2Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A5835 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-KW | A5835 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A5835 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A5835 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5835 | Direction-Decrypt,EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A5835 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A5835 | L-2048,3072N-224,256 | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A5835 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A5835 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A5835 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A5835 | L-2048,3072N-224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A5835 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A5835 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A5835 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A5835 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "HMAC-SHA-1 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A5835 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5835 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSC Sp800-56Ar3 | A5835 | Domain Parameter Generation Methods-FB,FCScheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "PBKDF | A5835 | Iteration Count-Iteration Count:10-10000 Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A5835 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A5835 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A5835 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 180-4", "SHA2-224 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 180-4", "SHA2-256 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 180-4", "SHA2-384 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 180-4", "SHA2-512 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 180-4", "SHA3-224 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 202", "SHA3-256 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 202", "SHA3-384 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 202", "SHA3-512 | A5835 | Message Length-Message Length:0-65528Increment8 | FIPS 202", "SHAKE-128 | A5835 | Output Length-Output Length:16-1024Increment8 | FIPS 202", "SHAKE-256 | A5835 | Output Length-Output Length:16-1024Increment8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A5835 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A5836 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,DHE | SP 800-135Rev.1", "AES-CBC | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-CFB1 | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-CFB128 | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-CFB8 | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-CTR | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-ECB | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "AES-OFB | Key unwrapping:128,192,256 | Riverbed Cryptographic Module(libcrypto) | FIPS 197,SP 800-38A,FIPS 140-3 IG D.G", "TDES-CBC(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "TDES-CFB1(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "TDES-CFB64(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "TDES-CFB8(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "TDES-ECB(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "TDES-OFB(2-key or3-key) | Key unwrapping: | Riverbed Cryptographic Module(libcrypto) | SP 800-67 Rev.2,SP 800-38A,FIPS 140-3 IG D.G", "AES-GCM(non-compliant) | Authenticated encryption/decryption using external IV", "AES-OCB | Authenticated encryption/decryption", "ANSI X9.31 RNG(non-compliant) | Random number generation using with 128-bit AES core", "DES | Encryption/decryption", "DRBG(non-compliant) | Random bit generation(non-compliant when using Hash\\_DRBGand HMAC\\_DRBG)", "DSA(non-compliant) | Key pair generation; digital signature generation; digital signature verification(non-compliant with key sizes below the minimums for Approved mode)", "DSA, ECDSA,and RSA(non-compliant) | Digital signature generation(non-compliant when used with SHA-1 outside the TLS protocol)", "ECDH(non-compliant) | Key agreement(non-compliant with curves P-192,K-163,B-163,and non-NIST curves)", "ECDSA(non-compliant) | Key pair generation; digital signature generation; digital signature verification(non-compliant with curves P-192,K-163,B-163,and non-NIST curves)", "EdDSA | Key pair generation; digital signature generation; digital signature verification", "HKDF | HMAC-based key derivation", "RSA(non-compliant) | Key pair generation; digital signature generation; signature verification;key transport(non-compliant with non-approved/untested key sizes,and functions)", "SHA-1(non-compliant) | Signature generation in TLS 1.0/1.1", "TLS 1.2 KDF(non-compliant) | Key derivation function per(RFC 5246)", "Triple-DES(non-compliant) | Encryption;MAC generation;key wrapping" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5016", "Certificate Number": "5016", "Vendor Name": "CTERA Networks Ltd.", "Module Name": "CTERA Crypto Module™ (Java)", "Module Type": "Software", "Validation Date": "05/13/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5016.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5016", "module_name": "CTERA Crypto Module™ (Java)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CTERA Crypto Module™ (Java) is a secure cryptographic engine used by the CTERA Enterprise File Services Platform. CTERA enables enterprises, defense and government agencies to gain control of their file data globally for optimal edge performance, data insight, and governance.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ], "algorithms_detailed": [ "AES | A4399 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1FormatPreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBC Ciphertext Stealing(CS) | A4399 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum toSP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A4399 | Key sizes:128,192,256bits | \\[SP800-38C\\] | Generation,Authentication", "AES CMAC | A4399 | Key sizes:128,192,256bits | \\[SP800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A4399 | Key sizes:128,192,256bits | \\[SP800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key WrappingUsingAES2) | A4399 | Modes:AESKW,KWPKey sizes:128,192,256bits(key establishment methodology providing128,192or256bits of encryption strength) | \\[SP800-38F\\] | Key Wrapping", "DRBG,CounterDRBG | A4399 | AES128,AES192,AES256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HashDRBG | A4399 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "DRBG,HMACDRBG | A4399 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP800-90Ar1\\] | Random Bit Generation", "ECDSA | A4399 | Curves/Key sizes:P-192,P-224,P-256,P-384,P-521,K-163,K-233,K-283,K-409,K-571,B-163,B-233,B-283,B-409,B-5715 | \\[FIPS 186-4\\] | KeyGeneration,KeyVerification,SignatureGeneration,SignatureVerification", "HMAC | A4399 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A4399 | Domain Parameter GenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified aboveproviding between112 and256bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-FFC6 | A4399 | Domain Parameter GenerationMethods/Schemes:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192dhHybrid1,MQV2,dhEphem,dhHybrid,OneFlow,MQV1,dhOneFlow,dhStaticGroups specified above providing between 112 and 200bits of encryption strength | \\[SP800-56Ar3\\] | Key Agreement", "KAS-IFC | A4399 | RSASVE with,and without,key confirmation.Key sizes:2048,3072,4096providing between 112 and 152bits of encryption strength | \\[SP800-56Br2,Section7.2.1\\] | Key Agreement", "KDA,HKDF | A4399 | PRFs:HMAC-SHA-1,HMACSHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | \\[SP800-56Cr2\\] | Key Derivation", "KDA,One Step | A4399 | PRFs:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,KMAC-128,KMAC-256 | \\[SP800-56Cr2\\] | Key Derivation", "KDA, Two Step | A4399 | PRFs: HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512,HMAC-SHA-512/224,HMAC-SHA-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AES128,CMAC-AES192,CMAC-AES256 | \\[SP 800-56Cr2\\] | Key Derivation", "KDF, using Pseudorandom Functions7 | A4399 | Modes: Counter Mode,Feedback Mode,Double-Pipeline Iteration ModeTypes:CMAC-based KBKDF with AES(128,192,256)HMAC-based KBKDF with SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-322,SHA-3256,SHA-384,SHA-3512 | \\[SP 800-108\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA4399 | TLS v1.0/1.1 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA4399 | TLS 1.2 KDFSHA sizes:SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA4399 | SNMP KDFPassword Length:64,8192 | \\[SP 800-135r1\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA4399 | SSH KDFAES:128SHA sizes:SHA2-224 | \\[SP 800-135r1\\] | Key Derivation", "KDF, Existing Application-Specific8 | CVLA4399 | X9.63 KDFSHA sizes:SHA2-224,SHA2-256,SHA2-384,SHA2-512 | \\[SP 800-135r1\\] | Key DerivationCan be used along with KAS-SSC", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA4399 | IKEv2 KDFSHA sizes: SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-135r1\\] | Key Derivation", "KDF, ExistingApplication-Specific$\\\\textcircled{8}$ | CVLA4399 | SRTP KDFAES:128,192,256 | \\[SP 800-135r1\\] | Key Derivation", "KTS-IFC | A4399 | RSA-OAEP with,and without,key confirmation.Key sizes:2048,3072,4096 providing between112 and152bits of encryption strengthKey Generation Method:rsakpg2-crt | \\[SP 800-56Br2,Section7.2.2\\] | Key Transport", "PBKDF, Password-based | A4399 | Options:PBKDFwithOption1aTypes:HMAC-basedKDFusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 | \\[SP 800-132\\] | Key Derivation", "RSA | A4399 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | Key PairGeneration", "RSA | A4399 | Key sizes:2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureGeneration", "RSA | A4399 | Key sizes:1024,2048,3072,4096 | \\[FIPS186-4,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureVerification", "RSA | A4399 | Key sizes:1024,1536,2048,3072,4096 | \\[FIPS186-2,ANSIX9.31-1998andPKCS#1v2.1(PSSandPKCS1.5)\\] | SignatureVerification", "RSA DecryptionPrimitive | CVLA4399 | Key size:2048 | \\[SP 800-56Br2\\] | ComponentTest", "RSA SignaturePrimitive | CVLA4399 | Key size:2048 | \\[FIPS186-4\\] | ComponentTest", "SHA-3,SHAKE | A4399 | SHA3-224,SHA3-256,SHA3-384,SHA3-512,SHAKE128,SHAKE256 | \\[FIPS 202\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHA-3DerivedFunctions | A4399 | Types:cSHAKE-128,cSHAKE-256,KMAC-128,KMAC-256,ParallelHash-128,ParallelHash-256,TupleHash-128,TupleHash-256 | \\[SP 800-185\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "SHS | A4399 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256 | \\[FIPS 180-4\\] | DigitalSignatureGeneration,DigitalSignatureVerification,non-DigitalSignatureApplications", "CKG using output from DRBG, Vendor Affirmed per IG D.H.", "The resulting key or a generated seed is an unmodified output from a DRBG:", "• Section 5.1 (Asymmetric seeds from DRBG)", "• Section 6.1 (Direct Generation of Symmetric keys from DRBG)", "MD5 within TLS | Allowed per IG 2.4.A, no security claimed | MD5 used within a TLS handshake", "AES(non-compliant9) | Non-approved modes for AES", "DES | DES block cipher", "Diffie-Hellman KAS(non-compliant10) | non-compliant key agreement methods", "DSA(non-compliant11) | non-FIPS digest signatures using DSA", "ECDSA(non-compliant12) | non-FIPS digest signatures using ECDSA", "EdDSA | Ed25519 and Ed448 signature algorithms", "FF3-1 | Format Preserving Encryption-AES FF3-1", "HMAC-GOST3411 | GOST-3411 HMAC", "HMAC-MD5 | MD5 HMAC", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256 HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS$^{13}$ using SHA-512/224 or SHA-512/256(non-compliant) | Key Agreement using SHA-512/224 and SHA-512/256 based KDFs", "KBKDF using SHA-512/224 or SHA-512/256(non-compliant) | KBKDF2 using the PRFs SHA-512/224 and SHA-512/256", "OpenSSL PBKDF(non-compliant) | OpenSSL PBE key derivation scheme", "PKCS#12 PBKDF(non-compliant) | PKCS#12 PBE key derivation scheme", "PKCS#5 Scheme 1 PBKDF(non-compliant) | PKCS#5 PBE key derivation scheme", "RSA(non-compliant$^{14}$) | Non-compliant RSA signature schemes", "RSA KTS(non-compliant$^{15}$) | Non-compliant RSA key transport schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5015", "Certificate Number": "5015", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "Amazon Linux 2023 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/05/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5015.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5015", "module_name": "Amazon Linux 2023 GnuTLS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/4/2030", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS protocol. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4537 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A4538 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A4539 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A4540 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A4545 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC | A4572 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4537 | Key Length-128,256 | SP 800-38C", "AES-CCM | A4572 | Key Length-128,256 | SP 800-38C", "AES-CFB8 | A4542 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4543 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4548 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A4537 | Direction- Generation, VerificationKey Length-128,256 | SP 800-38B", "AES-CMAC | A4540 | Direction- Generation, VerificationKey Length-128,256 | SP 800-38B", "AES-CMAC | A4545 | Direction-Generation,VerificationKey Length-128,256 | SP 800-38B", "AES-GCM | A4537 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A4538 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A4539 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A4540 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A4545 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A4572 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GMAC | A4545 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-XTS TestingRevision2.0 | A4546 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "CounterDRBG | A4545 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-No | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4545 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4545 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4545 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4545 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS186-4", "HMAC-SHA-1 | A4540 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA-1 | A4545 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA-1 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4540 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4545 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4572 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4545 | Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A4545 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF Sp800-56Cr1 | A4544 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-65336 Increment 8 HMAC Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-56C Rev. 2", "KDF TLS (CVL) | A4545 | TLS Version - v1.0/1.1 | SP 800-135 Rev. 1", "PBKDF | A4545 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132", "RSA KeyGen (FIPS186-4) | A4545 | Key Generation Mode - B.3.2 Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-384 Primality Tests - Table C.2 Private Key Format - Standard | FIPS 186-4", "RSA SigGen (FIPS186-4) | A4545 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A4545 | Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A4540 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA-1 | A4545 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA-1 | A4572 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4540 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4545 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4572 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4540 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4545 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4572 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4540 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4545 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4572 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4540 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4545 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4572 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4541 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-224 | A4547 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4541 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4547 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4541 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4547 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4541 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4547 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "TLS v1.2 KDFRFC7627(CVL) | A4545 | Hash Algorithm-SHA2-256,SHA2-384 | SP 800-135Rev.1", "Cryptographic Key Generation(CKG) | RSA:2048,3072,4096-bit keys | Amazon Linux 2023 GnuTLS(Generic C) | SP800-133r2,Section5.1", "Cryptographic Key Generation(CKG) | ECDSA:P-256,P-384,P-521elliptic curves | Amazon Linux 2023 GnuTLS(Generic C) | SP800-133r2,Section5.1,5.2", "CMAC with Triple-DES | Message Authentication Code (MAC)", "DES | Symmetric Encryption; Symmetric Decryption", "Diffie-Hellman with keys generated with domain parameters other than safe primes | Key Agreement; Shared Secret Computation", "DSA | Key Generation; Domain Parameter Generation; Digital Signature Generation; Digital Signature Verification", "ECDSA with curves not listed in the Approved Algorithms table | Key Generation; Public Key Verification", "ECDSA with curves/hash functions not listed in the Approved Algorithms table | Digital Signature Generation; Digital Signature Verification", "EC Diffie-Hellman with curves not listed in the Approved Algorithms table | Key Agreement; Shared Secret Computation", "HMAC with keys smaller than 112-bit | Message Authentication Code (MAC)", "HMAC with GOST | Message Authentication Code (MAC)", "PBKDF with HMAC not listed in the Approved Algorithms table or using input parameters not meeting requirements stated in section 2.7 | Key Derivation", "RSA with keys smaller than 2048 bits or greater than 4096 bits. | Key Generation", "RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | Digital Signature Generation", "RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table | Digital Signature Verification", "Triple-DES | Symmetric Encryption; Symmetric Decryption", "DRBG when key length is less than 112 bits | Random Number Generation", "RSA | Key Encapsulation; Key Un-encapsulation", "Non-supported cipher suites (not listed in Appendix A) | Transport Layer Security (TLS) Network Protocol" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5014", "Certificate Number": "5014", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "Amazon Linux 2023 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/02/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5014.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5014", "module_name": "Amazon Linux 2023 NSS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/1/2030", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Amazon Linux 2023 NSS Cryptographic Module provides a C language application program interface designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, IKEv2, PKCS#5, PKCS#7, PKCS#11, PKCS#12, S/MIME, X.509 v3 certificates, and other security standards supporting FIPS 140-3 validated cryptographic algorithms.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4576, | A4583, | A4585 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800 -38A", "AES-CBC-CS1 | A4581 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800 -38A", "AES-CMAC | A4578 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800 -38B", "AES-CTR | A4576, | A4585 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800 -38A", "AES-ECB | A4576, | A4583, | A4585 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800 -38A", "AES-GCM | A4576, | A4585 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode | - 8.2.1, 8.2.2 | Key Length - 128, 192, 256 | SP 800 -38D", "AES-GCM | A4583 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode | - 8.2.1 | Key Length - 128, 192, 256 | SP 800 -38D", "AES-KW | A4577, | A4582, | A4584 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800 -38F", "AES-KWP | A4577, | A4582, | A4584 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800 -38F | FIPS 140-3 Non-Proprie ta ry Se curity Policy | © 2025 Am a zon We b Se rvice s, Inc./a tse c inform a tion se curity. | This docum e nt ca n be re produce d a nd distribute d only whole a nd inta ct, including this copyright notice . | Pa ge 13 of 49", "DSA SigVer | (FIPS186 -4) | A4576 | L - 2048 | N - 224, 256 | Hash Algorithm", "- SHA-1, SHA2 -224, SHA2 -256, SHA2-384, SHA2 -512 | FIPS 186 -4", "ECDSA KeyGen | (FIPS186 -4) | A4576 | Curve - P-256, P -384, P -521 | Secret Generation Mode | - Extra Bits | FIPS 186 -4", "ECDSA SigGen | (FIPS186 -4) | A4576 | Component - No | Curve - P-256, P -384, P -521 | Hash Algorithm", "- SHA2-224, SHA2 -256, SHA2 -384, SHA2 -512 | FIPS 186 -4", "ECDSA SigVer | (FIPS186 -4) | A4576 | Component - No | Curve - P-256, P -384, P -521 | Hash Algorithm", "- SHA-1, SHA2 -224, SHA2 -256, SHA2 -384, SHA2 -512 | FIPS 186 -4", "Hash DRBG | A4576 | Prediction Resistance | - No, Yes", "Mode - SHA2-256 | SP 800 -90A | Rev. 1", "HMAC-SHA2-224 A4576 | Key Length - Key Length: 112 | -524288 Increment 8 | FIPS 198 -1", "HMAC-SHA2-256 A4576 | Key Length - Key Length: 112 | -524288 Increment 8 | FIPS 198 -1", "HMAC-SHA2-384 A4576 | Key Length - Key Length: 112 | -524288 Increment 8 | FIPS 198 -1", "HMAC-SHA2-512 A4576 | Key Length - Key Length: 112 | -524288 Increment 8 | FIPS 198 -1", "KAS-ECC-SSC | Sp800 -56Ar3 | A4576 | Domain Parameter Generation Methods | - P-256, P -384, P -521 | Scheme - | ephemeralUnified | - | KAS Role - initiator, responder | SP 800 -56A | Rev. 3", "KAS-FFC-SSC | Sp800 -56Ar3 | A4576 | Domain Parameter Generation Methods | - ffdhe2048, ffdhe3072, | ffdhe4096, ffdhe6144, ffdhe8192, MODP | -2048, MODP -3072, MODP - | 4096, MODP -6144, MODP -8192 | Scheme - | dhEphem - | KAS Role - initiator, responder | SP 800 -56A | Rev. 3", "KDA HKDF | Sp800 -56Cr1 | A4575 | Derived Key Length | - 2048 | Shared Secret Length", "- Shared Secret Length: 224 | -65336 Increment | 8 | HMAC Algorithm", "- SHA2-224, SHA2 -256, SHA2 -384, SHA2 -512 | SP 800 -56C | Rev. 2", "KDF IKEv2 (CVL) A4580", "Diffie -Hellman Shared Secret Length", "- Diffie -Hellman Shared Secret | Length: 224, 2048, 8192 | Derived Keying Material Length | - Derived Keying Material Length: | 1056, 3072 | Hash Algorithm", "- SHA-1, SHA2 -256, SHA2 -384, SHA2 -512 | SP 800 -135 | Rev. 1", "KDF SP800 -108 | A4579", "KDF Mode - Counter, Double Pipeline Iteration, Feedback | Supported Lengths | - Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800 -108 | Rev. 1", "KDF TLS (CVL) | A4576", "TLS Version - v1.0/1.1 | SP 800 -135 | Rev. 1", "PBKDF | A4576 | Iteration Count | - Iteration Count: 1000 | -10000 Increment 1 | Password Length | - Password Length: 8 | -128 Increment 1 | SP 800 -132", "RSA KeyGen | (FIPS186 -4) | A4576 | Key Generation Mode | - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests | - Table C.3 | Private Key Format | - Standard | FIPS 186 -4", "RSA SigGen | (FIPS186 -4) | A4576 | Signature Type | - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186 -4", "RSA SigVer | (FIPS186 -2) | A4576 | Signature Type | - PKCS 1.5, PKCSPSS | Modulo - 1024, 1536 | FIPS 186 -4", "RSA SigVer | (FIPS186 -4) | A4576 | Signature Type | - PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186 -4 | Safe Primes Key | Generation | A4576 | Safe Prime Groups | - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, | ffdhe8192, MODP | -2048, MODP -3072, MODP -4096, MODP -6144, | MODP-8192 | SP 800 -56A | Rev. 3", "SHA2-224 | A4576 | Message Length | - Message Length: 0 | -65536 Increment 8 | Large Message Sizes | - 1, 2, 4, 8 | FIPS 180 -4 | FIPS 140-3 Non-Proprie ta ry Se curity Policy | © 2025 Am a zon We b Se rvice s, Inc./a tse c inform a tion se curity. | This docum e nt ca n be re produce d a nd distribute d only whole a nd inta ct, including this copyright notice . | Pa ge 14 of 49", "SHA2-256 | A4576 | Message Length | - Message Length: 0 | -65536 Increment 8 | Large Message Sizes | - 1, 2, 4, 8 | FIPS 180 -4", "SHA2-384 | A4576 | Message Length | - Message Length: 0 | -65536 Increment 8 | Large Message Sizes | - 1, 2, 4, 8 | FIPS 180 -4", "SHA2-512 | A4576 | Message Length | - Message Length: 0 | -65536 Increment 8 | Large Message Sizes | - 1, 2, 4, 8 | FIPS 180 -4", "TLS v1.2 KDF", "RFC7627 (CVL) | A4576 | Hash Algorithm", "- SHA2-256, SHA2 -384, SHA2 -512 | SP 800 -135 | Rev. 1 | Vendor | -Affirmed Algorithms: | Name | Implementation | Cryptographic Key Generation | (CKG) | Key Type :Symmetric and | Asymmetric | N/A | SP 800 -133r2 Section 4, 5.1, | 5.2, 6.1 | Non -Approved, Allowed Algorithms: | N/A for this module. | Non -Approved, Allowed Algorithms with No Security Claimed: | Name | Caveat | Use and Function | MD5 | Allowed per IG 2.4.A.", "Message digest used in TLS", "1.0/1.1 KDF only | Non -Approved, Not Allowed Algorithms: | Name | Use and Function", "RC2, RC4, DES, Triple -DES, CDMF, Camellia, SEED, ChaCha20( | -Poly1305) | Encryption, | Decryption", "AES GCM (external IV) | Encryption", "CBC-MAC, AES XCBC-MAC, AES XCBC-MAC-96 | Message | Authentication", "HMAC (MD2, MD5, SHA -1; < 112 -bit keys) | Message | Authentication", "HMAC/SSLv3 MAC (constant | -time implementation) | Message | Authentication", "MD2, MD5, SHA -1, SHA -224, SHA -256, SHA -384, SHA -512, DES, Triple -DES, AES, Camellia,", "SEED, ANS X9.63 KDF (SHA -1, SHA -224, SHA -256, SHA -384, SHA -512), SSL 3 PRF (MD5, SHA -", "1), IKEv1 PRF (AES XCBC -MAC, MD2, MD5, SHA -1, SHA -224, SHA -256, SHA -384, SHA -512)", "KBKDF, HKDF, TLS 1.0/1.1 KDF, TLS 1.2 KDF, IKEv2 KDF (< 112 | -bit keys)", "KBKDF (MD2, MD5)", "TLS 1.2 KDF (without extended master secret)", "IKEv2 KDF (MD2, MD5) | PKCS#5 PBE, PKCS#12 PBE | Password -based | PBKDF2 (password<8 characters, salt<128 bits, iteration count<1000, or key<112 bits) | Password -based | J-PAKE", "Shared Secret | Computation | FIPS 140-3 Non-Proprie ta ry Se curity Policy | © 2025 Am a zon We b Se rvice s, Inc./a tse c inform a tion se curity. | This docum e nt ca n be re produce d a nd distribute d only whole a nd inta ct, including this copyright notice . | Pa ge 15 of 49 | Name | Use and Function", "DH (Shared secret computation; FIPS 186 | -type groups)", "Shared Secret | Computation", "ECDH (Shared secret computation; P | -192)", "DSA (SigGen) | Generation", "RSA (SigGen primitive; PKCS#1 v1.5 or PSS with MD2, MD5) | Generation", "ECDSA (SigGen; P -192) | Generation", "RSA (encryption) | Asymmetric | Encryption", "DSA (parameter generation) | Parameter | Generation | DH (KeyGen, FIPS 186 -type groups) | Key Pair | Generation", "RSA (KeyGen, modulus < 2048 bits) | Key Pair | Generation", "ECDSA (KeyGen, P -192) | Key Pair | Generation | Symmetric Key | Generation (< 112 bits) | Secret Key | Generation", "MD2, MD5, SHA -1", "RSA (SigVer primitive; PKCS#1 v1.5 or PSS with MD2, MD5) | Verification", "ECDSA (SigVer; P -192) | verification", "RSA (decryption) | Asymmetric | Decryption", "DSA (parameter verification) | Parameter | verification", "DSA (key pair generation) | Key Pair | Generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5013", "Certificate Number": "5013", "Vendor Name": "Hitachi Vantara, Ltd.", "Module Name": "Hitachi Storage Hybrid Firmware Encryption Module", "Module Type": "Firmware-hybrid", "Validation Date": "04/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5013.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5013", "module_name": "Hitachi Storage Hybrid Firmware Encryption Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/28/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Embedded", "description": "Hitachi Storage Hybrid Firmware Encryption Module provides data at rest encryption for Hitachi storage.", "detail_available": true, "algorithms": [ "AES", "KTS", "SHA" ], "algorithms_detailed": [ "AES-ECB | A5023 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5025 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5026 | Decry Key Length - 256 | SP 800-38A", "AES-ECB | A5027 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5028 | Drection - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5029 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5030 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5031 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5032 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5033 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5034 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5035 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5036 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5037 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5038 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5039 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5040 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5041 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5042 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5043 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-ECB | A5044 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38A", "AES-KW | A5023 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38F", "AES-XTS Testing Revision2.0 | A5046 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5047 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5048 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5049 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5050 | Deion Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5051 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5052 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "AES-XTS Testing Revision2.0 | A5053 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "SHA2-256 | A5024 | Message Length - Message Length: 8-65536Increment 8 | FIPS 180-4", "Secure Hash | SHA | Used to generatehash value frominputted data. | SHA2-256: (A5024)", "AES-ECB Core | BC-UnAuth | Used toencrypt/decryptinputted data. Theunderlying blockcipher of AES-KW. | AES-ECB: (A5023)", "AES-KW Core | KTS-Wrap | Used to wrap/unwrapan inputted key. | AES-KW: (A5023)AES-ECB: (A5023)", "AES-ECB Core 4 | BC-UnAuth | Used toencrypt/decryptinputted data. Theunderlying blockcipher of AES-XTS. | AES-ECB: (A5025,A5026, A5027,A5028", "AES-ECB Core 16 | BC-UnAuth | Used toencrypt/decryptinputted data. Theunderlying blockcipher of AES-XTS. | AES-ECB: (A5029,A5030, A5031,A5032, A5033,A5034, A5035,A5036, A5037,A5038, A5039,A5040, A5041,A5042, A5043,A5044", "AES-XTS Core 512 | BC-UnAuth | Used toencrypt/decryptinputted data in unitsof 512 byte. | AES-XTS TestingRevision 2.0: (A5046,A5047, A5048,A5049)AES-ECB: (A5025,A5026, A5027,A5028, A5029,A5030, A5031,A5032, A5033,A5034, A5035,A5036, A5037,A5038, A5039,A5040, A5041,A5042, A5043,A5044", "AES-XTS Core 520 | BC-UnAuth | Used toencrypt/decryptinputted data in unitsof 520 byte. | AES-XTS TestingRevision 2.0: (A5050,A5051, A5052,A5053AES-ECB: (A5025,A5026, A5027,A5028, A5029,", "Expand AES Key | Expand AES key to roundkeys. | API returnvalue: 0(Success) | DEK | Round Key | AES-ECBCoe 4AES-ECBCore 16AES-XTSCore 512AES-XTSCore 520 | Cryptographic Oficer-DEK: W,E- Round Key:G,R", "Encrypt (512B) | Encrypt data using XTS-AESin units of 512 byte. | API returnvalue: 0(Success) | Data toencrypt,Rond Key | Encrypted data | AES-XTSCore 512 | Cryptographic OfficerRound Key:W,E", "Decrypt (512B) | Decrypt data using XTS-AESin units of 512 byte. | API returnvalue: 0(Success) | Data todecrypt,Round Key | Decrypted data | AES-XTSCore 512 | Cryptographic OficerRound Key:W,E", "Encrypt(520B) | Encrypt data using XTS-AESin units of 520 byte. | API returnvalue: 0(Success) | Data toencrypt,Round Key | Encrypted data | AES-XTSCore 520 | Cryptographic OfficerRound Key:W,E", "Decrypt(520B) | Decrypt data using XTS-AESin units of 520 byte. | API returnvalue: 0(Success) | Data todeecrypt,Round Key | Decrypted data | AES-XTSCore 520 | CryptographicOficer- Round Key:W,E", "Encrypt(E ECB 16B) | Encrypt 16 byte data usingAES-ECB. | API returnvalue: 0(Success) | Data toencrypt, KEK | Encrypted data | AES-ECBCore | Cryptographic Officer- KEK: W,E", "Decrypt(ECB 16B) | Decrypt 16 byte data usingAES-ECB. | API returnvalue: 0(Success) | Data todecrypt,KEK | Decrypted data | AES-ECBCore | Cryptographic Officer- KEK: W,E", "Encrypt(ECB 64B) | Encrypt 64 byte data usingAEES-ECB. | API returnvalue: 0(Success) | Data toencrypt,DEK | Encrypted data | AES-ECBCore 4 | Cryptographic Officer-DEK: W,E", "Decrypt(ECB 64B) | Decrypt 64 byte data usingAES-ECB. | API returnvalue: 0(Success) | Data todecrypt,DEK | Decrypted data | AES-ECBCore 4 | Cryptographic Oficer- DEK: W,E", "Encrypt(ECB)256B) | Encrypt 256 byte data usingAES-ECB. | API returnvalue: 0(Succes) | Data toencrypt,DEK | Encrypted data | AES-ECBCore 16 | Cryptographic Officer- DEK: W,E", "Decrypt( EC)256) | Decrypt 256 byte data usingAES-ECB. | API returnvalue: 0(Success) | Data todecrypt,DEK | Decrypted data | AES-ECBCore 16 | CryptographicOficer-DEK: W,E", "Wrap Key | Wrap a key using a KEK. | API returnvalue: 0(Success) | Key, KEK | Wrapped key | AES-KWCore | Cryptographic Officer- KEK: W,E", "UnwrapKey | Unwrap a key using a KEK. | API returnvalue: 0(Sucess) | Wrappedky, KEK | Unwrappedkey | AES-KWCore | Cryptographic Officer-KEK: W,E", "KEK | Key encryptionkey | 256 bits - 256bits | Symmetric Key -CSP | AES-ECB CoreAES-KW Core", "DEK | Data encryptionkey | 256 bits - 256bits | Symmetric Key -CSP | AES-ECB Core4AES-ECB Core16AES-XTS Core512AES-XTS Core520", "RoundKey | AES round key | 1920 bits - 256bits | Round Key - CSP | AES-ECB Core4AES-ECB Core16AES-XTS Core512AES-XTS Core520", "SHA2-256 (A5024) | SHA2-256 | KAT | SW/FW Integrity None | Hash", "AES-XTS (512B) | Key sizes: 256bits | KAT | CAST | None | Encrypt | From the module startup to integritytesting", "AES-XTS (512B) | Key sizes: 256bits | KAT | CAST | None | Decrypt | From the module startup to integritytesting", "AES-XTS (520B) | Key sizes: 256bits | KAT | CAST | None | Encrypt | From the module startup to integritytesting", "AES-XTS (520B) | Key sizes: 256bits | KAT | CAST | None | Decrypt | From the module startup to integritytesting", "AES-KW (A5023) | Key sizes: 256bits | KAT | CAST | None | Wrap | From the module startup to integritytesting", "AES-KW (A5023) | Key sizes: 256bits | KAT | CAST | None | Unwrap | From the module startup to integritytesting", "SHA2-256(A5024 | SHA2-256 | KAT | CAST | None | Hash | From the module startup to integritytesting", "SHA2-256 (A5024) KAT | SW/FW Integrity | On Demand | Manually", "AES-XTS (512B) | KAT | CAST | On Demand | Manually", "AES-XTS (520B) | KAT | CAST | On Demand | Manually", "AES-XTS(520B) | KAT | CAST | On Demand | Manually", "AES-KW (A5023) | KAT | CAST | On Demand | Manually", "SHA2-256 (A5024) | KAT | CAST | On Demand | Manually" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5012", "Certificate Number": "5012", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung BoringCrypto Android", "Module Type": "Software", "Validation Date": "04/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5012.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5012", "module_name": "Samsung BoringCrypto Android", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5011", "Certificate Number": "5011", "Vendor Name": "Hewlett Packard, Inc.", "Module Name": "HP Poly Cryptographic Module", "Module Type": "Software", "Validation Date": "04/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5011.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5011", "module_name": "HP Poly Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The HP Poly Cryptographic Module is a general-purpose cryptographic library incorporated into the CCX line of products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5010", "Certificate Number": "5010", "Vendor Name": "Tetrate.io, Inc", "Module Name": "Tetrate BoringCrypto", "Module Type": "Software", "Validation Date": "04/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5010.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5010", "module_name": "Tetrate BoringCrypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality for Tetrate networking applications", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5009", "Certificate Number": "5009", "Vendor Name": "KYOCERA Document Solutions Inc.", "Module Name": "MFP Cryptographic Module (B)", "Module Type": "Hardware", "Validation Date": "04/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5009.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5009", "module_name": "MFP Cryptographic Module (B)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/26/2030", "overall_level": 2, "caveat": "The module generates SSPs whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "MFP Cryptographic Module(B) is a cryptographic security chip for encrypting data written to a storage device and other security function of Kyocera multifunction printer. Secure key generation and fast AES encryption/decryption are offered through SATA interface. SecureBoot verifies the integrity of the firmware when the product starts up.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5008", "Certificate Number": "5008", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "Nuvoton Cryptographic Library 2.0", "Module Type": "Hardware", "Validation Date": "04/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5008.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5008", "module_name": "Nuvoton Cryptographic Library 2.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/22/2030", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton Cryptographic Library implementation providing cryptographic services.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CCM | A2825 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A2825 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A2825 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A2825 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A2825 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A2825 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.2 Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A2825 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.2 Key Length - 128, 192, 256 | SP 800-38D", "AES-OFB | A2825 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "ECDSA KeyGen(FIPS186-4) | A2825 | Curve - P-256, P-384, P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A2825 | Curve - P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A2825 | Component - No, Yes Curve - P-256, P-384, P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A2825 | Component - No Curve - P-256, P-384, P-521 | FIPS 186-4", "Hash DRBG | A2825 | Prediction Resistance - No, Yes Mode - SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A2825 | Key Length - Key Length: 256-512 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A2825 | Key Length - Key Length: 256-512 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A2825 | Key Length - Key Length: 256-512 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A2825 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator, responder | SP 800-56A Rev.3", "KTS-IFC | A2825 | Modulo-2048,3072Key Generation Methods-rsakpg2-basicSchemeKTS-OAEP-basicKAS Role initiator, responderKey Length-1024 | SP 800-56B Rev.2", "RSA SigGen(FIPS186-4) | A2825 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072 | FIPS186-4", "RSA SigVer(FIPS186-4) | A2825 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072 | FIPS186-4", "SHA2-256 | A2825 | - | FIPS180-4", "SHA2-384 | A2825 | - | FIPS180-4", "SHA2-512 | A2825 | - | FIPS180-4", "CKG(ECDSA/ECDH) | Type:AsymmetricCurves:P-256,P-384,P-521 | N/A | CKG for asymmetric keys as per SP 800-133Rev2section 4 example 1 with no post processing on the Uvalue" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5007", "Certificate Number": "5007", "Vendor Name": "Broadcom, Inc.", "Module Name": "BCM58202B0", "Module Type": "Hardware", "Validation Date": "04/21/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5007.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5007", "module_name": "BCM58202B0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/20/2030", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Highly integrated, low power, security processor with rich peripheral connection options like USB, NFC, Contacted Smart Card, SPI, UART, ADC, etc.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ], "algorithms_detailed": [ "AES-CBC | AES5895 | Direction-Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | AES5896 | Key Length-128,192,256 | SP 800-38C", "AES-CTR | AES5895 | Key Length-128,192,256 | SP 800-38A", "AES-ECB | AES5895 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "Counter DRBG | A3753 | Prediction Resistance-YesMode-AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "DSA SigGen(FIPS186-4) | A4437 | L-2048N-256Hash Algorithm-SHA2-256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4437 | L-2048N-256Hash Algorithm-SHA2-256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3751 | Curve-P-256Secret Generation Mode-ExtraBits | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3751 | Curve-P-256 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3751 | Component-No Curve-P-256,P-384 Hash Algorithm-SHA2-256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3751 | Component-No Curve-P-256,P-384 Hash Algorithm-SHA2-256 | FIPS186-4", "HMAC-SHA2-256 | HMAC 3870 | - | FIPS198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3751 | Domain Parameter Generation Methods-P-256 Scheme ephemeralUnified-KAS Role-responder | SP800-56A Rev.3", "KDA OneStepNoCounter SP800-56Cr2 | A3752 | Key Length-Key Length:256 | SP800-56C Rev.2", "RSA SigGen(FIPS186-4) | A3750 | Signature Type-PKCS1.5 Modulo-2048,4096 | FIPS186-4", "RSA SigVer(FIPS186-4) | A3750 | Signature Type-PKCS1.5 Modulo-2048,4096 | FIPS186-4", "SHA2-256 | SHS 4646 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA3-224 | SHA-360 | - | FIPS202", "SHA3-256 | SHA-360 | - | FIPS202", "SHA3-384 | SHA-360 | - | FIPS202", "SHA3-512 | SHA-360 | - | FIPS202", "CKG-Sym | Capabilities:Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output;Section 6.2.1 Derivation of symmetric keys from a key agreement shared secret | DRBG(A3753) | SP800-133r2,IG\\[D.H\\]", "CKG-Asym | Capabilities:Sections 4 and 5.1 Asymmetric signature key generation using unmodified DRBG output;Sections 4 and 5.2 Asymmetric key establishment key generation using unmodified DRBG output | ECDSA KeyGen(A3751) | SP800-133r2,IG\\[D.H\\]", "AKG | AsymKeyPair-KeyGen | Asymmetric Key-Pair Generation | Publications:FIPS 186-4,SP800-90A,IG C.A,IG C.E | CKG-Asym Curve:P-256 ECDSA KeyGen(FIPS186-4) Counter DRBG", "AKV | AsymKeyPair-KeyVer | Asymmetric Key-Pair Verification | Publications:FIPS 186-4,SP800-90A,IG C.A,IG C.E | ECDSA KeyVer(FIPS186-4) Curve:P-256", "DPG | AsymKeyPair-DomPar | Domain Parameters | Publication:SP800-56Ar3 | KAS-ECC-SSC Sp800-56Ar3 Curve:P-256 Counter DRBG", "DRBG | DRBG | Random Number Generation | Publication:SP800-90A | Counter DRBG Capabilities:AES-256 w/ Derivation Function", "ENC | BC-UnAuth | Block Cipher | Publication:FIPS 197,SP800-38A | AES-CBC Key Size:128,192,256AES-CTR Key Size:128,192,256AES-ECB Key Size:128,192,256", "ENC-AUTH | BC-Auth | Authentication Block Cipher | Publication:FIPS 197,SP800-38C | AES-CCM Key Size:128,192,256", "CKG-Symmetric | CKG | Symmetric Key Generation | Publication:IG D.H,FIPS 197,SP800-133r2 Sections4 and6.1 Direct symmetric key generation using unmodified DRBG output | Counter DRBG Key Size:128,192,256", "SigGen | DigSig-SigGen | Digital Signature Generation | Publication:FIPS 186-4,SP800-90A,FIPS 180-4 | DSA SigGen(FIPS186-4)Key Size:2048ECDSA SigGen(FIPS186-4)Curve:P-256,P-384RSA SigGen(FIPS186-4)Key Size:2048,4096SHA2-256Counter DRBG", "SigVer | DigSig-SigVer | Digital Signature Verification | Publication:FIPS 186-4,SP800-90A,FIPS 180-4 | DSA SigVer(FIPS186-4)Key Size:2048ECDSA SigVer(FIPS186-4)Curve:P-256,P-384RSA SigVer", "KAS | KAS-Full | Key Agreement | Publication:SP800-56Ar3,SP800-56Cr2Caveat:Key establishment method provides128bits of encryption strength | KAS-ECC-SSCSp800-56Ar3Scheme:Ephemeral Unified(Responder)Curve:P-256KDAOneStepNoCounterSP800-56Cr2AuxiliaryFunction:SHA2-256Key Length:128Counter DRBG", "KTS | KTS-Wrap | Key Transport-Wrapping | Publication:FIPS197,SP800-38F,IGD.GCaveat:Key establishment methodologyprovides128bitsof encryptionstrength | AES-CCMKey Size:128", "MAC | MAC | MessageAuthenticationCode | Publication:FIPS198-1,FIPS180-4,IGC.B | HMAC-SHA2-256Capabilities:Key size= 80 bits of security, RSA signature generation/verification | per FIPS 186-2", "FIPS 186-2 RSA | KeyGen", "Provides >= 112 bits of security, RSA key generation per FIPS 186-2 | X942KDF- | CONCAT", "Usage of X942KDF-CONCAT with PRF SHA-1, SHA2-512/224, SHA2-", "512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128,", "SHAKE256, KECCAK-KMAC128 and KECCAK-KMAC256 | X963KDF", "Usage of X963KDF with PRF SHA-1, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256, | KECCAK-KMAC128 and KECCAK-KMAC256", "HKDF", "Provides < 112 bits of security, Usage of HKDF with key length less | than 112 bits", "OneStep KDF", "Usage of OneStep KDF with PRF SHAKE128, SHAKE256", "HMAC", "Provides < 112 bits of security, Usage of HMAC with key length less | than 112 bits for MAC generation", "Hash and HMAC", "DRBG", "Usage of Hash and HMAC DRBGs with PRFs SHA2-224, SHA2-384,", "SHA2-512/224 and SHA2-512/256" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4984", "Certificate Number": "4984", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip", "Module Type": "Hardware", "Validation Date": "03/06/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4984.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4984", "module_name": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/31/2028", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Single Chip", "description": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip is used for solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4983", "Certificate Number": "4983", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung SATA TCG Opal SSC SEDs PM893 Series", "Module Type": "Hardware", "Validation Date": "03/06/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4983.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4983", "module_name": "Samsung SATA TCG Opal SSC SEDs PM893 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/5/2030", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Samsung SATA TCG Opal SSC SEDs PM893 Series are a high-performance Self-Encrypting SSDs supporting SATA Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS-2048 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4982", "Certificate Number": "4982", "Vendor Name": "Ideem, Inc.", "Module Name": "Ideem ZSM Cryptographic Module", "Module Type": "Software", "Validation Date": "03/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4982.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4982", "module_name": "Ideem ZSM Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/2/2030", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Ideem ZSM Cryptographic Module randomly splits keys across servers so that they are never in any single place to be stolen. The advanced protocols used in Ideem ZSM ensure that even if servers are breached and completely controlled by an attacker, the secrets and credentials cannot be stolen. The result is that digital assets remain safe, even if all else fails and attackers get inside the network. Ideem ZSM is able to protect all types of standard cryptographic keys for all purposes, including encryption/decryption, digital signing, and authentication. Ideem’s technology for securing keys using two-party computation (TPC) is fully transparent to the calling application.", "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A5056 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A5056 | KeyLength-128,192,256 | SP800-38C", "AES-CFB1 | A5056 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A5056 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A5055 | Direction - Decrypt, Encrypt Key Length - 128 | SP 800-38A", "AES-CTR | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A5055 | Direction - Encrypt Key Length - 128 | SP 800-38A", "AES-ECB | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A5056 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-GMAC | A5056 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A5056 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-4) | A5055 | Curve - P-256 Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyGen (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen (FIPS186-4) | A5055 | Curve - P-256 Hash Algorithm - SHA2-224, SHA2-256, SHA2-254, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-4", "ECDSA SigGen (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5", "ECDSA SigVer (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A5056 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF SP800-56Cr2 | A5056 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-3968 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2", "KDF TLS (CVL) | A5056 | TLS Version - v1.2 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "PBKDF | A5056 | Iteration Count - Iteration Count: 10-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132", "RSA KeyGen (FIPS186-5) | A5055 | Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5", "RSA SigGen (FIPS186-5) | A5055 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer (FIPS186-5) | A5056 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-384 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-512 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-512/224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA2-512/256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4", "SHA3-224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202", "SHA3-256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202", "SHA3-384 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202", "SHA3-512 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202", "SHAKE-128 | A5056 | Output Length - Output Length: 16-1024 Increment 8 | FIPS 202", "SHAKE-256 | A5056 | Output Length - Output Length: 16-1024 Increment 8 | FIPS 202", "TLS v1.2 KDF RFC7627 (CVL) | A5056 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4981", "Certificate Number": "4981", "Vendor Name": "Covidence A/S", "Module Name": "Covidence FIPS Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "03/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4981.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4981", "module_name": "Covidence FIPS Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Covidence FIPS Provider for OpenSSL 3 Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A6591 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A6591 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A6591 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A6591 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A6591 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A6591 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A6591 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A6591 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A6591 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐ dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A6591 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ KAS1 ‐ | KAS Role ‐ initiator, responder | Scheme ‐ KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A6591 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2", "KDA OneStep SP800‐56Cr2 | A6591 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA TwoStep SP800‐56Cr2 | A6591 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A6591", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A6591", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A6591", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A6591", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A6591 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A6591", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A6591 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A6591 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A6591 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A6591 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A6591 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A6591 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4", "EDDSA KeyGen | A6591 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A6591 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Safe Primes Key Generation | A6591 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A6591 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A6591 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A6591 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A6591 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A6591 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/224 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA3‐256 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A6591 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐224 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐256 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐384 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512/224 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512/256 | A6591 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA3‐224 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐256 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐384 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐512 | A6591 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHAKE‐128 | A6591 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "SHAKE‐256 | A6591 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "Counter DRBG | A6591 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A6591 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A6591 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1 | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "ECDSA SigGen (FIPS186‐4) | A6591 | Component ‐ No | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A6591 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A6591 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A6591 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A6591 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A6591 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A6591 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A6591 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A6591 | Private Key Format ‐ crt | FIPS 186‐4", "RSA SigVer (FIPS186‐4) | A6591 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A6591 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | Covidence FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | Covidence FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | Covidence FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | Covidence FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | Covidence FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | FIPS 140‐3 Security Policy | Covidence FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4980", "Certificate Number": "4980", "Vendor Name": "Kiteworks", "Module Name": "Kiteworks Cryptographic Module", "Module Type": "Software", "Validation Date": "03/03/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4980.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4980", "module_name": "Kiteworks Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Kiteworks Private Content Network (PCN) empowers organizations to share sensitive content with trusted parties by email, file sharing, file transfer, and other channels at the highest levels of security, governance, and compliance. The Kiteworks Cryptographic Module is an integral component of Kiteworks PCN, making it compatible for environments with strict cryptography requirements.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDSA" ], "algorithms_detailed": [ "AES-CBC | A4481 | - | SP 800-38A", "AES-CBC-CS1 | A4481 | - | SP 800-38A", "AES-CBC-CS2 | A4481 | - | SP 800-38A", "AES-CBC-CS3 | A4481 | - | SP 800-38A", "AES-CCM | A4481 | - | SP 800-38C", "AES-CFB1 | A4481 | - | SP 800-38A", "AES-CFB128 | A4481 | - | SP 800-38A", "AES-CFB8 | A4481 | - | SP 800-38A", "AES-CMAC | A4481 | - | SP 800-38B", "AES-CTR | A4481 | - | SP 800-38A", "AES-ECB | A4481 | - | SP 800-38A", "AES-GCM | A4481 | - | SP 800-38D", "AES-GMAC | A4481 | - | SP 800-38D", "AES-KW | A4481 | - | SP 800-38F", "AES-KWP | A4481 | - | SP 800-38F", "AES-OFB | A4481 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | - | SP 800-38E", "Counter DRBG | A4481 | - | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | - | FIPS 186-4", "DSA PQGGen(FIPS186-4) | A4481 | - | FIPS 186-4", "DSA PQGVer(FIPS186-4) | A4481 | - | FIPS 186-4", "DSA SigGen(FIPS186-4) | A4481 | - | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | - | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | - | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | - | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4481 | - | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4481 | - | FIPS 186-5" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4979", "Certificate Number": "4979", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)", "Module Type": "Hardware", "Validation Date": "02/28/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4979.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4979", "module_name": "Cisco Secure Firewall Threat Defense Cryptographic Module (FPR 3100 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/27/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section Life-Cycle Assurance of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePower Services. This unified software is capable of offering the functions of ASA and FirePower deployed on various Cisco appliances.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-GCM | A4446 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "Counter DRBG | A4446 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve-P-256,P-384,P-521 | FIPS 186-4", "HMAC-SHA-1 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4446 | Key Length-Key Length:256-448 Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096 | SP 800-56ARev.3", "KDF IKEv2(CVL) | A4446 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A4446 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4446 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode-B.3.4Modulo-2048,3072,4096Hash Algorithm-SHA2-256Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4446 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-224 | A4446 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A4446 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A4446 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4446 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4446 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "AES-CBC | C1026 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | C1026 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,192,256 | SP800-38D", "Hash DRBG | C1026 | Prediction Resistance-NoMode-SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | C1026 | - | FIPS198-1", "HMAC-SHA2-256 | C1026 | - | FIPS198-1", "HMAC-SHA2-384 | C1026 | - | FIPS198-1", "HMAC-SHA2-512 | C1026 | - | FIPS198-1", "SHA-1 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-256 | C1026 | Message Length-Message Length:0-51200Increment8 | FIPS180-4", "SHA2-384 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4", "SHA2-512 | C1026 | Message Length-Message Length:0-102400Increment8 | FIPS180-4", "KAS-ECC-KeyGen(SSHv2) | KAS-KeyGen | KAS ECCkeygen used inSSHv2 service | Counter DRBGHash DRBGCKG", "KAS-FFC-KeyGen(SSHv2) | KAS-KeyGen | KAS FFCkeygen used inSSHv2 service | Counter DRBGSafe Primes KeyGenerationHash DRBGCKG", "KAS-ECC-KeyGen(TLSv1.2) | KAS-KeyGen | KAS ECCkeygen used inTLSv1.2服务 | Counter DRBGHash DRBGCKG", "KAS-FFC-KeyGen(TLSv1.2) | KAS-KeyGen | KAS FFCkeygen used inTLSv1.2服务 | Counter DRBGSafe Primes KeyGenerationHash DRBGCKG", "KAS-ECC-KeyGen(IKEv2) | KAS-KeyGen | KAS ECC keygen used in IKE v2 service | Counter DRBG Hash DRBG CKG", "KAS-FFC-KeyGen(IKEv2) | KAS-KeyGen | KAS FFC keygen used in IKE v2 service | Counter DRBG Safe Primes Key Generation Hash DRBG CKG", "KAS-FFC(SSHv2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with KDF SSH.The module's KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2(path 2) compliant | Bit-strength Caveat:Provides between 112 to 152 bits of encryption strength | KDF SSH KAS-FFC-SSC Sp800-56Ar3 Domain Parameter Generation Methods::modp2048", "KAS-ECC(SSHv2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with KDF SSH.The module's KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2(path 2) compliant | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | KDF SSH KAS-ECC-SSC Sp800-56Ar3", "KAS-FFC(TLSv1.2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with TLS v1.2KDF RFC7627.The module's KAS (FFC) implementation is FIPS140-3 IG D.F Scenario 2(path 2) compliant | Bit-strength Caveat:Provides between 112 to 152 bits of encryption strength | TLS v1.2KDF RFC7627KAS-FFC-SSC Sp800-56Ar3Domain Parameter Generation Methods::ffdhe2048", "KAS-ECC(TLSv1.2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2.The module's KAS(ECC) implementation | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | TLS v1.2KDF RFC7627KAS-ECC-SSC Sp800-56Ar3", "KAS-ECC(IKEv2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2.The module's KAS(ECC) implementation is FIPS140-3 IG D.F Scenario 2(path 2) compliant | Bit-strength Caveat:Provides between 112 and 256 bits of encryption strength | KAS-ECC-SSCSp800-56Ar3KDF IKEv2", "KAS-FFC(IKEv2) | KAS-Full | Key Agreement Scheme per SP800-56Arev3 with KDF IKEv2.The module's KAS(FFC) implementation is FIPS140-3 IG D.F Scenario 2(path 2) compliant | Bit-strength Caveat:Provides between 112 and 152 bits of encryption strength | KAS-FFC-SSCSp800-56Ar3KDF IKEv2", "KTS(TLSv1.2with AES and HMAC) | KTS-Wrap | KTS via TLSv1.2service by usingAES and HMAC | Bit-strength Caveat:Provides between 128and 256 bits of encryption strength | AES-CBCKey Length:128,256HMAC-SHA-1HMAC-SHA2-256HMAC-SHA2-384SHA-1SHA2-256SHA2-384", "KTS(TLSv1.2with AES-GCM) | KTS-Wrap | KTS via TLSv1.2service by usingAES-GCM | Bit-strength Caveat:Provides between 128and 256 bits of encryption strength | AES-GCMKey Length:128,256AES-CBC", "KTS(SSHv2with AES and HMAC) | KTS-Wrap | KTS via SSHv2service by usingAES和HMAC | Bit-strength Caveat:Provides between 128and 256 bits of encryption strength | AES-CBCKey Length:128,256HMAC-SHA-1HMAC-SHA2-256", "KTS(SSHv2 with AES-GCM) | KTS-Wrap | KTS via SSHv2 service by using AES-GCM | Bit-strength Caveat:Provides between 128 and 256 bits of encryption strength | AES-GCM Key Length:128,256AES-CBC", "RSA KeyGen(SSHv2,TLSv1.2,IKEv2) | AsymKeyPair-KeyGen | RSA KeyGen for SSHv2,TLSv1.2,and IKEv2 services | RSA KeyGen(FIPS186-4)Counter DRBG Hash DRBG", "ECDSA KeyGen(SSHv2,TLSv1.2and IKEv2) | AsymKeyPair-KeyGen | ECDSA KeyGen for TLSv1.2and IKEv2 services | ECDSA KeyGen(FIPS186-4)Counter DRBG Hash DRBG", "RSA SigGen(SSHv2,TLSv1.2,IKEv2) | DigSig-SigGen | RSA SigGen for SSHv2,TLSv1.2,and IKEv2 services | RSA SigGen(FIPS186-4)", "ECDSA SigGen(SSHv2,TLSv1.2and IKEv2) | DigSig-SigGen | ECDSA SigGen for TLSv1.2,and IKEv2 services | ECDSA SigGen(FIPS186-4)", "RSA SigVer(SSHv2,TLSv1.2,and IKEv2) | DigSig-SigVer | RSA SigVer for SSHv2,TLSv1.2,and IKEv2 services | RSA SigVer(FIPS186-4)", "ECDSA SigVer(SSHv2,TLSv1.2,and IKEv2) | DigSig-SigVer | ECDSA SigVer for TLSv1.2and IKEv2 services | ECDSA SigVer(FIPS186-4)", "Block Cipher(SSHv2) | BC-AuthBC-UnAuth | Block Cipher for SSHv2 service | AES-CBCKey Length:128,256AES-GCMKey Length:128,256", "Block Cipher(TLSv1.2) | BC-AuthBC-UnAuth | Block Cipher for TLSv1.2 service | AES-GCMKey Length:128,256AES-CBCKey Length:128,256", "Block Cipher(IPSec/IKEv2) | BC-AuthBC-UnAuth | Block Cipher for IPSec/IKEv2 service | AES-CBCAES-GCMAES-CBCAES-GCM", "Block Cipher(SNMPv3) | BC-UnAuth | Block Cipher forSNMPv3 service | AES-CBCKDF SNMP", "MAC(SSHv2) | MAC | MAC for SSHv2service | HMAC-SHA-1HMAC-SHA2-256SHA-1SHA2-256", "MAC(TLSv1.2) | MAC | MessageAuthenticationforTLSv1.2services | HMAC-SHA-1HMAC-SHA2-256HMAC-SHA2-384SHA-1SHA2-256SHA2-384", "MAC(IPSec/IKEv2) | MAC | MessageAuthenticationforIPSec/IKEv2services | HMAC-SHA2-256HMAC-SHA2-384HMAC-SHA2-512SHA2-256SHA2-384SHA2-512HMAC-SHA2-256HMAC-SHA2-384HMAC-SHA2-512SHA2-256SHA2-384SHA2-512HMAC-SHA-1SHA-1", "MAC(SNMPv3) | MAC | MessageAuthenticationforSNMPv3service | HMAC-SHA-1SHA-1KDF SNMPHMAC-SHA2-256HMAC-SHA2-384SHA2-256SHA2-384HMAC-SHA2-224SHA2-224", "Firmware Load Test | MAC | MAC for firmware load test | HMAC-SHA2-512", "SSHv2 Keying Materials Development | KAS-135KDF | SSHv2 session keying materials, used to derive SSHv2 session keys | KDF SSH", "TLS Keying Materials Development | KAS-135KDF | TLS session keying materials, used to derive TLS session keys | TLS v1.2 KDF RFC7627", "IKEv2 Keying Materials Development | KAS-135KDF | IKEv2 session keying materials, used to derive IKEv2 session keys | KDF IKEv2", "SNMPv3 Keying Materials Development | KAS-135KDF | SNMPv3 session keying materials, used to derive SNMPv3 session keys | KDF SNMP", "DRBG Function | DRBG | DRBG generation | Counter DRBG Hash DRBG" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4978", "Certificate Number": "4978", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Solutions Advanced Crypto Engine (MACE) HSM – Security Level 3", "Module Type": "Hardware", "Validation Date": "02/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4978.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4978", "module_name": "Motorola Solutions Advanced Crypto Engine (MACE) HSM – Security Level 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/26/2030", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The MACE is a single-chip cryptographic module to meet FIPS 140-3 Level-3 physical security requirements. The Module provides encryption and decryption services for secure key management, and secure voice/data traffic for Motorola Solutions Micro HSM product.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4977", "Certificate Number": "4977", "Vendor Name": "Copeland, LP", "Module Name": "Copeland TempTrak Java Crypto Library", "Module Type": "Software", "Validation Date": "02/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4977.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4977", "module_name": "Copeland TempTrak Java Crypto Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Copeland TempTrack Java Crypto Library is a general-purpose cryptographic library incorporated into the TempTrak family of products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4976", "Certificate Number": "4976", "Vendor Name": "Keeper Security, Inc.", "Module Name": "Keeper Security Cryptographic Module v2", "Module Type": "Software", "Validation Date": "02/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4976.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4976", "module_name": "Keeper Security Cryptographic Module v2", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Keeper Security Cryptographic Module provides cryptographic operations for the Keeper password manager application and digital vault. Supporting storage of passwords, authentication information and other sensitive documents using 256-bit AES encryption, zero-knowledge architecture and two-factor authentication.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4975", "Certificate Number": "4975", "Vendor Name": "Certes Networks, Inc.", "Module Name": "Certes Java Cryptographic Module", "Module Type": "Software", "Validation Date": "02/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4975.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4975", "module_name": "Certes Java Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Certes Java Cryptographic Module is a general-purpose cryptographic library incorporated into the Certes family of products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4974", "Certificate Number": "4974", "Vendor Name": "Schneider Electric IT Corporation", "Module Name": "SE Cryptographic Library", "Module Type": "Software", "Validation Date": "02/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4974.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4974", "module_name": "SE Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SE Cryptographic Library is a general-purpose cryptographic library incorporated into the Schneider Electric’s products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4973", "Certificate Number": "4973", "Vendor Name": "Broadcom Inc.", "Module Name": "VMware's BoringCrypto Module", "Module Type": "Software", "Validation Date": "02/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4973.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4973", "module_name": "VMware's BoringCrypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware’s BoringCrypto Module is a versatile software library that implements and provides FIPS 140-3 approved cryptographic functionalities to various VMware products and services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4972", "Certificate Number": "4972", "Vendor Name": "Ultra Intelligence & Communications", "Module Name": "AN/KRC-6 (ATCS-BBU)", "Module Type": "Hardware", "Validation Date": "02/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4972.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4972", "module_name": "AN/KRC-6 (ATCS-BBU)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/25/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in section 11.2 of the Security Policy. The tamper evident seals installed as indicated in section 7.1.2 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The AN-KRC-6 (\"the Module\"), is a multiband, point-to-point (PTP), point-to-multipoint (PMP) and Mesh radio system. The Module operates as a component of the larger Amphibious Tactical Communications System (ATCS). The Module can also be referred to as the ATCS BBU. Each module can communicate wirelessly with other devices using the local RF channel frequencies, polarization and topology (LBH, NBH or UNW). The Module operates in VHF (RF band 3+). The Module offers encrypted digital communications over the TLS protocols, and management via SNMPv3.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4971", "Certificate Number": "4971", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "Amazon Linux 2023 Libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "02/24/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4971.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4971", "module_name": "Amazon Linux 2023 Libgcrypt Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/23/2030", "overall_level": 1, "caveat": "When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon Linux 2023 Libgcrypt Cryptographic Module is a software library implementing general purpose cryptographic algorithms.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "Symmetric encryption | AES encryption using non-approved AES modes | AES-GCM,AES-GCM-SIV,AES-OCB,AES-EAX | CO", "Symmetric decryption | AES decryption using non-approved AES modes | AES-GCM,AES-GCM-SIV,AES-OCB,AES-EAX | CO", "Shared Secret Computation | ECDH Shared Secret Computation | ECDH | CO", "Key generation | Generate RSA/ECDSA key pairs with non-approved public key flags | RSAECDSA | CO", "Digital signature generation | RSA/ECDSA signature generation with non-approved public key flags | RSA with non-approved public key flagsECDSA with non-approved public key flags | CO", "Digital signature verification | RSA/ECDSA signature verification with non-approved public key flags | RSA with non-approved public key flagsECDSA with non-approved public key flags | CO", "Asymmetric encryption primitives | RSA encryption primitives | RSA | CO", "Free cipher handle | Zeroizes the SSPs contained within the provided cipher handle | Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. The completion of a zeroization routine will indicate that a zeroization procedure succeeded. | By calling the appropriate zeroization functions: AES key: gcry\\_cipher\\_close HMAC key: gcry\\_mac\\_close, gcry\\_free Key-derivation key: gcry\\_free Derived key: gcry\\_free RSA keys: gcry\\_mpi\\_release, gcry\\_sexp\\_release, gcry\\_free EC keys: gcry\\_mpi\\_release, gcry\\_free, gcry\\_mpi\\_point\\_release, gcry\\_sexp\\_release, gcry\\_ctx\\_release Entropy input: gcry\\_ctrl(GCRYCTL\\_TERM\\_SECMEM) Internal state: gcry\\_ctrl(GCRYCTL\\_TERM\\_SECMEM)", "AES keys | AES key used for encryption, decryption, key wrapping, key unwrapping,and computing MAC tags | XTS:256,512bits;Other modes:128,192,256bits-XTS:128,256bits;Other modes:128,192,256bits | Symmetrickey-CSP | Key wrapping usingAESCCMKey wrappingusingAESKWKeyunwrappingusingAESCCMKeyunwrappingusingAESKWEncryptionwithAESDecryptionwithAES", "HMACkeys | HMAC key used for message authenticationcode | 112to256bits-112to256bits | Symmetrickey-CSP | MessageAuthenticationCode", "RSA public keys | Public key used for RSA signature verification | 1024,1536,2048,3072,4096bits-80,96,112,128,149bits | Publickey-PSP | KeyPairGenerationwithRSA | KeyPairGenerationwithRSASignatureVerificationwithRSA", "RSA private keys | Private key used for RSA signature generation | 2048,3072,4096bits-112,128,149bits | Privatekey-CSP | KeyPairGenerationwithRSA | KeyPairGenerationwithRSASignatureGenerationwithRSA", "ECDSApublic keys | Public key used for ECDSA signature verification | P-224,P-256,P-384,P-521-112,128,192,256bits | Publickey-PSP | KeyPairGenerationwithECDSA | KeyPairGenerationwithECDSASignature", "ECDSA private keys | Private key used for ECDSA signature generation | P-224,P-256,P-384,P-521-112,128,192,256bits | Private key-CSP | Key Pair Generation with ECDSA | Key Pair Generation with ECDSA Signature Generation with ECDSA", "Password or passphrase | PBKDF2 password | At least 8 characters-N/A | Password or passphrase-CSP | Key Derivation with PBKDF", "Derived key | PBKDF2 derived key | 112-256 bits-112-256bits | Symmetric key-CSP | Key Derivation with PBKDF | Key Derivation with PBKDF", "Entropy input | Entropy input used to seed the DRBGs | 128-384 bits-128-256bits | Entropy input-CSP | Random Number Generation with DRBG", "DRBG internal state(Vvalue,key) | Internal state of CTR\\_DRBG and HMAC\\_DRBG | CTR\\_DRBG:256,320,348bits;HMAC\\_DRBG:320,512,1024bits-CTR\\_DRBG:128,192,256bits;HMAC\\_DRBG:128,256bits | Internal state-CSP | Random Number Generation with DRBG | Random Number Generation with DRBG", "DRBG internal state(Vvalue,Cvalue) | Internal state of Hash\\_DRBG | 880,1776bits-128,256bits | Internal state-CSP | Random Number Generation with DRBG | Random Number Generation with DRBG", "DRBG seed | DRBG seed derived from entropy input | CTR\\_DRBG:256,320,348bits;Hash DRBG:440,888bits;HMAC\\_DRBG:160,256,512bits-CTR\\_DRBG:128,192,256bits;Hash\\_DRBG:128,256bits;HMAC\\_DRBG:128,256bits | Seed-CSP | RandomNumberGenerationwithDRBG | RandomNumberGenerationwithDRBG", "AES keys | API input parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module", "HMAC keys | API input parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module", "RSA public keys | API input parametersAPI output parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | RSA private keys:Paired With", "RSA private keys | API input parametersAPI output parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | RSA public keys:Paired With", "ECDSA public keys | API input parametersAPI output parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | ECDSA private keys:Paired With", "ECDSA private keys | API input parametersAPI output parameters | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | ECDSA public keys:Paired With", "Entropy input | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | DRBG seed:Generates", "DRBG internal state(V value,key) | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | DRBG seed:Generated from", "DRBG internal state(V value,C value) | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | DRBG seed:Generated from", "DRBG seed | RAM:Plaintext | For the duration of the service | Free cipher handleRemove power from the module | Entropy input:Generated fromDRBG internal state(V value,key):GeneratesDRBG internal state(V value,C value):Generates", "HMAC-SHA2-256(A4597) | Key size:376bits | MessageAuthentication | SW/FWIntegrity | Module is operational | Integrity test forlibgcrypt.so.20.4.2", "HMAC-SHA2-256(A4598) | Key size:376bits | MessageAuthentication | SW/FWIntegrity | Module is operational | Integrity test forlibgcrypt.so.20.4.2", "HMAC-SHA2-256(A4600) | Key size:376bits | MessageAuthentication | SW/FWIntegrity | Module is operational | Integrity test forlibgcrypt.so.20.4.2", "HMAC-SHA2-256(A4601) | Key size:376bits | MessageAuthentication | SW/FWIntegrity | Module is operational | Integrity test forlibgcrypt.so.20.4.2", "HMAC-SHA2-256(A4602) | Key size:376bits | MessageAuthentication | SW/FWIntegrity | Module is operational | Integrity test forlibgcrypt.so.20.4.2", "AES-ECB(A4597) | AES ECB mode with 128,192,256-bit keys for encryption | KAT | CAST | Module is operational | Encryption | Module initialization or on demand through API function call", "AES-ECB(A4598) | AES ECB mode with 128,192,256-bit keys for encryption | KAT | CAST | Module is operational | Encryption | Module initialization or on demand", "AES-ECB(A4600) | AES ECB mode with 128,192,256-bit keys for encryption | KAT | CAST | Module is operational | Encryption | Module initialization or on demand through API function call", "AES-ECB(A4601) | AES ECB mode with 128,192,256-bit keys for encryption | KAT | CAST | Module is operational | Encryption | Module initialization or on demand through API function call", "AES-ECB(A4597) | AES ECB mode with 128,192,256-bit keys for decryption | KAT | CAST | Module is operational | Decryption | Module initialization or on demand through API function call", "AES-ECB(A4598) | AES ECB mode with 128,192,256-bit keys for decryption | KAT | CAST | Module is operational | Decryption | Module initialization or on demand through API function call", "AES-ECB(A4600) | AES ECB mode with 128,192,256-bit keys for decryption | KAT | CAST | Module is operational | Decryption | Module initialization or on demand through API function call", "AES-ECB(A4601) | AES ECB mode with 128,192,256-bit keys for decryption | KAT | CAST | Module is operational | Decryption | Module initialization or on demand through API function call", "AES-CMAC(A4597) | AES CMAC with 128-bit key, MAC generation | KAT | CAST | Module is operational | Message Authentication | Module initialization or", "AES-CMAC(A4598) | AES CMAC with 128-bit key, MAC generation | KAT | CAST | Module is operational | Message Authentication | Module initialization or on demand through API function call", "AES-CMAC(A4600) | AES CMAC with 128-bit key, MAC generation | KAT | CAST | Module is operational | Message Authentication | Module initialization or on demand through API function call", "AES-CMAC(A4597) | AES CMAC with 128-bit key, MAC generation | KAT | CAST | Module is operational | Message Authentication | Module initialization or on demand through API function call", "Counter DRBG(A4597) | CTR\\_DRBG with 129-bit key with DF, with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "Counter DRBG(A4598) | CTR\\_DRBG with 129-bit key with DF, with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "Counter DRBG(A4600) | CTR\\_DRBG with 129-bit key with DF, with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "Counter DRBG(A4601) | CTR\\_DRBG with 129-bit key with DF, with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP800-90Ar1 | Module initialization or on demand through API function call", "Hash DRBG(A4597) | SHA-256 with and without PR; SHA-1 without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP800-90Ar1 | Module initialization or on demand through API function call", "Hash DRBG(A4598) | SHA-256 with and without PR; SHA-1 without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP800-90Ar1 | Module initialization or on demand through API function call", "HMAC DRBG(A4597) | SHA-256 with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP800-90Ar1 | Module initialization or on demand", "HMAC DRBG(A4598) | SHA-256 with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "HMAC DRBG(A4600) | SHA-256 with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "HMAC DRBG(A4601) | SHA-256 with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "HMAC DRBG(A4602) | SHA-256 with and without PR | KAT | CAST | Module is operational | Compliant with section 11.3 of SP 800-90Ar1 | Module initialization or on demand through API function call", "ECDSA SigGen(FIPS186-4)(A4597) | ECDSA signature generation with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature generation | Module initialization or on demand through API function call", "ECDSA SigGen(FIPS186-4)(A4598) | ECDSA signature generation with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature generation | Module initialization or on demand through API function call", "ECDSA SigGen | ECDSA signature generation with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature generation | Module initialization or", "ECDSA SigGen(FIPS186-4)(A4601) | ECDSA signature generation with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature generation | Module initialization or on demand through API function call", "ECDSA SigGen(FIPS186-4)(A4602) | ECDSA signature generation with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature generation | Module initialization or on demand through API function call", "ECDSA SigVer(FIPS186-4)(A4597) | ECDSA signature verification with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature verification | Module initialization or on demand through API function call", "ECDSA SigVer(FIPS186-4)(A4598) | ECDSA signature verification with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature verification | Module initialization or on demand through API function call", "ECDSA SigVer(FIPS186-4)(A4600) | ECDSA signature verification with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature verification | Module initialization or on demand through API function call", "ECDSA SigVer(FIPS186-4)(A4601) | ECDSA signature verification with P-256 and SHA-256 | KAT | CAST | Module is operational | Signature verification | Module initialization or on demand through API function call", "ECDSA SigVer(FIPS186-4)(A4602) | ECDSA signature verification withP-256 and SHA-256 | KAT | CAST | Module is operational | Signature verification | Module initialization or on demand through API function call", "HMAC-SHA-1(A4596) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA-1(A4597) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA-1(A4598) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA-1(A4599) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA-1(A4600) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA-1(A4601) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand", "HMAC-SHA-1(A4602) | HMAC-SHA-1 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-224(A4597) | HMAC-SHA-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-224(A4598) | HMAC-SHA-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-224(A4600) | HMAC-SHA-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-224(A4601) | HMAC-SHA-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-224(A4602) | HMAC-SHA-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-256(A4597) | HMAC-SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-256(A4598) | HMAC-SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-256(A4600) | HMAC-SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-256(A4601) | HMAC-SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-256(A4602) | HMAC-SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-384(A4597) | HMAC-SHA-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-384(A4598) | HMAC-SHA-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand", "HMAC-SHA2-384(A4600) | HMAC-SHA-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-384(A4601) | HMAC-SHA-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-384(A4602) | HMAC-SHA-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-512(A4597) | HMAC-SHA-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-512(A4598) | HMAC-SHA-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-512(A4600) | HMAC-SHA-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-512(A4601) | HMAC-SHA-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA2-512(A4602) | HMAC-SHA-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-224(A4597) | HMAC-SHA3-224 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-256(A4597) | HMAC-SHA3-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-256(A4598) | HMAC-SHA3-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand", "HMAC-SHA3-256(A4602) | HMAC-SHA3-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-384(A4597) | HMAC-SHA3-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-384(A4598) | HMAC-SHA3-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-384(A4602) | HMAC-SHA3-384 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-512(A4597) | HMAC-SHA3-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-512(A4598) | HMAC-SHA3-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "HMAC-SHA3-512(A4602) | HMAC-SHA3-512 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigGen(FIPS186-4)(A4597) | PKCS#1 v1.5 with 2048-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigGen(FIPS186-4)(A4598) | PKCS#1 v1.5 with 2048-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigGen(FIPS186-4)(A4601) | PKCS#1 v1.5 with 2048-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigGen(FIPS186-4)(A4602) | PKCS#1 v1.5 with 2048-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigVer(FIPS186-4)(A4597) | PKCS#1 v1.5 with 2084-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand", "RSA SigVer(FIPS186-4)(A4598) | PKCS#1v1.5 with 2084-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigVer(FIPS186-4)(A4600) | PKCS#1v1.5 with 2084-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigVer(FIPS186-4)(A4601) | PKCS#1v1.5 with 2084-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "RSA SigVer(FIPS186-4)(A4602) | PKCS#1v1.5 with 2084-bit key and SHA-256 | KAT | CAST | Module is operational | Message authentication | Module initialization or on demand through API function call", "SHA-1(A4596) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA-1(A4597) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA-1(A4598) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or", "SHA-1(A4600) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA-1(A4601) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA-1(A4602) | SHA-1 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-224(A4597) | SHA-224 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-224(A4598) | SHA-224 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-224(A4600) | SHA-224 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-224(A4601) | SHA-224 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-224(A4602) | SHA-224 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-256(A4597) | SHA-256 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-256(A4598) | SHA-256 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-256(A4600) | SHA-256 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-256(A4601) | SHA-256 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-256(A4602) | SHA-256 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand", "SHA2-384(A4597) | SHA-384 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-384(A4598) | SHA-384 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-384(A4600) | SHA-384 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-384(A4601) | SHA-384 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-384(A4602) | SHA-384 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-512(A4597) | SHA-512 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-512(A4598) | SHA-512 | KAT | CAST | Module is operational | Message digest | Module initialization or", "SHA2-512(A4600) | SHA-512 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-512(A4601) | SHA-512 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "SHA2-512(A4602) | SHA-512 | KAT | CAST | Module is operational | Message digest | Module initialization or on demand through API function call", "PBKDF(A4597) | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096,and salt length of 288 bits;SHA-256 password length 24 characters,master key length of 320 bits,iteration count of 4096,and salt length of 288 bits | KAT | CAST | Module is operational | Password-based key derivation | Module initialization or on demand through API function call", "PBKDF(A4598) | SHA-1 password length 24 characters,master key length of 200 bits,iteration count of 4096,and salt length of 288 bits;SHA-256 password length 24 characters,master key length of 320 bits,iteration count of 4096,and salt length of 288 bits | KAT | CAST | Module is operational | Password-based key derivation | Module initialization or on demand through API function call", "PBKDF(A4600) | SHA-1 password length 24 characters, master key length of 200 bits, iteration count of 4096,and salt length of 288 bits;SHA-256 password length 24 characters,master key length of 320 bits,iteration count of 4096,and salt length of 288 bits | KAT | CAST | Module is operational | Password-based key derivation | Module initialization or on demand through API function call", "PBKDF(A4601) | SHA-1 password length 24 characters,master key length of 200 bits,iteration count of 4096,and salt length of 288 bits;SHA-256 password length 24 characters,master key length of 320 bits,iteration count of 4096,and salt length of 288 bits | KAT | CAST | Module is operational | Password-based key derivation | Module initialization or on demand through API function call", "PBKDF(A4602) | SHA-1 password length 24 characters,master key length of 200 bits,iteration count of 4096,and salt length of 288 bits;SHA-256 password length 24 characters,master key length of 320 bits,iteration count of 4096,and salt length of 288 bits | KAT | CAST | Module is operational | Password-based key derivation | Module initialization or on demand through API function call", "ECDSA KeyGen(FIPS186-4)(A4597) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | EC key pair generation | Key generation", "ECDSA KeyGen(FIPS186-4)(A4598) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | EC key pair generation | Key generation", "ECDSA KeyGen | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | EC key pair generation | Key generation", "ECDSA KeyGen(FIPS186-4)(A4601) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | EC key pair generation | Key generation", "ECDSA KeyGen(FIPS186-4)(A4602) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | EC key pair generation | Key generation", "RSA KeyGen(FIPS186-4)(A4597) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | RSA key pair generation | Key generation", "RSA KeyGen(FIPS186-4)(A4598) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | RSA key pair generation | Key generation", "RSA KeyGen(FIPS186-4)(A4600) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | RSA key pair generation | Key generation", "RSA KeyGen(FIPS186-4)(A4601) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | RSA key pair generation | Key generation", "RSA KeyGen(FIPS186-4)(A4602) | Signature generation and verification with SHA-256 | PCT | PCT | Successful key generation | RSA key pair generation | Key generation", "HMAC-SHA2-256(A4597) | MessageAuthentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on", "HMAC-SHA2-256(A4598) | MessageAuthentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on", "HMAC-SHA2-256(A4600) | MessageAuthentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on", "HMAC-SHA2-256(A4601) | MessageAuthentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on", "HMAC-SHA2-256(A4602) | MessageAuthentication | SW/FW Integrity | Whenever the module is powered on | Upon every power on", "AES-ECB(A4597) | KAT | CAST | On demand | Manually", "AES-ECB(A4598) | KAT | CAST | On demand | Manually", "AES-ECB(A4600) | KAT | CAST | On demand | Manually", "AES-ECB(A4601) | KAT | CAST | On demand | Manually", "AES-CMAC(A4597) | KAT | CAST | On demand | Manually", "AES-CMAC(A4598) | KAT | CAST | On demand | Manually", "AES-CMAC(A4600) | KAT | CAST | On demand | Manually", "Counter DRBG(A4597) | KAT | CAST | On demand | Manually", "Counter DRBG(A4598) | KAT | CAST | On demand | Manually", "Counter DRBG(A4600) | KAT | CAST | On demand | Manually", "Counter DRBG(A4601) | KAT | CAST | On demand | Manually", "Hash DRBG(A4597) | KAT | CAST | On demand | Manually", "Hash DRBG(A4598) | KAT | CAST | On demand | Manually", "HMAC DRBG(A4597) | KAT | CAST | On demand | Manually", "HMAC DRBG(A4598) | KAT | CAST | On demand | Manually", "HMAC DRBG(A4600) | KAT | CAST | On demand | Manually", "HMAC DRBG(A4601) | KAT | CAST | On demand | Manually", "HMAC DRBG(A4602) | KAT | CAST | On demand | Manually", "ECDSA SigGen(FIPS186-4)(A4597) | KAT | CAST | On demand | Manually", "ECDSA SigGen(FIPS186-4)(A4598) | KAT | CAST | On demand | Manually", "ECDSA SigGen(FIPS186-4)(A4600) | KAT | CAST | On demand | Manually", "ECDSA SigGen(FIPS186-4)(A4601) | KAT | CAST | On demand | Manually", "ECDSA SigGen(FIPS186-4)(A4602) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-4)(A4597) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-4)(A4598) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-4)(A4600) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-4)(A4601) | KAT | CAST | On demand | Manually", "ECDSA SigVer(FIPS186-4)(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4596) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4599) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4600) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4601) | KAT | CAST | On demand | Manually", "HMAC-SHA-1(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224(A4600) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224(A4601) | KAT | CAST | On demand | Manually", "HMAC-SHA2-224(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A4600) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A4601) | KAT | CAST | On demand | Manually", "HMAC-SHA2-256(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384(A4600) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384(A4601) | KAT | CAST | On demand | Manually", "HMAC-SHA2-384(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512(A4600) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512(A4601) | KAT | CAST | On demand | Manually", "HMAC-SHA2-512(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA3-224(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA3-256(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA3-256(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA3-256(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA3-384(A4602) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512(A4597) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512(A4598) | KAT | CAST | On demand | Manually", "HMAC-SHA3-512(A4602) | KAT | CAST | On demand | Manually", "RSA SigGen(FIPS186-4)(A4597) | KAT | CAST | On demand | Manually", "RSA SigGen(FIPS186-4)(A4598) | KAT | CAST | On demand | Manually", "RSA SigGen(FIPS186-4)(A4601) | KAT | CAST | On demand | Manually", "RSA SigGen(FIPS186-4)(A4602) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-4)(A4597) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-4)(A4598) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-4)(A4600) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-4)(A4601) | KAT | CAST | On demand | Manually", "RSA SigVer(FIPS186-4)(A4602) | KAT | CAST | On demand | Manually", "SHA-1(A4596) | KAT | CAST | On demand | Manually", "SHA-1(A4597) | KAT | CAST | On demand | Manually", "SHA-1(A4598) | KAT | CAST | On demand | Manually", "SHA-1(A4600) | KAT | CAST | On demand | Manually", "SHA-1(A4601) | KAT | CAST | On demand | Manually", "SHA-1(A4602) | KAT | CAST | On demand | Manually", "SHA2-224(A4597) | KAT | CAST | On demand | Manually", "SHA2-224(A4598) | KAT | CAST | On demand | Manually", "SHA2-224(A4600) | KAT | CAST | On demand | Manually", "SHA2-224(A4601) | KAT | CAST | On demand | Manually", "SHA2-224(A4602) | KAT | CAST | On demand | Manually", "SHA2-256(A4597) | KAT | CAST | On demand | Manually", "SHA2-256(A4598) | KAT | CAST | On demand | Manually", "SHA2-256(A4600) | KAT | CAST | On demand | Manually", "SHA2-256(A4601) | KAT | CAST | On demand | Manually", "SHA2-256(A4602) | KAT | CAST | On demand | Manually", "SHA2-384(A4597) | KAT | CAST | On demand | Manually", "SHA2-384(A4598) | KAT | CAST | On demand | Manually", "SHA2-384(A4600) | KAT | CAST | On demand | Manually", "SHA2-384(A4601) | KAT | CAST | On demand | Manually", "SHA2-384(A4602) | KAT | CAST | On demand | Manually", "SHA2-512(A4597) | KAT | CAST | On demand | Manually", "SHA2-512(A4598) | KAT | CAST | On demand | Manually", "SHA2-512(A4600) | KAT | CAST | On demand | Manually", "SHA2-512(A4601) | KAT | CAST | On demand | Manually", "SHA2-512(A4602) | KAT | CAST | On demand | Manually", "PBKDF(A4597) | KAT | CAST | On demand | Manually", "PBKDF(A4598) | KAT | CAST | On demand | Manually", "PBKDF(A4600) | KAT | CAST | On demand | Manually", "PBKDF(A4601) | KAT | CAST | On demand | Manually", "PBKDF(A4602) | KAT | CAST | On demand | Manually", "ECDSA KeyGen(FIPS186-4)(A4597) | PCT | PCT | On demand | Manually", "ECDSA KeyGen(FIPS186-4)(A4598) | PCT | PCT | On demand | Manually", "ECDSA KeyGen(FIPS186-4)(A4600) | PCT | PCT | On demand | Manually", "ECDSA KeyGen(FIPS186-4)(A4601) | PCT | PCT | On demand | Manually", "ECDSA KeyGen(FIPS186-4)(A4602) | PCT | PCT | On demand | Manually", "RSA KeyGen(FIPS186-4)(A4597) | PCT | PCT | On demand | Manually", "RSA KeyGen(FIPS186-4)(A4598) | PCT | PCT | On demand | Manually", "RSA KeyGen(FIPS186-4)(A4600) | PCT | PCT | On demand | Manually", "RSA KeyGen(FIPS186-4)(A4601) | PCT | PCT | On demand | Manually", "RSA KeyGen(FIPS186-4)(A4602) | PCT | PCT | On demand | Manually", "pss | public-key | q | r | raw | rsa | salt-length", "rsa-use-e | s", "AES | Advanced Encryption Standard", "AES-NI | Advanced Encryption Standard New Instructions", "DRBG | Deterministic Random Bit Generator", "HMAC | Hash Message Authentication Code", "KW | AES Key Wrap", "RSA | Rivest, Shamir, Adleman", "SHA | Secure Hash Algorithm" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4970", "Certificate Number": "4970", "Vendor Name": "Honeywell International Inc.", "Module Name": "Honeywell Mobility Edge™ Boring Crypto", "Module Type": "Software", "Validation Date": "02/24/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4970.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4970", "module_name": "Honeywell Mobility Edge™ Boring Crypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Honeywell Mobility Edge™ Boring SSL cryptographic module is a library that provides FIPS 140-3 approved cryptographic algorithms for the Boring SSL and other user-space Android applications which require cryptographic functionality. The physical cryptographic boundary is Honeywell Android mobile computer on which this module is installed.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4969", "Certificate Number": "4969", "Vendor Name": "Solo.io", "Module Name": "Gloo Boring Crypto", "Module Type": "Software", "Validation Date": "02/21/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4969.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4969", "module_name": "Gloo Boring Crypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4968", "Certificate Number": "4968", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Rancher Kubernetes Cryptographic Library", "Module Type": "Software", "Validation Date": "02/20/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4968.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4968", "module_name": "SUSE Rancher Kubernetes Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptography to serve SUSE’s Rancher Kubernetes Engine and its ecosystem of supported cloud-native tools written in the Go programming language.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4967", "Certificate Number": "4967", "Vendor Name": "Dell Australia Pty Limited, BSAFE Product Team", "Module Name": "Dell BSAFE™ Crypto Module for C", "Module Type": "Software", "Validation Date": "02/19/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4967.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4967", "module_name": "Dell BSAFE™ Crypto Module for C", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/18/2027", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Dell BSAFE™ Crypto Module for C software library is designed for developers to incorporate FIPS 140-3 approved cryptography into C-based products. BSAFE™ Crypto Module security software helps protect sensitive data as it is stored, using strong encryption techniques that ease integration with existing data models. Using the capabilities of BSAFE™ Crypto Module software in applications helps provide a persistent level of protection for data, lessening the risk of internal, as well as external, compromise.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4966", "Certificate Number": "4966", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 3100 Series)", "Module Type": "Hardware", "Validation Date": "02/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4966.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4966", "module_name": "Cisco Adaptive Security Appliance Cryptographic Module (FPR 3100 Series)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/13/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section \"Life-Cycle Assurance\" of the Security Policy. The tamper evident seals and opacity shields installed as indicated in Section \"Physical Security\" of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The market-leading Cisco ASA delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA provides comprehensive security, performance, and reliability for network environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4446 | Direction- Decrypt, Encrypt", "AES-GCM | A4446 | Direction- Decrypt, Encrypt", "Counter DRBG | A4446 | Prediction Resistance - Yes Mode - AES-128,AES-192,AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A4446 | Curve - P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4446 | Curve - P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4446 | Curve - P-256,P-384,P-521 | FIPS 186-4", "HMAC-SHA-1 | A4446 | Key Length - Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4446 | Key Length - Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4446 | Key Length - Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4446 | Key Length - Key Length:256-448 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4446 | Key Length - Key Length:256-448 Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4446 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096 | SP 800-56ARev.3", "KDF IKEv2(CVL) | A4446 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A4446 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SSH(CVL) | A4446 | Cipher-AES-128,AES-192,AES-256 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4446 | Key Generation Mode-B.3.4Modulo-2048,3072,4096Hash Algorithm-SHA2-256Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4446 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4446 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4446 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4965", "Certificate Number": "4965", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung TCG Opal SSC Cryptographic Sub-Chip", "Module Type": "Hardware", "Validation Date": "02/13/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4965.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4965", "module_name": "Samsung TCG Opal SSC Cryptographic Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/12/2030", "overall_level": 2, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The sub-chip is contained within the Samsung SoC. The SoC is implemented within a TCG Opal SED.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ], "algorithms_detailed": [ "A4252 | AES \\[FIPS 197, SP 800-38A\\] | ECB | 256 bits / 256 bits | Encryption", "A4252 | AES \\[FIPS 197, SP 800-38D\\] | GCM (internal IV)Section 8.2.2 of SP 800-38D | 256 bits / 256 bits | AuthenticatedEncryption/Decryption", "A4252 | ECDSA key generation\\[FIPS 186-4\\] | Appendix B.4.2 TestingCandidates | P-384 / 192 bits | key generation", "A4252 | ECDSA signatureverification \\[FIPS 186-4\\] | Using SHA2-384 | P-384 / 192 bits | signature verification", "A4252 | HMAC \\[FIPS 198-1\\] | SHA2-256 | 112-512 bits / 112-256 bits | Message AuthenticationCode", "A4252 | KAS-ECC-SSC\\[SP 800-56Arev3\\] | staticUnified | P-384 / 192 bits | Shared secretcomputation", "A4252 | KDA \\[SP 800-56Crev2\\] | One step no counter | 256 bits / 256 bits | Key derivation", "A4252 | KDF \\[SP 800-108\\] | Counter using HMAC-SHA2-256 | 256 bits | Key derivation", "A4252 | SHS \\[FIPS 180-4\\] | SHA2-256,SHA2-384 | N/A | Hashing", "A4135 | AES \\[FIPS 197, SP 800-38A\\] | ECB | 256 bits / 256 bits | Encryption", "A4135 | CTR\\_DRBG \\[SP 800-90A\\] | AES-256 with derivationfunction | 256 bits / 256 bits | Random numbergeneration", "AES-XTS | Used for Decrypt Firmware to decrypt FW provided by H-CoreUsed for Verify Decrypt Firmware together with ECDSA signatureverification to decrypt and verify signature of FW provided by H-Core", "RSA Encrypt | Used for Get Dump Key to encrypt the AES-XTS dump key", "ECDSA verification with AES XTS | Used for Verify Decrypt Firmware together with AES-XTS decryption", "ECDH Keyagreement | KAS | SP 800-56Arev3.KAS-ECC per IGD.F Scenario 2path (2) | P-384 curve providing 192 bits ofsecurity strength | KAS-ECC-SSC / A4252KDA / A4252", "AES GCM | KTS | SP 800-38D andSP 800-38F. KTS(key wrappingandunwrapping) perIG D.G | 256-bit key providing 256 bits ofsecurity strength | AES GCM / A4252", "ECDSA key pairgeneration | CKG | EC Curve: P-384; Security strength: 192 bitsMethod: FIPS 186-4 Appendix B.4.2 Testing CandidatesCompliant to SP 800-133r2, Section 5.2", "ECDH Keyagreement | KAS-ECC-SSCwith SP 800-56Crev2 | Curves: P-384; Security strength: 192 bitsKDF: One Step KDF with no counterCompliant with SP 800-56Ar3 and IG D.F Scenario 2 (2)", "AES Key Transport | GCM | AES GCM using 256 bit Key Compliant with IG D.G and SP 800-38F", "Key-BasedKDF | Operator keys that are necessary to accessauthenticated commands, are access controlledusing 256-bit Credential Protection Key (CPK)which is derived from SP 800-108 KDF usingAuthority ID, Password and KDK\\_CPK i.e. keyderivation key for CPK. Only the operator withvalid Authority ID and Password (minimum of 8bytes) can lead to derivation of valid CPK whichwill allow the operator to access theauthenticated commands. The module does notsupport concurrent operators and it does notmaintain any authentication results acrosspower cycle. | The modulewaits for750ms after afailed attempt. | Probability ofsuccess: 1/264 | Probability ofsuccess:80/264", "SysID | CO | Key-Based KDF", "AdminSP.SID | CO | Key-Based KDF", "AdminSP.Admin1 | Co | Key-Based KDF", "LockingSP.Admin1~4 | CO | Key-Based KDF", "LockingSP.User1~9 | User | Key-Based KDF", "CreateNamespace | CreateNamespace | 1 | None | Success/Failure | AES-GCM,EECDH KeyAgreement,CTR\\_DRBG,SHA,HMAC | SysID | EWGZ: \\[CK,PK, SK\\];EWZ: \\[KEK,KPK;E: \\[SMK,KMK, REK\\] | \\", "DeleteNamespace | DeleteNamespace | 1 | NamespaceSelection | Success/Failure | AES-GCM,CTR\\_DRBG,HMAC | SysID | EWGZ:\\[MEK\\];E W: \\[KEK,KPK\\];E: \\[SMK,KMK, REK\\] | \\", "Format NVM | Cryptographically erasea specificNamespace'S MEK | 1 | None | Success/Failure | AES-GCM,CTR\\_DRBG,HMAC | SysID | EWGZ:\\[MEK\\];EWZ: \\[KEK,KPK\\];E: \\[SMK,KMK, REK\\] | \\", "PermanentWWriteProtection | EnableNVMe writeprotection | 1 | None | Success/ailure | AES-GCM,HMAC | SysID | EWZ: \\[KPK,KEK\\];E: \\[SMK,KMK, REK\\] | \\", "Sanitize | Erase allMs andgeneratenew MEK tosupportNVMeSanitize | 1 | None | Success/Failure | AES-GCM,CT CTRDRBG,HMAC | SysID | EWGZ:MEK\\];EWZ: \\[KEK,KPK\\];E: \\[SMK,KMK, REK\\]", "CryptoErase | Erase allMEKs andgeneratenew MEK tosupportNVMeCryptoErase | 1 | None | Success/Failure | AES-GCM,CTR\\_DRBG,HMAC | SysID | EWGZ:\\[MEK\\];EWZ: \\[KEK,KPK\\];E: \\[SMK,KMK, REK\\]", "Activate | MakeAdminSP totransition totheManufactured{2 state | 1 | PIN | Success/ailure | AES-GCM,CTR\\_DRBG,HMAC,ECDH Key Agreement,BKF,SHA | AdminSP.SID | EWGZ:\\[KPK, MEK,CPK,,KD\\_CPK,KDK\\_KK;EWZ: \\[PIN\\];WGZ: \\[SK,PK\\];E: \\[REK,SMK, KMK\\] | \\", "Reactivate | Support TCGSUMmethod thatchange to\"Single UserMode\" fromTCG Opalfeature setspec. | 1 | PIN | Success/Failure | AES-GCM,CTR\\_DRBG,HMAC,ECDH KeyAgreement,KBKDF, SHA | AdminSP.SIDAdminSP.Admin1 | EWGZ:EKPK, MEK,CPK,,KDK\\_CPK,KPK;EWZ PINT\\];WG: \\[SK,PK\\];E: \\[REK,SMK, KMK\\]", "Assign | Support TCGCNL methodto coupleLockingObject fromNSGlobalRange | 1 | TargetNamespace,TargetLockingObject | Success/Failure | AES-GCM,ECDH KeyAgreement,CTR\\_DRBG,SHA, HMAC | LockingSP.Admin1~4LockingSP.User1~9 | EWGZ:MEK, CK,PK, SK\\];EGZ: KK,KPK;E: \\[REK,SMK, KMK\\]", "Deassign | Support TCGCNL methodto decoupleLockingObject fromNSGlobalRange | 1 | TargetNamespace,TargetLockingbject | Success/Failure | AES-GCM, ECDH KeyAgreement,CTR\\_DRBG,SHA, HMAC | LockingSP.Admin1~4LockingSP.Uer19 | EWGZ:MEK, CK,PK, SK\\];EGZ: \\[KEK,KPK;E: \\[REK,SMK, KMK\\] | \\", "Erase | Support TCGSUMmethod tocryptoerase.EraseGlobalcrypto erase MEK whichassign toGlobalRange | 1 | TargetNamespace | Success/ailure | AES-GCM,CTRDRBG,HMAC,ECDH KeyAgreement,KBKDF, SHA | LockingSP.Admin14LockingSP.Userl~9 | EWGZ:\\[MEK, CPK,KDK\\_CPK,K\\_CPK,PK, SK\\];EWZ: \\[KPK\\];EZ: \\[PIN\\];: \\[REK,SMK, KMK\\] | \\", "Genkey | Support TCGmethod tocryptoerase.GenkeyNonGlobalcrypto eraseMEK whichassign toGlobalRange | 1 | TargetNamespace | Success/Failure | AES-GCM,CTRDRBG,HMAC | LockingSP.Admin14LockingSP.Userl19 | EWGZ:\\[MEK\\];EWZ: \\[KEK,KPK\\];E: \\[REK,SMK, KMK\\] | \\", "Grant | Support TCGmethod thatgrants aUser'sauthority toanotherauthority | 1 | TargetAuthority | Success/Failure | AES-GCM,EECDH KeyAgreement,TRDRBG,SHA, HMAC | LockingSP.Admin14LockingSP.User1~9 | EWGZ: \\[CK,PK, SK\\];EWZ: \\[KEK,KPK;E: \\[REK,SMK, KMK\\] | \\", "Revert | Support TCGmethod tomake a TCGstate toManufactured2inactivatestate withpassword | 1 | PIN | Success/Failure | AES-GCM,CTRDRBG,HMAC,KBKDF, SHA | AdminSP.SIDAdminSP.Admin1 | EWGZ:\\[KEK, KPK,K, CPK,KD\\_CPK,KDK\\_KK; WZ: \\[SK,PK\\];EZ: \\[PIN\\];E: \\[REK,SMK, KMK\\] | \\", "RevertWithPSID | Support TCGmethod tomake a TCGstate toManufactured{2inactivatestate withPSID | 1 | PIN | Success/Failure | AES-GCM,CTR\\_DRBG,HMAC,KBKDF, SHA | SysID | EWGZ:\\[KEK, KPK, MEK, CPK,KDK\\_CPK,KDK\\_KPK\\]; WZ: \\[SK,PK\\];EZ: \\[PIN\\];E: \\[REK,SMK, KMK\\] | \\", "RevertSP | Clear state of TCGServiceProvider(SP)i.e. it causesthe SP torevert to itsfactory2state. | 1 | PIN,Target SP | Success/Failure | AES-GCM,CT TRDRBG,KBKDF, SHA | LockingSP.Admin1~4 | EWGZ:E K, MEK,CPK,,KDKCPK,KPK;WZ: \\[SK,PK\\];EWZ: \\[PIN,KEK;E \\[REK,SMK, KMK\\] | \\", "SetC\\_PIN | Set PIN | 1 | PIN,New PiN | Success/Faile | CTR\\_DRBG,AES-GCM,ECDH KeyAgreement, KBKDF,SHA, HMAC | All roles | EWGZ:\\[KPK, MEK,CPK,,KDKCPK,KDK\\_KPK; WZ: \\[SK,PK\\];EWZ: \\[PIN,KEK\\];E: \\[REK,SMK, KMK\\] | \\", "SetRange | Set Rangefor usingTCG | 1 | TargetRange | Success/Failure | AES-GCM,HMAC | LockingSP.Admin1~4LockingSP.User1~9 | EWZ: \\[KPK,KEK, MEK\\];E: \\[REK,SMK, KMK\\] | \\", "Authenticate3\\* | Load theKPK forauthorityand decrypt | 1 | AuthorityIndex,PIN | Success/Failure | CTR\\_DRBG,AES-GCM,ECDH KeyAgreement, | All roles | EWGZ:EKPK,, MEK,CPK,,KDK\\_CPK, | \\", "− | relatedencryptionkeys. | − | − | − | KBKDF,SHA, HMAC | KDK\\_KPK\\];WZ: \\[SK,PK\\];EWZ: \\[PIN,KEK\\];E: \\[REK,SMK, KMK\\] | \\", "TperReset | Reset thelock stateinformation | 1 | None | Success/Failure | AES-GCM,HMAC | SysID | EWZ: \\[KPK,KEK, MEK\\];E: \\[REK,SMK, KMK\\] | \\", "VerifyFW | VerifyFirmware | 1 | None | Success/Failure | ECDSA,SHA-384 | SysID | EWZ: \\[FWVerificationKey\\] | \\", "SHA Digest | Provide togeneratethe SHAdigest | Input Data | Hash | SHA-256 | N/A | None | \\", "DecryptFirmware | Decrypt FWprovided by H-Core | Firmwarelocation | Decryptedfirrmware | 0 | AES-XTS in S-Core | N/A(Unauthenticated) | \\", "Verify DecryptFirmware | Verify andDecrypt Firmware5provided by H-Core | Firmwarelocation | Decryptedfirmware ifverification issuccessful elseerror. | 0 | ECDSA, SHA-384, AES-XTS | N/A(Unauthenticated) | \\", "Get Dump Key | Modulegenerates AESXTS dump keyusing DRBGad thenexports it afterencryptingwith RSA | N/A | Dump key withRSA | 0 | CTR\\_DRBG,RSA encrypt | N/A(Unauthenticated) | \\", "Dumpncryption | Encrypts thedump dataprovided by H-Core usingdump key | Dump datalocation | Encrypteddump data | 0 | AES-XTS in S-Core | N/A(Unauthenticated | \\", "DRBG Seed | Derivedfromentropyinput per SP800-90ARev1 | 256 bits/256 bits | CSP | CTR\\_DRBG | N/A | CTR\\_DRBG | \\", "CPK | CredentialPrtectionKey | 256-bit /26-bits | CSP | Derivedusing SP0-108KBKDF | EncryptedImport andexport(AES GCM)to NAND | All authenticatedservices listed in Table12 | \\", "KDK\\_KPK | KeyDerivationKy for theKPK | 256-bits /256-bits | CSP | CTR\\_DRBG | EncryptedImport andexport(AES GCM)to NAND | All authenticatedservices listed in Table12 | \\", "KPK | KeyProtectionKey | 256-bits /256-bitss | CSP | KBKDF | N/A | All authenticatedservices listed in Table12 | \\", "PK | ECDSAPublic Key | P-384 /192 bits | PSP | FIPS 186-4EC keygeneration | EncryptedImport andexport(AES GCM)to NAND | Grant | \\", "GRK | Grant Key(AES GCMKey) | 256-bits /2256-bits | CSP | N/A | SP 800-56ARev3ECCDH keyagreement | Grant | \\", "KEK | Key EncryptionKey (AES GC)Key | 256-bits /256-bits | CSP | CTR\\_DRBG | EncryptedImport andexport(AES GCM)to NAND | CreateNamespace,DeleteNamespace,FormatNVM,PermanentWriteProtection,Sanitze,CryptoErase,Assign,Deassign,Genkey, | \\", "MEK | MediaEncryptionKey(AES GCMKey) | 256-bits /256-bits | CSP | CTR\\_DRBG | EncryptedImport andxport(AES GCM)to NAND | DeleteNamespace,FormatNVM,Sanitize,CryptoErase,Activate,Reactivate,Assign,Deassign,Erase,Genkey,Revert,RevertWithPSID,RevertSP,SetRange,Authenticate,TperReset | \\", "REK | RootEncryptionKey(AES GCMKey) | 256-bits /256-bits | CSP | Derivedfffrom Rootkey usingKBKDF | N/A | All authenticatedservices listed in Table12 | \\", "SMK | ServicemetadataMac Key(HMAC key) | 256-bits /256-bits | CSP | Derivedfrom Rootkey usingKBKDF | N/A | Module Startup | \\", "KMK | Secret KeymetadataMac Key(HMAC key) | 256-bits /256-bits | CSP | Derivedfrom Rootkey usingKBKDF | N/A | All authenticatedservices listed in Table12 | \\", "DRBGnternalState | N/A | HW registers | Until Module reset | Module reset | DRBG seed, entropy input,MEK, KEK, SK, KDK\\_CPK,DK\\_KPK | \\", "DRBGeed | N/A | HW registers | DRBG internal state,entropy input, MEK, KEK,SK, KDK\\_CPK, KDK\\_KPK | \\", "EntropyInput | N/A | HW registers | Until Module reset | Module reset | DRBG seed, DRBG internalstate | \\", "ECDSA | Firmware | P-384 withSHA2-384 | SignatureVeification | Firmwarentegrity | Module isoperational | Verifies MainW andBootloader | \\", "ECDSA | Firmware | P-384 withSHA2-384 | KAT | CAST | Module isoperationa | Before firmwareintegritycheck | ModuleStartup | \\", "AES-GCM6 | AES-256 | KAT | CAST | Encrypt/Decrypt | \\", "SHA2-256 | N/A | KAT | CAST | Hashing | \\", "SHA2-384 | N/A | KAT | CAST | Hashing | \\", "HMAC | SHA2-256 | KAT | CAS | Messageauthentication | \\", "CTR\\_DRBG | Hardware | AES-256 | KAT | CASS | Randomnumbergeneration7 | \\", "KBKDF | Firmware | HMACSHA2-256 | KAT | CAST | KeyDerivation | \\", "ECDH SSC | P-384 | KAT | CAS | Sharedsecretcomputation | \\", "One step KDF(KDA) | SHA-256 | KAT | CAS | KeyDerivation | \\", "ECDSA | Firmware | SHA2-256 | PCT | CAST | Keygenerationsuccessful | Per SP 800-56ARev3section5.6.2.1.4 b | KeyGeneration | \\" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4964", "Certificate Number": "4964", "Vendor Name": "Byos Inc.", "Module Name": "Byos OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "02/12/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4964.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4964", "module_name": "Byos OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed. The logical cryptographic boundary of the Module is the FIPS Provider, a dynamically loadable library. The Module performs no communication other than with the calling application via APIs that invoke the Module." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4963", "Certificate Number": "4963", "Vendor Name": "Ultra Intelligence and Communications", "Module Name": "Edge Security Cryptographic Module", "Module Type": "Hardware", "Validation Date": "02/10/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4963.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4963", "module_name": "Edge Security Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/9/2030", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Ultra I&C’s Edge Security Module provides built-in OSI layer 3 IPsec and Layer 2 VLAN encryption capabilities. As a hardware-based embedded cryptographic module, it serves a secured platform for customizable security applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3316 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A3318 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A3316 | KeyLength-128,192,256 | SP800-38C", "AES-CCM | A3318 | KeyLength-128,192,256 | SP800-38C", "AES-ECB | A3316 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | A3316 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "AES-GCM | A3318 | Direction-Decrypt,EncryptIV Generation-InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "Counter DRBG | A3316 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No | SP800-90ARev.1", "ECDSASigGen(FIPS186-4) | A3316 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3316 | Component - NoCurve - P-256, P-384, P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "HMAC-SHA-1 | A3316 | Key Length - Key Length:128 | FIPS 198-1", "HMAC-SHA2-256 | A3316 | Key Length - Key Length:128 | FIPS 198-1", "HMAC-SHA2-256 | A3318 | Key Length - Key Length:128 | FIPS 198-1", "HMAC-SHA2-384 | A3316 | Key Length - Key Length:192 | FIPS 198-1", "HMAC-SHA2-384 | A3318 | Key Length - Key Length:192 | FIPS 198-1", "HMAC-SHA2-512 | A3316 | Key Length - Key Length:256 | FIPS 198-1", "HMAC-SHA2-512 | A3318 | Key Length - Key Length:256 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A3316 | Domain Parameter Generation Methods-P-256Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A3316 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,MODP-2048Scheme dhEphem-KAS Role initiator, responder | SP 800-56ARev.3", "KDF IKEv2(CVL) | A3316 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:224-8192Increment8Derived Keying Material Length-Derived Keying Material Length:1024-16384 Increment8Derived Keying Material Length:384-16384Increment8Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF SNMP(CVL) | A3316 | Password Length-Password Length:64,8192 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A3316 | Key Generation Mode-B.3.3Modulo-2048,3072Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3316 | Signature Type-PKCS1.5Modulo-2048,3072 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3316 | Signature Type-PKCS1.5Modulo-1024,2048,3072 | FIPS 186-4", "SHA-1 | A3316 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A3316 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A3318 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A3316 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-384 | A3318 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A3316 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-512 | A3318 | Message Length - Message Length:0-65536Increment8 | FIPS 180-4", "TLSv1.2KDFRFC7627(CVL) | A3316 | Hash Algorithm-SHA2-256,SHA2-384 | SP800-135Rev.1", "TLSv1.3KDF(CVL) | A3316 | HMAC Algorithm-SHA2-256,SHA2-384KDFRunning Modes-DHE,PSK,PSK-DHE | SP800-135Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4962", "Certificate Number": "4962", "Vendor Name": "Thales", "Module Name": "Thales Luna G7 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "02/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4962.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4962", "module_name": "Thales Luna G7 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/6/2027", "overall_level": 3, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.2 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Thales Luna G7 Cryptographic Module is a standalone hardware security module in the form of a USB device. The cryptographic module is contained in its own secure enclosure, which provides physical resistance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4961", "Certificate Number": "4961", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks PTX10008 and PTX10016 Packet Transport Routers", "Module Type": "Hardware", "Validation Date": "02/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4961.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4961", "module_name": "Juniper Networks PTX10008 and PTX10016 Packet Transport Routers", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/6/2027", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The cryptographic module provides for an encrypted connection, using SSH, between the management station and the module. The cryptographic module also provides for an encrypted connection, using MACsec, between devices.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ], "algorithms_detailed": [ "AES-CBC | A4301 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC | A4304 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A4304 | Direction-Generation,VerificationKeyLength-128,256 | SP800-38B", "AES-CTR | A4301 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4301 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A4304 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-GCM | AES4369 | Direction-Decrypt,EncryptIV Generation-ExternalKeyLength-128,256 | SP800-38D", "AES-KW | A4304 | Direction-Decrypt,EncryptKeyLength-128 | SP800-38F", "AES-XPN | AES4369 | Direction-Decrypt,EncryptKeyLength-128,256IV Generation-External | SP800-38D", "ECDSA KeyGen(FIPS186-4) | A4301 | Curve-P-256,P-384,P-521Secret Generation Mode-TestingCandidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4301 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4301 | Component - NoCurve - P-256, P-384, P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4301 | Component - NoCurve - P-256,P-384,P-521Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC DRBG | A4301 | Prediction Resistance - YesMode-SHA2-256 | SP 800-90ARev.1", "HMAC DRBG | A4303 | Prediction Resistance - YesMode-SHA2-256 | SP 800-90ARev.1", "HMAC-SHA-1 | A4301 | Key Length - Key Length:160 | FIPS 198-1", "HMAC-SHA2-256 | A4301 | Key Length - Key Length:256 | FIPS 198-1", "HMAC-SHA2-256 | A4303 | Key Length - Key Length:256 | FIPS 198-1", "HMAC-SHA2-512 | A4301 | Key Length - Key Length:512 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4301 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role - initiator, responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4301 | Domain Parameter Generation Methods-FC,MODP-2048Scheme-dhEphem-KAS Role - initiator | SP 800-56ARev.3", "KDF SP800-108 | A4304 | KDF Mode-CounterSupported Lengths-Supported Lengths:128,256 | SP 800-108Rev.1", "KDF SSH(CVL) | A4301 | Cipher-AES-128,AES-192,AES-256,TDESHash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4301 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4301 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4301 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A4301 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A4301 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A4303 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4301 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4303 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4306 | Message Length - Message Length: 0-65536 Increment8 | FIPS 180-4", "SHA2-256(Junos22.4R2-LibMDImplementation) | nosecurityclaimed | Used to store operator passwords in hashed form,per IG2.4.A:Use of a non-approved cryptographicalgorithm to“obfuscate”a CSP", "SHA-1(Junos22.4R2-Kernel Implementation) | nosecurityclaimed | Used for an extraneous check in the Kernel,perIG2.4.A:Use of an approved,non-approvedorproprietary algorithm for a purpose that is not security relevant", "RSA with key size less than 2048 | SSH", "ECDSA with ed25519 curve | SSH", "EC Diffie-Hellman with ed25519 curve | SSH", "ARCFOUR | SSH", "Blowfish | SSH", "CAST | SSH", "DSA(SignGen,SigVer,non-compliant) | SSH", "HMAC-MD5 | SSH", "HMAC-RIPEMD160 | SSH", "UMAC | SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4960", "Certificate Number": "4960", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks PTX1000 Packet Transport Router", "Module Type": "Hardware", "Validation Date": "02/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4960.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4960", "module_name": "Juniper Networks PTX1000 Packet Transport Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/6/2027", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The cryptographic module provides for an encrypted connection, using SSH, between the management station and the module. The cryptographic module also provides for an encrypted connection, using MACsec, between devices.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4959", "Certificate Number": "4959", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks EX4300-48MP Ethernet Switch", "Module Type": "Hardware", "Validation Date": "02/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4959.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4959", "module_name": "Juniper Networks EX4300-48MP Ethernet Switch", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/6/2027", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The cryptographic module provides for an encrypted connection, using SSH, between the management station and the module. The cryptographic module also provides for an encrypted connection, using MACsec, between devices.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4957", "Certificate Number": "4957", "Vendor Name": "Tellabs Enterprise, Inc.", "Module Name": "Tellabs Optical LAN OLT Cryptographic Module", "Module Type": "Software", "Validation Date": "02/05/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4957.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4957", "module_name": "Tellabs Optical LAN OLT Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Tellabs Optical LAN OLT Cryptographic Module is a standards-based cryptographic engine for the Tellabs Optical LAN Optical Line Terminal. The module delivers core cryptographic functions for securing communication via secure sockets.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4956", "Certificate Number": "4956", "Vendor Name": "Apple, Inc.", "Module Name": "Apple corecrypto Module v12 [Intel, Kernel, Software]", "Module Type": "Software", "Validation Date": "01/30/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4956.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4956", "module_name": "Apple corecrypto Module v12 [Intel, Kernel, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/29/2027", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto Kernel module is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4955", "Certificate Number": "4955", "Vendor Name": "", "Module Name": "", "Module Type": "Firmware", "Validation Date": "01/28/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4955.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4955", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/27/2030", "overall_level": 2, "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4954", "Certificate Number": "4954", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "Nuvoton Cryptographic Library 2.3", "Module Type": "Hardware", "Validation Date": "01/28/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4954.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4954", "module_name": "Nuvoton Cryptographic Library 2.3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/27/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton Cryptographic Library implementation providing cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4953", "Certificate Number": "4953", "Vendor Name": "Google, LLC.", "Module Name": "BoringCrypto", "Module Type": "Software", "Validation Date": "01/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4953.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4953", "module_name": "BoringCrypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/26/2030", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4952", "Certificate Number": "4952", "Vendor Name": "Broadcom, Inc.", "Module Name": "PrismPlus Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4952.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4952", "module_name": "PrismPlus Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/26/2030", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "The PrismPlus Cryptographic Module is a hardware Module intended for use by US Federal agencies or other markets that require a FIPS 140-3 validated network encryption device. The Module implemented on a PCIe Adapter is intended to be used in Fibre Channel based Storage Area Networks. The Module allows a Connection to be established between one of the multiple Host Initiator Entities (eg 256 Virtual Machine Drivers running on multiple CPU cores) on a Storage Server Appliance and one of the multiple Remote Host Target Entities (eg 1000s of Storage LUNs) on multiple Storage Device Appliances via one of the multiple Physical Ports (eg 4x 64GFC ports). The Connection facilitates transfer of data between a Host Initiator Entity on a Storage Server Appliance and Host Target Entity on a Storage Server Appliance using the FC (Fibre Channel) Protocol. The Module allows multiple (1000s) of connections between Host Initiator Entities on a Storage Server Appliance and Host Target Entities on Storage Device Appliances. The module can be used to support Data-in-Flight Encryption/Decryption between Storage Appliances in a FC-SAN environment. Encryption decisions are made on a connection basis, whereby only a subset of the connections could be enabled for Encryption. If a connection is enabled for Encryption, only a subset of the Frame Types (eg Data Frames only, not Command/Status/Control/etc. Frames) could be enabled for Encryption.", "algorithms": [ "AES", "KAS", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4951", "Certificate Number": "4951", "Vendor Name": "Apple, Inc.", "Module Name": "Apple corecrypto Module v12 [Intel, User, Software]", "Module Type": "Software", "Validation Date": "01/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4951.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4951", "module_name": "Apple corecrypto Module v12 [Intel, User, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/26/2027", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto User module is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4950", "Certificate Number": "4950", "Vendor Name": "Radiant Logic", "Module Name": "Radiant Logic Cryptographic Module for Go", "Module Type": "Software", "Validation Date": "01/24/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4950.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4950", "module_name": "Radiant Logic Cryptographic Module for Go", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Radiant Logic Cryptographic Module for Go is a standards-based cryptographic engine for Go applications. The module delivers core cryptographic functions to server platforms and features robust algorithm support. Radiant Logic Cryptographic Module for Go offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4949", "Certificate Number": "4949", "Vendor Name": "CyberArk Software Ltd.", "Module Name": "CyberArk Cryptographic Module", "Module Type": "Software", "Validation Date": "01/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4949.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4949", "module_name": "CyberArk Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "CyberArk Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support, including Suite B algorithms. CyberArk Cryptographic Module offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4948", "Certificate Number": "4948", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v13.0 [Intel, User, Software, SL1]", "Module Type": "Software", "Validation Date": "01/23/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4948.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4948", "module_name": "Apple corecrypto Module v13.0 [Intel, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/22/2030", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto User Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4947", "Certificate Number": "4947", "Vendor Name": "HP Inc", "Module Name": "HP Inc OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/21/202506/11/202507/15/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4947.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4947", "module_name": "HP Inc OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4946", "Certificate Number": "4946", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip", "Module Type": "Hardware", "Validation Date": "01/19/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4946.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4946", "module_name": "KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/18/2030", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The KIOXIA FIPS TC58NC1030GTB Crypto Sub-Chip is used for solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4945", "Certificate Number": "4945", "Vendor Name": "F5, Inc.", "Module Name": "BIG-IP Tenant Cryptographic Module", "Module Type": "Firmware", "Validation Date": "01/17/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4945.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4945", "module_name": "BIG-IP Tenant Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/16/2030", "overall_level": 2, "caveat": "Interim validation. When operated in approved mode. When installed, initialized, and configured as specified in Section 11 of the Security Policy. The tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and panel fillers installed as indicated in the Security Policy section 7.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "BIG-IP Tenant Cryptographic Module, Application Delivery Controller and Firewall software running on running on F5 hardware and the underlying platform layer.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4944", "Certificate Number": "4944", "Vendor Name": "Allegro Software Development Corporation", "Module Name": "Allegro Cryptographic Engine", "Module Type": "Software", "Validation Date": "01/17/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4944.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4944", "module_name": "Allegro Cryptographic Engine", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/16/2030", "overall_level": 1, "caveat": "Interim validation. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Allegro’s suite of Embedded Device Security tool kits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace.", "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "ECDSA KeyVer(FIPS186-4) | A3332 | Curve-P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3332 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3332 | Signature Type-ANSI X9.31,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3332 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3332 | Signature Type-ANSI X9.31,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "Hash DRBG | A3332 | Mode-SHA2-256,SHA2-512 | SP 800-90A Rev.1", "KDA HKDF Sp800-56Cr1 | A3332 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-2048Increment 8HMAC Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A3332 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A3332 | Iteration Count-Iteration Count:1000-100000 Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A3332 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "TLS v1.3 KDF (CVL) | A3332 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-PSK-DHE | SP 800-135Rev.1", "SHA-1 | A3332 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-224 | A3332 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-256 | A3332 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-384 | A3332 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA2-512 | A3332 | Message Length - Message Length:0-65528 Increment 8 | FIPS 180-4", "SHA3-224 | A3332 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-256 | A3332 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-384 | A3332 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHA3-512 | A3332 | Message Length - Message Length:0-65536 Increment 8 | FIPS 202", "SHAKE-128 | A3332 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A3332 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "MD5 | Allowed in the approved mode with no security claimed | Used for TLS 1.2 interoperability" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4943", "Certificate Number": "4943", "Vendor Name": "Legion of the Bouncy Castle Inc.", "Module Name": "BC-FJA (Bouncy Castle FIPS Java API)", "Module Type": "Software", "Validation Date": "01/17/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4943.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4943", "module_name": "BC-FJA (Bouncy Castle FIPS Java API)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/16/2027", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4942", "Certificate Number": "4942", "Vendor Name": "Dell Australia Pty Limited, BSAFE Product Team", "Module Name": "Dell BSAFE™ Crypto Module", "Module Type": "Software", "Validation Date": "01/16/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4942.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4942", "module_name": "Dell BSAFE™ Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/15/2030", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Dell BSAFE™ Crypto Module 2.0 is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. The software supports a wide range of industry standard encryption algorithms offering developers the flexibility to choose the appropriate option to meet their requirements.", "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4941", "Certificate Number": "4941", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Genoa\")", "Module Type": "Firmware-hybrid", "Validation Date": "01/15/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4941.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4941", "module_name": "AMD ASP Cryptographic CoProcessor (\"Genoa\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/14/2030", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The AMD ASP Cryptographic CoProcessor provides cryptographic algorithm support for the EPYC 9000 Series processor.", "detail_available": true, "algorithms": [ "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4940", "Certificate Number": "4940", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "Aruba Crypto Module", "Module Type": "Firmware", "Validation Date": "01/09/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4940.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4940", "module_name": "Aruba Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/8/2027", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode with module Aruba OpenSSL Module validated to FIPS 140-3 under Cert. #4929 operating in Approved mode.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Aruba Crypto Module is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4939", "Certificate Number": "4939", "Vendor Name": "Barracuda Networks Inc", "Module Name": "Barracuda OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "01/09/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4939.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4939", "module_name": "Barracuda OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed. The logical cryptographic boundary of the Module is the FIPS Provider, a dynamically loadable library. The Module performs no communication other than with the calling application via APIs that invoke the Module." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4938", "Certificate Number": "4938", "Vendor Name": "Ampex Data Systems Corporation", "Module Name": "TuffServ® Encryption Module (TSEM)", "Module Type": "Hardware", "Validation Date": "01/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4938.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4938", "module_name": "TuffServ® Encryption Module (TSEM)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/6/2027", "overall_level": 2, "caveat": "Interim validation. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ampex TSEM hardware module provides two inline (“bump in the wire”) SATA encryptors running at 6Gbps. The paired encryptors support line rate performance with a very modest latency penalty. Using an intelligent secure microcontroller, the TSEM imposes few requirements or dependencies on the host platform, facilitating rolling software patches and without compromising the system design. The module is designed to operate over the industrial temperature range (components rated -40 to +85) and requires a dedicated carrier board to support cooling and physical security.", "detail_available": true, "algorithms": [ "DRBG", "ECDSA", "HMAC", "KDF", "SHA" ], "algorithms_detailed": [ "ECDSA SigVer(FIPS186-4) | A2921 | Curve-P-384Hash Algorithm-SHA2-384 | FIPS 186-4", "Hash DRBG | A2921 | Prediction Resistance - No Mode-SHA2-256 | SP 800-90A Rev.1", "HMAC-SHA2-384 | A2921 | Key Length - Key Length: 256 | FIPS 198-1", "KDF SP800-108 | A2921 | KDF Mode-CounterSupported Lengths-Supported Lengths:256 | SP 800-108 Rev.1", "SHA2-256 | A2921 | Message Length - Message Length: 256-2048 Increment 128 | FIPS 180-4", "SHA2-384 | A2921 | Message Length - Message Length: 256-2048 Increment 128 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4937", "Certificate Number": "4937", "Vendor Name": "Pure Storage, Inc.", "Module Name": "Purity Encryption Module", "Module Type": "Software", "Validation Date": "01/06/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4937.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4937", "module_name": "Purity Encryption Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/5/2030", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys); No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Purity Encryption Module is a standalone cryptographic module for the Purity Operating Environment for FlashArray (Purity//FA). Purity//FA powers Pure Storage's FlashArray family of products which provide economical all-flash storage. Purity Encryption Module enables FlashArray to support always-on, inline encryption of data with an internal key management scheme that requires no user intervention.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4936", "Certificate Number": "4936", "Vendor Name": "Silvus Technologies, Inc.", "Module Name": "SC4000 Series Mesh Radio", "Module Type": "Hardware", "Validation Date": "01/06/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4936.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4936", "module_name": "SC4000 Series Mesh Radio", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/5/2027", "overall_level": 2, "caveat": "Interim validation. When operated in approved mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "StreamCaster SC4200, SC4400, SL4200 and SM4200 series MIMO MANET radios provide wireless video, audio, and data connectivity. It is self-forming, self-healing, and automatically adapts to dynamic channels without the need for infrastructure. The StreamCaster radio has a powerful built-in web-based network management tool to facilitate monitoring and controlling of a large multi-hop network consisting of many StreamCaster radios.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4935", "Certificate Number": "4935", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama Virtual Appliance 11.0", "Module Type": "Software", "Validation Date": "01/02/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4935.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4935", "module_name": "Panorama Virtual Appliance 11.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/1/2027", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama offers easy-to-implement, centralized management features that provide insight into network-wide traffic and simplify configurations.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4934", "Certificate Number": "4934", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series", "Module Type": "Hardware", "Validation Date": "12/27/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4934.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4934", "module_name": "Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/26/2026", "overall_level": 2, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung SAS TCG Enterprise SSC SEDs PM1653/PM1655 Series are a high-performance Self-Encrypting SSDs supporting SAS 24G Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS-3072 for FW authentication, and CTR_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4933", "Certificate Number": "4933", "Vendor Name": "Pitney Bowes, Inc.", "Module Name": "X5 Postal Security Device (PSD)", "Module Type": "Hardware", "Validation Date": "12/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4933.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4933", "module_name": "X5 Postal Security Device (PSD)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/23/2026", "overall_level": 3, "caveat": "Interim Validation; When operated in approved mode; No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The X5 Postal Security Device (PSD) is a single-chip cryptographic module designed by Pitney Bowes, Inc. (PB) to conform with FIPS 140-3 Security Level 3 requirements. The device includes the Maxim Integrated MAX32590 DeepCover Secure Microcontroller hardware component. The PSD Application and DAL are compiled into a single firmware. The X5 Postal Security Device (PSD) provides cryptographic services to a host device (i.e., Digital Postage Meter), to support postage evidence in the form of an indicium. A PSD provides protection that includes ensuring the secrecy of sensitive security parameters (SSPs) such as cryptographic keys and providing data integrity protection for funds relevant data items (FRDIs) such as accounting data. SSPs and FRDIs reside inside the strong physical protections of the X5 Postal Security Device (PSD).", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ], "algorithms_detailed": [ "AES-CBC | Cert. #A2435 | Direction: Encrypt, DecryptKey Length: $ 256^{2} $ | FIPS 197,NIST SP 800-38A", "AES-ECB | Cert. #A2435 | Direction: Encrypt, DecryptKey Length: 2563 | FIPS 197,NIST SP 800-38A", "AES KW | Cert. #A2435 | Direction: Wrap, UnwrapKey Length: 2564 | NIST SP 800-38F", "ECDSA Key Generation | Cert. #A2437 | Curves:P-224,P-256SHA Size:224,256 | FIPS 186-4", "ECDSA Signature Generation | Cert. #A2437 | Curves:P-224,P-256SHA Size:224,256 | FIPS 186-4", "ECDSA Signature Verification | Cert. #A2437 | Curves:P-224,P-256SHA Size:224,256 | FIPS 186-4", "Hash DRBG | Cert. #A2436 | Function:Hash\\_DRBG | NIST SP 800-90A Rev.1", "HMAC-SHA2-256 | Cert. #A2438 | Function:Generate Message Authentication CodesSHA Size:256 | FIPS 198-1", "KAS-ECC-SSCNIST SP 800-56Ar3 | Cert. #A2439 | Scheme:Ephemeral Unified ModelC(2e,0s,ECC CDH)Curve:P-256 | NIST SP 800-56A Rev.3", "KDA OneStepNIST SP 800-56Cr1 | Cert. #A2439 | Function:One-Step KDF(Session Key)SHA Size:256 | NIST SP 800-56C Rev.2", "KTS | Cert. #A2435 | Function:Wrap,UnwrapKey Length:256 | NIST SP 800-38F", "KTS | Cert. #A2435Cert. #A2438 | AES Function:Encrypt,DecryptHMAC Function:Generate HMACKey Length:256SHA Size:256 | NIST SP 800-38F;FIPS197;FIPS 198-1", "RSA SignatureVerification | Cert. #A24405 | Function:Signature Verification(PKCS PSS)Key Length:2048SHA Size:256 | FIPS 186-4", "SHA2-224 | Cert. #A2441 | SHA Size:224 | FIPS 180-4", "SHA2-256 | Cert. #A2441 | SHA Size: 256 | FIPS 180-4", "CKG-Asymmetric | Key Type: Asymmetric | N/A | NIST SP 800-133r2 Section4 and Section5.1-The unmodified output of the DRBG is used for generation of asymmetric keys.", "CKG-Symmetric | Key Type: Symmetric | N/A | NIST SP 800-133r2 Section4 and Section6.1-The unmodified output of the DRBG is used for generation of symmetric keys.", "CKG-Establishment | Key Type: Asymmetric | N/A | NIST SP 800-133r2 Section4 and Section5.2-The unmodified output of the DRBG is used for key pair generation for key establishment.", "KAS(non-compliant) | FFC KAS used to establish a Triple DES session key.", "DSA(non-compliant) | Used to generate key pairs and generate/verify digital signatures.", "ECDSA(non-compliant) | Used to generate key pairs and generate/verify digital signatures.", "HMAC(non-compliant) | Secondary security mechanism on Canada Indicia.", "RSA(non-compliant) | Used to generate keys and digital signatures.", "SHS(non-compliant) | Hashing for digital signatures and key derivation.", "Triple-DES(non-compliant) | Data encryption and decryption.", "Triple-DES MAC(non-compliant) | Used to generate Message Authentication Codes(MACs).", "DRBG Generate Function | DRBG | NIST SP 800-90A CTR\\_DRBG generate function for delivering random bits on demand | Returned Bits:1024 | Hash DRBG/A2436", "ECDSA Key Generation | AsymKeyPair-KeyGen CKG | FIPS 186-4 ECDSA P-224/P-256 Key Generation | Curve:P-224 Curve:P-256 | ECDSA KeyGen(FIPS186-4) Curves:P-224,P256 Secret Generation Mode:Testing Candidates CKG-Asymmetric Key Type:Asymmetric", "ECDSA Signature Generation | DigSig-SigGen | FIPS 186-4 ECDSA P-224/P-256 digital signature generation of postal relevant data | Curve:P-224 Curve:P-256 | ECDSA SigGen(FIPS186-4) Curves:P-224,P256 SHA2-224,SHA2-256", "ECDSA Signature Verification | DigSig-SigVer | FIPS 186-4 ECDSA P-224/P-256 digital signature verification | Curve:P-224 Curve:P-256 | ECDSA SigVer(FIPS186-4) Curves:P-224,P256 SHA2-224,SHA2-256", "Hash Function | SHA | SHA2-224 and SHA2-256 data integrity for ECDSA digital signatures | SHA2-224,SHA2-256 | SHA2-224 and SHA2-256 Message Length Min:8 bits Message Length Max:51200 bits", "KAS | KAS | NIST SP 800-56Ar3 KAS-SSC Per IG D.F Scenario 2 path(2) | ECC P-256 providing strength of 128 bits | KAS-ECC-SSC SP800-56Ar3/A2439 KDA OneStep SP800-56Cr1/A2439", "KTS\\_1 | KTS | NIST SP 800-38F key wrapping and unwrapping per IG D.G | 256-bit key providing strength of 256 bits | AES-KW/A2435", "KTS\\_2 | KTS | NIST SP 800-38F key wrapping and unwrapping per IG D.G | 256-bit key providing strength of 256 bits | AES-CBC/A2435 HMAC-SHA2-256/A2438", "Message Authentication | MAC | HMAC-SHA-256 used for authentication for secure sessions | Key:256-bit | HMAC-SHA2-256 Key Length Min:128-bit Key Length Max:512-bit", "RSA Signature Verification (Auth) | DigSig-SigVer | FIPS 186-4 RSA 2048 digital signature verification | Key:2048-bit | RSA SigVer(FIPS186-4) Signature Type:PKCS PSS Modulo:2048 SHA2-256", "Seed DRBG | DRBG | Instantiate the DRBG | Length:1024bits | Hash DRBG/A2436", "SSP Authentication | MAC | Message authentication code applied to stored SSPs | Key:256-bit | HMAC-SHA2-256", "SSP Decryption | BC-UnAuth | SSP Decryption in NVRAM | Key:256-bit | AES-CBC", "SSP Encryption | BC-UnAuth | SSP encryption in NVRAM | Key:256-bit | AES-CBC" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4931", "Certificate Number": "4931", "Vendor Name": "Fortinet Technologies Inc.", "Module Name": "FortiClient Crypto Library", "Module Type": "Software", "Validation Date": "12/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4931.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4931", "module_name": "FortiClient Crypto Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/19/2026", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module provides cryptographic support for FortiClient, Fortinet’s endpoint security application. The module provides FIPS 140-3 validated cryptographic support for services such as IPSEC and SSL VPN.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4930", "Certificate Number": "4930", "Vendor Name": "Seagate Technology, LLC", "Module Name": "Seagate Secure® Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "12/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4930.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4930", "module_name": "Seagate Secure® Self-Encrypting Drive", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/19/2029", "overall_level": 2, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "The Seagate Secure® Self-Encrypting Drive is embodied in Seagate Enterprise Exos™ Enterprise SED model devices. These products meet the performance requirements of the most demanding Enterprise applications. The Cryptographic Module (CM) provides a wide range of cryptographic services including: • HW based data encryption (AES-XTS) • Instantaneous user data disposal with cryptographic erase • Independently controlled and protected user data LBA bands • Authenticated FW download. The services are provided through industry-standard TCG Enterprise SSC SATA and SCSI protocols." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4929", "Certificate Number": "4929", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "Aruba OpenSSL Module", "Module Type": "Firmware", "Validation Date": "12/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4929.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4929", "module_name": "Aruba OpenSSL Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/19/2026", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Aruba OpenSSL Module is an Hewlett Packard Enterprise cryptographic module that provides cryptographic services for the ArubaOS operating system running on the Hewlett Packard Enterprise hardware-based equipment or Hewlett Packard Enterprise virtual appliances.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4928", "Certificate Number": "4928", "Vendor Name": "HPE Aruba Networking", "Module Name": "HPE OpenSSL Cryptographic Module on Ubuntu Linux", "Module Type": "Software", "Validation Date": "12/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4928.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4928", "module_name": "HPE OpenSSL Cryptographic Module on Ubuntu Linux", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4927", "Certificate Number": "4927", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama 11.0 M-200, M-300, M-600 and M-700", "Module Type": "Hardware", "Validation Date": "12/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4927.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4927", "module_name": "Panorama 11.0 M-200, M-300, M-600 and M-700", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/18/2026", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and physical kit installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama M-Series management appliances provide centralized management and visibility of Palo Alto Networks next generation firewalls. From a central location, you can gain insight into applications, users, and content traversing the firewalls. The knowledge of what is on the network, in conjunction with safe application enablement policies, maximizes protection and control while minimizing administrative effort. Your security team can centrally perform analysis, reporting, and forensics with the aggregated data over time, or on data stored on the local firewall.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4926", "Certificate Number": "4926", "Vendor Name": "Tanium, Inc.", "Module Name": "Tanium FIPS OpenSSL 3.0 Module", "Module Type": "Software", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4926.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4926", "module_name": "Tanium FIPS OpenSSL 3.0 Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Tanium FIPS OpenSSL 3.0 Module is a general purpose cryptographic module incorporated into the Tanium Endpoint Platform to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ | ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐ | dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ | KAS1 ‐ | KAS Role ‐ initiator, responder | KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202 | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | FIPS 140‐3 Security Policy | Tanium FIPS OpenSSL 3.0 Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4925", "Certificate Number": "4925", "Vendor Name": "Sophos Ltd.", "Module Name": "Sophos Cryptographic Module", "Module Type": "Software", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4925.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4925", "module_name": "Sophos Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS1 | A4481 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS2 | A4481 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CBC-CS3 | A4481 | Direction - decrypt, encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4481 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB1 | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4481 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "AES-KW | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction - Decrypt, Encrypt | Key Length - 128, 256 | SP 800-38E", "KAS-ECC CDH-Component | SP800-56Ar3 (CVL) | A4481 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | SP 800-56A | Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, | P-256, P-384, P-521 | Scheme -ephemeralUnified - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods - FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 | Scheme -dhEphem - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KAS-IFC-SSC | A4481 | Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme -KAS1 - | KAS Role - initiator, responder | Scheme -KAS2 - | KAS Role - initiator, responder | SP 800-56A | Rev. 3", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256,", "SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C | Rev. 2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | SP 800-56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-", "224, SHA3-256, SHA3-384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8 | SP 800-135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | SP 800-135 | Rev. 1", "KDF SP800-108 | A4481", "KDF Mode - Counter, Feedback | Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800-108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher - AES-128, AES-192, AES-256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "PBKDF | A4481 | Iteration Count - Iteration Count: 1-10000 Increment 1 | Password Length - Password Length: 8-128 Increment 8 | SP 800-132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm - SHA2-256, SHA2-384", "KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 | Rev. 1", "DSA KeyGen (FIPS186-4) | A4481 | L - 2048, 3072 | N - 224, 256 | FIPS 186-4", "DSA PQGGen (FIPS186-4) | A4481 | L - 2048, 3072 | N - 224, 256", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA PQGVer (FIPS186-4) | A4481 | L - 1024, 2048, 3072 | N - 160, 224, 256", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen (FIPS186-4) | A4481 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Secret Generation Mode - Testing Candidates | FIPS 186-4", "ECDSA KeyVer (FIPS186-4) | A4481 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, | P-521 | FIPS 186-4", "EDDSA KeyGen | A4481 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA KeyVer | A4481 | Curve - ED-25519, ED-448 | FIPS 186-5 | Safe Primes Key Generation | A4481 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 | SP 800-56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, | modp-4096, modp-6144, modp-8192 | SP 800-56A | Rev. 3", "RSA KeyGen (FIPS186-4) | A4481 | Key Generation Mode - B.3.3 | Modulo - 2048, 3072, 4096 | Primality Tests - Table C.2 | Private Key Format - Standard | FIPS 186-4", "KTS-IFC | A4481 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme -KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024 | SP 800-56B | Rev. 2", "AES-CMAC | A4481 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-GMAC | A4481 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "HMAC-SHA-1 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1 | KMAC-128 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185", "SHA-1 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length: 0-65528 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length: 0-65536 Increment 8 | Large Message Sizes - 1, 2, 4, 8 | FIPS 202", "SHAKE-128 | A4481 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4481 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance - Yes", "Mode - AES-128, AES-192, AES-256 | Derivation Function Enabled - No, Yes | SP 800-90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance - Yes", "Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | SP 800-90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance - Yes", "ECDSA SigGen (FIPS186-4) | A4481 | Component - No, Yes | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521", "ECDSA SigVer (FIPS186-4) | A4481 | Component - No | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, | P-521", "DSA SigGen (FIPS186-4) | A4481 | L - 2048, 3072 | N - 224, 256", "DSA SigVer (FIPS186-4) | A4481 | L - 1024, 2048, 3072 | N - 160, 224, 256", "EDDSA SigGen | A4481 | Curve - ED-25519, ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve - ED-25519, ED-448 | FIPS 186-5", "RSA SigGen (FIPS186-4) | A4481 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen (FIPS186-5) | A4481 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format - crt | FIPS 186-4", "RSA SigVer (FIPS186-4) | A4481 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-5) | A4481 | Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss | FIPS 186-5 | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800-133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800-133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800-133 Rev. 2", "Hash DRBG with SHA3-256, SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800-90A Rev. 1", "HMAC DRBG with SHA3-256, SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800-90A Rev. 1 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non-Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4924", "Certificate Number": "4924", "Vendor Name": "Snowflake Inc.", "Module Name": "Snowflake FIPS Provider", "Module Type": "Software", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4924.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4924", "module_name": "Snowflake FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Snowflake FIPS Provider is a general-purpose cryptographic library incorporated into Snowflake platforms to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ | ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐ | dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ | KAS1 ‐ | KAS Role ‐ initiator, responder | KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4 | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202 | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4 | FIPS 140‐3 Security Policy | Snowflake FIPS Provider | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4923", "Certificate Number": "4923", "Vendor Name": "HID", "Module Name": "HID/Mercury FIPS Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4923.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4923", "module_name": "HID/Mercury FIPS Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The HID/Mercury FIPS Provider for OpenSSL 3 is a secure cryptographic module that enhances the cryptographic capabilities of HID and Mercury intelligent controllers, complying with the FIPS 140-3 standard. It integrates seamlessly with OpenSSL 3 to offer advanced encryption, decryption, hashing, and key management functions, ensuring high performance and robust security. Designed to meet stringent industry requirements, this provider ensures that all cryptographic operations are executed securely and efficiently, making it ideal for applications demanding the highest level of security assurance.", "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC-CS3 | A4481 | Direction - decrypt, encryptKey Length - 128, 192, 256Payload Length - Payload Length: 136-512 Increment 8 | SP 800-38A", "AES-CCM | A4481 | Key Length - 128, 192, 256Tag Length - 112, 128, 32, 48, 64, 80, 96IV Length - IV Length: 56-104 Increment 8Payload Length - Payload Length: 0-256 Increment 8AAD Length - AAD Length: 0-524288 Increment 8 | SP 800-38C", "AES-CFB1 | A4481 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB128 | A4481 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A4481 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CTR | A4481 | Direction - Decrypt, EncryptKey Length - 128, 192, 256Payload Length - Payload Length: 8-128 Increment 8Supports Counter larger than maximum value - NoIncremental Counter - YesCounter Tests Performed - Yes | SP 800-38A", "AES-ECB | A4481 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4481 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1Key Length - 128, 192, 256Tag Length - 104, 112, 120, 128, 32, 64, 96IV Length - IV Length: 96-1024 Increment 8Payload Length - Payload Length: 8-65536 Increment 8AAD Length - AAD Length: 0-65536 Increment 8 | SP 800-38D", "AES-KW | A4481 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 128-524288 Increment 128 | SP 800-38F", "AES-KWP | A4481 | Direction - Decrypt, EncryptCipher - Cipher, InverseKey Length - 128, 192, 256Payload Length - Payload Length: 8-524288 Increment 8 | SP 800-38F", "AES-OFB | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction-Decrypt,EncryptKey Length-128,256Payload Length-Payload Length:128-65536Increment128Tweak Mode-HexData UnitLengthMatches Payload-Yes | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4481 | Curve-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme dhEphem-KAS Role - initiator, responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role - initiator, responderKAS2-KAS Role - initiator, responderFixed Public Exponent-010001 | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A4481 | Fixed Info Pattern - algorithmId", "KDA OneStep SP800-56Cr2 | A4481 | Auxiliary Function Methods -Auxiliary Function Name - SHA2-512MAC Salting Methods - default, randomFixed Info Pattern - algorithmId", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomFixed Info Pattern - algorithmId", "KDF ANS 9.42 (CVL) | A4481 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512Other Info Length - Other Info Length: 0-4096 Increment 8zz Length - zz Length: 8-4096 Increment 8Key Data Length - Key Data Length: 8-4096 Increment 8Supplemental Information Length - Supplemental Information Length: 0-120 Increment 8OID - AES-128-KW, AES-192-KW, AES-256-KW | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A4481 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512Field Size - 224, 571Shared Info Length - Shared Info Length: 0, 1024Key Data Length - Key Data Length: 128, 4096 | SP 800-135 Rev. 1", "KDF SP800-108 | A4481 | KDF Mode-Counter, FeedbackMAC Mode-CMAC-AES128,CMAC-AES192,CMAC-AES256,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512Supported Lengths-Supported Lengths:8,72,128,776,3456,4096Fixed Data Order-Before Fixed DataCounter Length-32Supports Empty IV-No,YesCustom Key In Length-0Requires Empty IV-Yes | SP 800-108Rev.1", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000Increment1HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length-Password Length:8-128Increment8Salt Length-Salt Length:128-4096Increment8Key Data Length-Key Data Length:112-4096Increment8 | SP 800-132", "TLS v1.2 KDFRFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512Key Block Length-Key Block Length:1024 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4481 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4481 | P/Q Generation Methods-ProbableG Generation Methods-Canonical,UnverifiableL-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B163,B233,B283,B409,B571,K163,K233,K283,K409,K571,P192,P224,P256,P384,P521 | FIPS 186-4", "EDDSA KeyGen | A4481 | Curve-ED25519,ED-448 | FIPS 186-5", "EDDSA KeyVer | A4481 | Curve-ED25519,ED-448 | FIPS 186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Info Generated By Server-YesPublic Exponent Mode-RandomPrivate Key Format-Standard | FIPS 186-4", "KTS-IFC | A4481 | Function - keyPairGen, partialValIUT ID-CAFEFACEModulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factorrsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorFixed Public Exponent-010001Scheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport MethodHash Algorithms-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Supports Null Associated Data-YesAssociated Data Encoding-concatenationKey Length-1024 | SP 800-56B Rev.2", "AES-CMAC | A4481 | Direction-Generation, VerificationKey Length-128,192,256 | SP 800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256Tag Length-104,112,120,128,32,64,96IV Length-IV Length:96AAD Length-AAD Length:0-65536 Increment 8 | SP 800-38D", "HMAC-SHA-1 | A4481 | MAC-MAC:32-160Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | MAC-MAC:32-224Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | MAC-MAC:32-256Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | MAC-MAC:32-384Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | MAC-MAC:32-512Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | MAC-MAC:32-224Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | MAC-MAC:32-256Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | MAC-MAC:32-224Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | MAC-MAC:32-256Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | MAC-MAC:32-384Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | MAC-MAC:32-512Increment 8Key Length-Key Length:112-2048Increment 8 | FIPS 198-1", "SHA-1 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4481 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4481 | Supports Bit-Oriented Messages-NoSupports Empty Message-YesSupports Bit-Oriented Output-NoOutput Length-Output Length:16-65536 Increment8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance - YesSupports Reseed - YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - No,YesAdditional Input - Additional Input:0-256 Increment 256,Additional Input:256,Additional Input:320,Additional Input:384Entropy Input - Entropy Input:128-256 Increment 128,Entropy Input:256,Entropy Input:256-512 Increment 128,Entropy Input:320,Entropy Input:384Nonce - Nonce:0,Nonce:128Personalization String Length-Personalization String Length:0-256 Increment 256,Personalization String Length:256,Personalization String Length:320,Personalization String Length:384Returned Bits-256 | SP 800-90ARev.1", "Hash DRBG | A4481 | Prediction Resistance - YesSupports Reseed - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Entropy Input - Entropy Input:128-256 Increment 64,Entropy Input:192-256 Increment 64,Entropy Input:256-320Increment 64Nonce - Nonce:128-160 Increment 32,Nonce:96-128 Increment 32Personalization String Length-Personalization String Length:0-256 Increment 128Additional Input - Additional Input:0-256 Increment 128Returned Bits-160,224,256,384,512 | SP 800-90ARev.1", "HMAC DRBG | A4481 | Prediction Resistance - YesSupports Reseed - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Entropy Input - Entropy Input:160-256 Increment 32,Entropy Input:192-256 Increment 64,Entropy Input:256-512Increment 64,Entropy Input:384-512 Increment 64,Entropy Input:512-1024 Increment 64Nonce - Nonce:128,Nonce:64,Nonce:96Personalization String Length-Personalization String Length:0-192 Increment 64,Personalization String Length:0-256Increment 128Additional Input - Additional Input:0-256 Increment 128,Additional Input:192Returned Bits-160,224,256,384,512 | SP 800-90ARev.1", "ECDSA SigGen(FIPS186-4) | A4481 | Component-No,YesCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer (FIPS186-4) | A4481 | Component - NoCurve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigGen (FIPS186-4) | A4481 | L - 2048, 3072N - 224, 256Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "DSA SigVer (FIPS186-4) | A4481 | L - 1024, 2048, 3072N - 160, 224, 256Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve - ED-25519, ED-448PreHash - Yes | FIPS 186-5", "EDDSA SigVer | A4481 | Curve - ED-25519, ED-448PreHash - NoPure - Yes | FIPS 186-5", "RSA SigGen (FIPS186-4) | A4481 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSSModulo - 2048, 3072, 4096Hash Pair -Hash Algorithm - SHA2-256 | FIPS 186-4", "RSA SigGen (FIPS186-5) | A4481 | Hash Pair -Hash Algorithm - SHA2-224Modulo - 2048, 3072, 4096Signature Type - pks1v1.5, pssMask Function - MGF1 | FIPS 186-5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format - crtPublic Exponent Mode - fixedFixed Public Exponent - 010001 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A4481 | Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSSModulo - 1024, 2048, 3072, 4096Hash Pair -Hash Algorithm - SHA-1Public Exponent Mode - Random | FIPS 186-4", "RSA SigVer (FIPS186-5) | A4481 | Hash Pair -Hash Algorithm - SHA-1Modulo - 2048, 3072, 4096Signature Type - pks1v1.5, pssMask Function - MGF1Public Exponent Mode - random | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4922", "Certificate Number": "4922", "Vendor Name": "Cohesity, Inc.", "Module Name": "Cohesity FIPS Object Module", "Module Type": "Software", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4922.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4922", "module_name": "Cohesity FIPS Object Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cohesity FIPS Object Module provides FIPS 140-3 validated cryptographic functionality for Cohesity products and services.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐KAS1 ‐ | KAS Role ‐ initiator, responder | Scheme ‐KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202 | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | FIPS 140‐3 Security Policy | Cohesity FIPS Object Module | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4921", "Certificate Number": "4921", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "Bootloader Module", "Module Type": "Firmware", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4921.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4921", "module_name": "Bootloader Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/17/2026", "overall_level": 1, "caveat": "Interim validation", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Aruba Bootloader Module is preloaded and shipped with Aruba devices: Mobility Controllers, Gateways, Appliances, or Access Points. The module checks the OS image integrity and authenticity. It then boots the ArubaOS operating system, for either hardware-based equipment or virtual appliances.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4920", "Certificate Number": "4920", "Vendor Name": "Ciena Corporation", "Module Name": "Waveserver 5 Control Processor Module", "Module Type": "Hardware", "Validation Date": "12/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4920.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4920", "module_name": "Waveserver 5 Control Processor Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/17/2026", "overall_level": 2, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. No operator authentication is enforced for executing security services that were unlocked by an authenticated service.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ciena WaveLogic 5e Encryption Modem with AES-256-GCM, wire-speed optical layer encryption with line rates up to 800G for up to 6.4T of encrypted line capacity.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4919", "Certificate Number": "4919", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v13.0 [Intel, Kernel, Software, SL1]", "Module Type": "Software", "Validation Date": "12/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4919.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4919", "module_name": "Apple corecrypto Module v13.0 [Intel, Kernel, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/16/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto Kernel Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4918", "Certificate Number": "4918", "Vendor Name": "iStorage Ltd.", "Module Name": "datAshur PRO", "Module Type": "Hardware", "Validation Date": "12/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4918.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4918", "module_name": "datAshur PRO", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/15/2029", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The datAshur PRO is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit AES encryption to secure sensitive information in the event that the drive is lost or stolen.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "SHA", "SHS" ], "algorithms_detailed": [ "AES | (NIST SP 800-38E2) | XTS | 256-bits | Encryption of user data within storage | application only | 3757", "AES | (FIPS 1973 | NIST SP 800-38A, | NIST SP 800-38B 4) | ECB | CTR | 128-bit, 256-bit", "Block cipher basis of CTR-DRBG for | encryption/decryption of the DEK | 3757 | CMAC", "AES | 128-bits | CO/User authentication | 1032", "DRBG | (NIST SP 800-90A, | NIST SP-800-1335)", "AES-CTR | 256-bits | Random bit generator for the generation | of encryption keys and salts | -- | ENT (P) | (NIST SP-800-90B) | - | 384-bits", "Entropy source used to seed the DRBG | 2459", "HMAC | (FIPS 198-16)", "SHA-1 | 160-bits | A777 | PBKDFv2 | (NIST SP 800-1327)", "HMAC-SHA-1 | 1 in 10,000,000 (~23 bits) | Derivation of the KEK. Conforms to FIPS | 140-3 Implementation Guidance (IG)", "2 SP 800-38E – Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices. | NIST. (January 2010). | 3 FIPS 197 – Advanced Encryption Standard (AES). NIST. (November 2001). | 4 SP 800-38A – Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST. (December 2001). | 5 SP 800-133r2 – Recommendation for Cryptographic Key Generation. NIST. (June 2020).", "6 FIPS 198-1 – The Keyed-Hash Message Authentication Code (HMAC). NIST. (July 2008). | 7 SP 800-132 – Recommendation for Password-Based Key Derivation: Part 1: Storage Applications. NIST. (December 2010). | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | D.N: the module supports option 2a as | documented in SP 800-132 § 5.4 | 3127", "SHS | (FIPS 180-48)", "SHA-1 | N/A", "Primitive within HMAC-SHA-1 | 2.5.2 Vendor-Affirmed Algorithms | The module supports the following vendor affirmed algorithms. | Standard | Modes/ Methods | Description / Key | Size(s) / Key | Strength(s) | Use/Function | CKG | NIST SP-800-1339 | Per Section 4 | The unmodified | output from SP", "800-90A DRBG | (256 bits)", "The unmodified output of the DRBG is used for | generating symmetric keys | 2.5.3 Non-Approved, Allowed Algorithms | For all approved services the module supports only approved algorithms. | Caveat | Use/Function | N/A | N/A | N/A | 2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed | The module does not support any non-approved algorithms. | Caveat | Use / Function | N/A | N/A | N/A | 2.5.5 Non-Approved, Not-Allowed Algorithms | The module does not support any non-approved, not allowed algorithms. | Use / Function | N/A | N/A", "8 FIPS 180-4 – Secure Hash Standard (SHS). NIST. (August 2015). | 9 SP 800-133r2 – Recommendation for Cryptographic Key Generation. NIST. (June 2020). | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 2.6 Security Function Implementation | The module does not support key establishment and therefore does not support any key agreement or | key transport schemes. | Name | Type | Description | SF Properties | N/A | N/A | N/A | N/A | N/A | N/A | 2.7 Algorithm Specific Information | The module utilizes only approved algorithms that are tested and validated under the Cryptographic | Module Validation Program (CAVP). | 2.8 RBG [Random Bit Generator] and Entropy", "The module incorporates a NIST SP 800-90A CTR-DRBG (Cert. #1032) that is seeded with 384 bits of | entropy from a NIST SP 800-90B conforming physical entropy source. The unmodified output of the", "DRBG is used for generating symmetric keys and salts. | 2.9 Key Generation", "The module generates cryptographic keys using a NIST SP 800-90A conforming DRBG (Cert. #1032) | for the encryption and protection of user data. | 2.10 Key Establishment | The module does not support key establishment. | 2.11 Industry Protocols | The module relies upon the standard USB protocol for communication with general purpose computer | (GPC) systems. | 3 | Cryptographic Module Interfaces | 3.1 Ports and Interfaces | The module incorporates both physical ports and logical interfaces. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | Physical Port | Logical Interface | Description | USB Port (Rx/Tx) | Data input | Data output | Control input | Status output | The USB Data port connects the module to the host computer. It is used to exchange | decrypted user data as well as control and status information for the USB protocol | When the drive is locked the USB interface is disabled | Alphanumeric | Keypad (0-9) | Data input | The keypad with ten (10) alphanumeric labeled buttons is connected to button inputs. | The keypad is used to enter User or CO Password | KEY Button | Control input | The KEY button is connected to a button input. It is used to awaken the module from | low-power sleep and to control UI flow including selection of the role | 3 x LEDs | (Red, Green, & | Blue) | Status output | Refer to Table 11, Table 12, Table 16, Table 17, Table 18, and Table 19 for details | USB Port (VCC) | Power Input | The USB VBUS (+5VDC) charges the battery and provide power to the module and | embedded storage components | 3.2 Trusted Channel Specification | The module implements a trusted channel for the input of plaintext SSPs in the form of passwords via | the module’s keypad. Each key is mapped to a dedicated, physically separated channel. The channel is | protected by the physical security mechanisms inherent within the module. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 4 | Roles, Services, and Authentication | 4.1 Authentication Methods | The module supports identity-based authentication in the form of a unique ID / Password combination. | The authentication method of both Crypto Officer and User is the password-based authentication | technique known as a Memorized Secret in conformance with NIST SP 800-140E and SP 800-63B | (refer to Section 5.1.1). The Crypto Officer and User roles authenticate via the module’s keypad | interface. The module does not support a feedback mechanism or output CO or User authentication | data outside of the cryptographic boundary. | The module enforces some constraints on the creation of a Password. The following Password forms | will be rejected by the module as invalid: | • | Identical repeating characters, e.g. 77777777 | • | Ascending or descending characters e.g. 12345678 or 98765432", "The Password from either the User or the CO is input to a PBKDF that produces the Key Encryption", "Key (KEK) associated to the role. The KEK is used to encrypt or decrypt the DEK with AES CTR (Cert.", "#3757) and authenticate the CO/User using AES CMAC (Cert. #3757). | Name | Description | Mechanism | Strength Each Attempt | Strength Per Minute | ID & Password | CO and User role | authentication | method | The password is at | least 8 chars in | length | ID & Password combi- | nation | The upper bound for the | probability of having the | password guessed at random | is: | 1 / (10^8) or 1 in 100,000,000 | The probability of the con- | secutive failed authentica- | tion attempts in one mi- | nute period is approxi- | mately 10-7 or 1 chance in | 10,000,000 | The authentication strength for the module is determined by the Password. The Password is composed | of a sequence of decimal digits 0-9, as marked on the keypad buttons, selected by the User or CO. | Most of the buttons also bear alphabetic letters (refer to Figure 1). The minimum Password length is | eight (8) characters10. The maximum Password length is 15 characters. The probability of a successful, | random guess of a minimum length Password is approximately 10-8 or 1 chance in 100,000,00011. | The module protects against brute-force attempts to guess a role’s Password by permitting no more | than ten (10) consecutive incorrect guesses before locking out that role. Incorrect Password attempts | are counted independently for each role. The probability of an attacker correctly guessing a Password | in any time period12, such as a one-minute interval, is 10-7 or 1 chance in 10,000,000. | 10 As per SP 800-63B, in Approved mode the module checks and enforces a minimum password length of eight (8) | 11 Sequential and repeating Passwords are not allowed. For example, the module will reject a Password of 1-2-3-4-5-6-7-8 or 7-6-5-4-3- | 2-1-0. Attempts to create such a Password will cause the module to indicate an error. There are 270 such combinations. | 12 In this product, a single successful attempt to guess a Password has a probability one in 100,000,000 (10-8). Ten guesses has a | probability of one in 10,000,000 (10*10-8 or 10-7) of success. The standard requires that the probability of a successful guess be less | than one in 100,000 (10-5) in a one-minute period. The authentication mechanism of this module is better than the standard requires, | over any time interval—including a one-minute period. A probability of one in 10,000,000 (10-7) is less likely than one in 100,000 (10- | 5). | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 4.2 Roles | The module implements level 3, identity-based authentication with two distinct identities, one User | identity and one Crypto-Officer identity. | While unauthenticated, the module supports a limited set of services such as checking the module | status and zeroizing the module using the Factory Reset service. | Role | Service | Input | Output | CO | Set CO Password | Keypad command + | New CO Password | - Solid Red LED → Solid Green LED (Success) | Set User Password | Keypad command + | New User Password | - Solid Red LED → Solid Green LED (Success) | Erase Private Partition Data | Keypad commands | (Control Input) + CO | Password | - Solid Red LED → Solid Red & Green LEDs → | Green flickering LED indicating that all data has | been deleted | CO / User | Unlock Private Partition | (Login) | CO / User | ID & Password | - Solid Red LED → Solid Green LED (Success) | - Solid Red LED | Lock Private Partition | (Logout) | Keypad command | (Control Input) / | Remove Power | - Solid Red LED → Fades to off | Read / Write Private | Partition Data | Disk Access | - Blue LED flashes continuously | - Read/Write partition data | Configure Idle Timeout Lock | Keypad command + | Timeout Value | - Solid Red LED → Solid Green LED (Success) | Enable / Disable | Read Only | Keypad command | (Control Input) | - Solid Red LED → Solid Green LED (Success) | Show Module Version | Keypad command | (Control Input) | - All LEDs illuminate (indicating datAshur PRO) | - Red and Green LEDs output firmware version | View Last Error | Keypad command | (Control Input) | Unauthenticated | Factory Reset (zeroize) | Keypad command | (Control Input) | - Solid Red & Green LEDs → Solid Red LED | Show Status | Keypad command | (Control Input) | Returns roles configured on the module: | - Red LED blinks continuously for 10 seconds | (shows only the CO role exists) | - Red & Blue LED blink continuously for 10 | seconds (shows both CO & User have been | defined) | Run Self-tests | Power | Refer to Table 16 and Table 17 | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 4.3 Approved Services | The table below summarizes the Approved Services of the module. The SSP Access column identifies the SSPs | accessed for each service with codes specifying the kind of access granted during the service operation. SSP access | rights are defined as follows: | − | G = Generate: The module generates or derives the SSP. | − | R = Read: The SSP is read from the module (e.g., the SSP is output). | − | W = Write: The SSP is updated, imported, or written to the module. | − | E = Execute: The module uses the SSP in performing a cryptographic operation. | − | Z = Zeroize: The module zeroizes the SSP. | Name | Description | Approved | Security | Functions | Keys and / or | SSPs | Role | Access Rights to | Keys and / or | SSPs | Indicator | Configure Idle Timeout | Lock | Sets the how long | the drive can be idle | before needing to | reauthenticate | N/A | N/A | CO / User | N/A | Solid Red LED → Solid | Green LED (Success) | Erase Private Partition | Data | Zeroizes the drive | partition", "AES | (Cert. #3757)", "DRBG | (Cert. #1032)", "HMAC | (Cert. #2459)", "SHS | (Cert. #3127) | DEK", "DRBG Internal | State | CO | DEK (G, E, Z)", "DRBG Internal | State (G, E, Z) | User KEK (Z) | Solid Red LED → Solid | Green LED (Success) | Enable / Disable Read | Only | Sets the data | partition to read only | N/A | N/A | CO / User | N/A | Solid Red LED → Solid | Green LED (Success) | Factory Reset | (Zeroize) | Resets the module | to its original factory | state | This service zeroizes | the module | N/A | DEK", "DRBG Internal | State | Unauthenticated | DEK (Z)", "DRBG Internal | State (Z) | CO Salt (Z) | User Salt (Z) | Solid Red & Green LEDs → | Solid Red which fades to off | Lock Private Partition | (Logout) | Logout service that | locks the drive’s | storage partition | None | DEK | CO / User | DEK (Z) | Solid Red LED → Fades to | off | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | Name | Description | Approved | Security | Functions | Keys and / or | SSPs | Role | Access Rights to | Keys and / or | SSPs | Indicator | Read / Write Private Par- | tition Data | Encrypts and writes | inbound data or | reads and decrypts | outbound data", "AES | (Cert. #3749) | DEK | CO / User | DEK (E) | Blue LED flashes continu- | ously | Run Self-tests | Runs the modules | Pre-operational and | Conditional self-tests | None | None | Unauthenticated | None | Refer to Table 16 and Table | 17 for indicator values | Set CO Password | Sets the CO | Password", "PBKDF | (Cert. #A777)", "SHS | (Cert. #3127) | CO KEK | DEK", "DRBG Internal | State | CO | CO KEK (G, E) | CO IV Key (G, E) | CO Salt (G, E) | DEK (Z)", "DRBG State (G, E, | Z) | - Solid Red LED → Solid | Green LED (Success) | - Solid Green LED (Error) | Set User Password | Sets the User | Password", "SHS | (Cert. #3127) | User KEK | DEK (E)", "DRBG State | CO | User KEK (G, E) | User IV Key (G, E) | User Salt (G, E) | DEK (Z)", "DRBG State (G, E, | Z) | - Solid Red LED → Solid | Green LED (Success) | - Solid Green LED (Error) | Show Module Version | Requests the | modules identifier | and version | information | None | None | CO / User | None | LEDs all flash on momentarily | followed by red LED blinking | out major version number | and then green LED blinking | out minor version number | Show Status | Returns roles | configured on the | module | None | None | Unauthenticated | None | - Red LED blinks | continuously for 10 seconds | (shows only the CO role | exists) | - Red & Blue LED blink con- | tinuously for 10 seconds | (shows both CO & User have | been defined) | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | Name | Description | Approved | Security | Functions | Keys and / or | SSPs | Role | Access Rights to | Keys and / or | SSPs | Indicator | Unlock Private Partition | (Login) | CO / User login | service that unlocks | the drive’s storage | partition.", "SHS | (Cert. #3127) | CO KEK | DEK | CO / User | CO/User KEK (G, | E, Z) | CO/User IV Key | (G, E, Z) | CO/User Salt (E) | - Solid Red LED → Solid | Green LED (Success) | - Solid Red LED → Fades to | off (Error) | View Last Error | Requests last known | error | None | None | CO / User | None | Refer to Table 19 for indicator | values | 4.4 Non-Approved Services | The module does not support any non-approved services. | 4.5 External Software/Firmware Loading | The module does not support external software / firmware loading. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 5 | Software/Firmware Security | 5.1 Integrity Techniques | This module firmware is non-modifiable and as such, does not support firmware upgrades. When | powered-on, components within the module perform a firmware integrity check. Failure of any firmware | integrity check puts the module into an error state which is signaled by the LED status indicators not | illuminating. | 5.2 Initiate on Demand | A firmware integrity check may be performed by powering the module off and then on. | 6 | Operational Environment | 6.1 Operational Environment Type and Requirements | The module is built upon a custom operational environment that is non-modifiable. | 7 | Physical Security | The multi-chip standalone cryptographic module includes the following physical security mechanisms, | conforming to FIPS 140-3 Level 3 requirements: | 1. Production grade components | 2. Hard, opaque, tamper-evident enclosure with embedded, hard epoxy covering all security | relevant components. | 3. Memory protection enabled to prevent read-out of firmware, RAM, or NVRAM | 7.1 Mechanisms and Actions Required | The cryptographic boundary for the module is the aluminum case as shown in Figure 1. On each use, | the user should check the module for physical damage, cracks, scratches, or other evidence of | tampering such as the integrity of the end cap. While holding the body of the module, a firm tug on the | lanyard should not show movement of the end cap or the body. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 7.2 EFP/EFT | This module does not implement explicit environmental failure protection mechanisms (EFP). The | module conforms to the FIPS 140-3 environmental failure testing (EFT) requirements. | Temperature / Voltage | Measurement | EFP / EFT | Shutdown, Zeroization, Undefined Failure, Known | Error Sate or Continues to Operate Normally13 | Low | Temperature | -100C | EFT | Continues to Operate Normally | High | Temperature | 145C | EFT | Undefined Failure | Low Voltage | 2.5V | EFT | Shutdown | High | Voltage | 10.1V | EFT | Undefined Failure | 7.3 Hardness Testing Temperature Ranges | The module supports and has been tested at the operation, storage and distribution temperatures listed | in Table 14. The module’s epoxy and outer enclosure hardness are assured within these ranges. | Hardness Tested Temperature Measurement | Low Temperature | -20C | High Temperature | 60C | 8 | Non-Invasive Security | The module does not provide protections against non-invasive security methods. | 9 | Sensitive Security Parameter (SSP) Management | The module incorporates Critical Security Parameters (CSPs) in the form of secret keys and | passwords. The module does not utilize Public Security Parameters (PSPs) e.g. public keys. | 9.1 Storage Areas", "The module is a data storage device designed to encrypt and store arbitrary data using AES-XTS within | its eMMC memory components. The module physically and logically protects CSPs when they are | present within the module. Please refer to Table 15 for additional information. | 13 For EFP, states can be Shutdown or Zeroise; for EFT, states can be Shutdown, Zeroization, Undefined Failure, Known Error Sate or | Continues to Operate Normally. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 9.2 SSP Input/Output Methods | Passwords are input into the module by the operator via the module’s dedicated keypad. These are the | only SSPs entered into the module. The operator’s KEK is derived from the associated password using | PBKDFv214. (Note, the KEK is used as part of the module's data storage application only). The DEK is", "stored encrypted with AES CTR. | The module does not output or establish SSPs using key agreement or key transport methods. | 9.3 SSP Zeroization Methods | Zeroization is the erasure of CSPs from volatile and non-volatile storage. The module initiates an erase | cycle to zeroize SSPs stored in NVRAM. Copies of SSPs in RAM are zeroized by setting the memory | locations to zeros. This process occurs when the module is factory reset or when the module detects a | brute-force attack. | There are two kinds of brute-force attacks. Ten consecutive failed attempts to unlock the module as the | User is the first type of brute-force attack and will zeroize the User CSPs. After this type of attack, the | CO will be able to unlock the module, recover user data, and permit the setup of a new User Password. | However, if there is no CO Password, the user data partition will be permanently unrecoverable, leaving | the module in the factory reset and blank state with an empty user data partition. | The second kind of brute-force attack is against the CO Password. Ten consecutive failed attempts to | unlock the module as CO will zeroize all SSPs for both the CO and User roles, including the DEK. The | module will be left in the factory reset and blank state with an empty user data partition. | 9.3.1 Zeroization via Factory Reset | A Factory Reset will zeroize all SSPs, settings, and user data from the module. After this operation, the | operator must reinitialize the module per Section 11.1 before data may be written to the user data | partition. | Starting with the module disconnected from the USB port, | 1. Press and hold the 7 button. Press and release the KEY button. Release the 7 button. The red | and green LEDs will alternate. If the LEDs do not illuminate, connect the module to a USB | power source and charge the battery for at least one minute. Disconnect the module from USB | and restart this procedure. | 2. Enter the sequence 999. The red and green LEDs will continue to alternate. | 3. Press and hold the 7 button. Press and release the KEY button. Release the 7 button. If the | procedure is correctly performed, the red and green LEDs will illuminate together while the | module zeroizes. | 4. On completion, the LEDs turn off. | 14 Per FIPS SP800-132 and FIPS140IG § D.6, the materials derived from PBKDFv2 are used only for “protection of electronically stored | data or for the protection of data protection keys.” | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 9.4 Sensitive Security Parameters (SSPs) | Key / CSP | Name | Strength | Security | Function & Cert. | Number | Generation | Import/Export | Establishment | Storage | Zeroization | Use & Related Keys", "DRBG | Internal | State | (V and Key) | 256 bits", "CTR-DRBG | (Cert. #1032) | Internally:", "from DRBG | Input: N/A | Output: N/A | N/A | Plaintext in | RAM (Static) | Zeroized on module lock, | connect, after generation | of CSPs, power-off, and | zeroization service | Internal state of the", "DRBG | Entropy | Input | 256-bits | ENT (P) | Internally: | from Entropy | Source | Input: N/A | Output: N/A | N/A | Plaintext in | RAM | (Dynamic) | Zeroized immediately after | use", "DRBG seed material | User | Password | 8-15 chars | N/A | N/A | Input: Manual / | Direct Entry | Output: N/A | N/A | Plaintext | temporarily in | RAM | (Dynamic) | Zeroized immediately after | use | Used to authenticate | the User and derive the | User’s KEK and IV Key | CO | Password | 8-15 chars | N/A | N/A | Input: Manual / | Direct Entry | Output: N/A | N/A | Plaintext | temporarily in | RAM | (Dynamic) | Zeroized immediately after | use | Used to authenticate | the CO and derive the | CO’s KEK and IV Key | DEK | 256 bits", "AES-XTS", "(AES Cert. #3749)", "CTR-DRBG | Input: N/A | Output: N/A | N/A | Encrypted by | KEK | (Dynamic) | Zeroized on module lock, | timeout, power-off, and | zeroization service | Data encryption and", "decryption using AES- | XTS | User KEK | 128 bits", "AES CTR | (Cert. #3757) | N/A | Input: N/A | Output: N/A | Derived from | User Password | and Salt using | PBKDFv2 | Plaintext | temporarily in | RAM | (Dynamic) | Zeroized immediately after | use | Encryption/Decryption | of the DEK | CO KEK | 128 bits", "AES CTR | (Cert. #3757) | N/A | Input: N/A | Output: N/A | Derived from CO | Password and | Salt using | PBKDFv2 | Plaintext | temporarily in | RAM | (Dynamic) | Zeroized immediately after | use | Encryption/Decryption | of the DEK | User Salt | 128 bits", "CTR-DRBG | Input: N/A | Output: N/A | N/A | Plaintext in | RAM (Static) | Zeroized on zeroization | service (Factory Reset) | Used with User | password to create | User KEK and User | Key | CO Salt | 128 bits", "CTR-DRBG | Input: N/A | Output: N/A | N/A | Plaintext in | RAM (Static) | Zeroized on zeroization | service (Factory Reset) | Used with User | password to create CO | KEK and CO Key | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | User IV Key | 128 bits", "AES CMAC | (Cert. #3757) | N/A | Input: N/A | Output: N/A | Derived from | User Password | and Salt using | PBKDFv2 | Plaintext in | RAM (Static) | Zeroized immediately after | use | Used to authenticate | the User | CO IV Key | 128 bits", "AES CMAC | (Cert. #3757) | N/A | Input: N/A | Output: N/A | Derived from CO | Password and | Salt using | PBKDFv2 | Plaintext in | RAM (Static) | Zeroized immediately after | use | Used to authenticate | the CO | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 10 Self-Tests | When the module powers on, it performs a sequence of self-tests. If any of these tests fails, the drive | will enter an error state. The module will not perform any cryptographic services and will output no user | data in the error state. The module also performs continuous self-tests. The only way to clear a module | error state is to cycle the power. | 10.1 Pre-Operational Self Tests | When the module fails a pre-operational self-test, it enters the error state described in Table 16 and | Test | Test Method | Type | Indicator | Details | CRC-32 | CRC-32 | Cyclic | Redundancy | Check | CRC-32 | Success: All three LEDs | blink once simultaneously | Error: LED will not illuminate; | the module shuts down | A CRC is an error detection | code (EDC) that is calculated | over the firmware binary and | verified as part of the firmware | integrity tests | CRC-16 | CRC-16 | Cyclic | Redundancy | Check | CRC-16 | 10.2 Conditional Self-Tests | When the module fails a conditional self-test, it enters an error state described in Table 17 and Table | 18. Clearing this error state requires that the module be power cycled. | Test Properties | Test | Method | Indicator | Details | Condition", "AES ECB | Cert. #3757 | 128-bit Key | KAT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates. | Encrypt KAT | Power-on", "AES ECB | Cert. #3757 | 128-bit Key | KAT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates. | Decrypt KAT | Power-on", "AES CMAC | Cert. #3757 | 128-bit Key | KAT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates. | Generation KAT | Power-on", "AES XTS | Cert. #3749 | 256-bit Key | KAT | Success: All three LEDs blink once simul- | taneously | Error: Illuminates red LED | Encrypt KAT | Power-on | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | Test Properties | Test | Method | Indicator | Details | Condition", "AES-XTS | Cert. #3749 | 256-bit Key | KAT | Success: All three LEDs blink once simul- | taneously | Error: Illuminates red LED | Decrypt KAT | Power-on", "CTR-DRBG | Cert. #1032 | 384-bit | KAT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates. | Instantiate and | Generate KAT | Power-on | PBKDFv2 | Cert. | #A777 | Password | (8 chars) | KAT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates.", "PBKDF KAT using | known password | Power-on | Entropy | Source | N/A | APT/RCT | Success: All three LEDs blink once simul- | taneously | Error: LEDs illuminate two times in circling | pattern, red then green then blue – Red | LED illuminates. | Adaptive Proportion | Test and Repetition | Count Test per- | formed on the en- | tropy source | Continuous", "AES-XTS | Key Gener- | ation | XTS Key Validity: | Key #1 ≠ Key #2 | N/A | Error: Illuminates red LED | Per IG C.I after", "AES-XTS key gen- | eration test to en- | sure keys are | unique: | Key #1 ≠ Key #2 | Creation of DEK | Password | Integrity | N/A | Manual | Key Entry | Success: When setting passwords, the | module will illuminate its red LED for a few | seconds | Any other indication means the password | do not match | Requires | passwords to be | entered twice | Setting CO or User | Password | 10.3 Periodic Self-Tests | The module authentication component performs periodic self-tests each time it powers on and prior to | authentication by the operator. Once authenticated, the authentication component enters a low-power | state. It may be awakened to rerun the self-tests by disconnecting the module from USB and then | powering the module on by pressing the KEY button. | The module data encryption component performs periodic self-tests while the module is connected and | mounted to a host computer. These tests are executed automatically every 15 minutes. | 10.4 Error States | State Name | Description | Conditions | Recovery Mode | Indicator | Hard Error | Hard Error State | Transitions to this | state for all errors | Power-Cycle | Illuminates Red LED | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | To verify that the module is in good working order, power it on by connecting it to a USB power source. | The three status indicator LEDs will blink simultaneously, indicating that firmware integrity tests and | KATs have passed successfully. | When using the View Last Error service, the module will report the error as a sequence of LED blinks. | The following table summarizes the LED patterns that the module emits for each logged error. | Logged Error | Code | LED Pattern | None | 0 | Green | Entropy Health Failure | 1 | Red", "DRBG Failure | 2 | Red Green | Credential Storage Failure | 3 | Red Red | Encryption Component Health Failure | 4 | Red Green Green | 10.5 Operator Initiation of Self-Tests | The operator may initiate all self-tests (pre-operational and conditional cryptographic algorithm self- | tests) at any time by powering on the module (either by inserting the module into a USB port or by | pressing the KEY button once). | 11 Life-Cycle Assurance | Power-up self-tests are run based on user action. For a module that is unlocked and in-use for an | extended period of time, the user is encouraged to disconnect and reconnect the module to re-run self- | tests. | 11.1 Installation, Initialization, and Startup Procedures | After a module is assembled in the factory, production release firmware is programmed into the | electronics, the circuit board is coated with epoxy, and the module is sealed with an epoxy adhesive. | The factory configures the module with a DEK, loads product documentation into the secure, encrypted | data partition, and then prepares the module for first use by the user. | There is no default Password set at the factory. On first use, the user must create either a User or a CO | Password. Subsequently, data on the encrypted partition may be read, modified, or deleted. | A new module comes from the factory preloaded with product documentation and with a DEK defined. | No Password is set when the module leaves the factory. Before the first use and before the secure | encrypted data partition can be accessed, a User or CO Password must be set. After this is done, the | module is ready for operation. | 11.2 Administrator Guidance | Before the first use a CO Password (8 – 15 characters) must be set (this password should not be | disclosed). After this is done, the module is ready for operation. Press the KEY button once, then press | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | the KEY button twice. Enter the CO password and press the KEY button twice. Enter the CO password | again and press the KEY button twice. | The module’s administrator’s guide is shipped with the module. | An operator may choose to Factory Reset the module before first use if the provenance of the module | is unknown or suspect. Performing a Factory Reset will guarantee that the encrypted data partition is | blank and unformatted on first use and that a new DEK is generated when the first Password is set. | If the module is zeroized, it will become blank in the same way that a Factory Reset causes the module | to be made blank. There will be no DEK defined, it will have neither a User Password nor a CO | Password defined, and on first use the encrypted data partition must be formatted. | 11.3 Non-Administrator Guidance | The CO may choose to configure the module for dual roles i.e. CO and User. In such instances, a User | password must be established and set by the CO. | 11.4 Design and Rules of Operation | To meet the requirements for FIPS 140-3 Security Level 3, the module enforces the following security | rules: | • | The cryptographic module provides two distinct operator roles: User and Cryptographic Officer | (CO). | • | The cryptographic module provides identity-based authentication. | • | Upon removing power from the module, the authentication session is cleared. | •", "When the module has not been placed in a valid role or is in an error state, the operator shall | not have access to any cryptographic service. | • | Passwords must not be disclosed. | • | The operator can command the module to perform self-tests at any time by cycling the power. | • | All data output is inhibited during pre-operational and conditional self-tests, zeroization, key | generation, and authentication. | •", "The module is an encrypted storage drive that utilizes PBKDFv2 (NIST SP 800-132) and AES- | XTS (FIPS 197 and NIST SP 800-38e). These algorithms can only be used for the protection of | data at rest. | 12 Mitigation of Other Attacks | The module is not designed to mitigate other attacks beyond the scope of FIPS 140-3 requirements. | iStorage, Ltd., datAshur PRO FIPS 140-3 Level 3 Non-Proprietary Security Policy Version 1.0 | This document may be freely reproduced and distributed only in its entirety and without modification. | 13 Appendix A: Abbreviations and Definitions | Term | Definition", "AES | Advanced Encryption Standard | CO | Cryptographic Officer | CRC | Cyclic Redundancy Check | CSP | Critical Security Parameter", "CTR-DRBG | Counter-Mode Deterministic Random Byte Generator | DEK | Data Encryption Key", "DRBG | Deterministic Random Byte Generator | ECB | Electronic Code Book | EFP | Environmental Failure Protection | EFT | Environmental Failure Testing | EMC | Electromagnetic Compatibility | EMI | Electromagnetic Interference | FIPS | Federal Information Processing Standards | GPC | General Purpose Computer", "HMAC | Keyed-Hash Message Authentication Code | KAT | Known Answer Test | KEK | Key Encryption Key | LED | Light Emitting Diode | NIST | National Institute of Standards and Technology | NVRAM | Non-volatile Random Access Memory | PBKDFv2 | Password Based Key Derivation Algorithm Version 2 | PSP | Public Security Parameter | RAM | Random Access Memory | Salt | Random value used to improve security of cryptographic algorithms", "SHA-1 | Secure Hash Algorithm 1", "SHS | Secure Hash Standard | SSP | Sensitive Security Parameter | TOEPP | Tested Operating Environment Physical Perimeter | USB | Universal Serial Bus", "XTS-AES", "AES cipher mode used to encrypt user data in mass storage | Zeroization | The process of erasing cryptographic security keys and parameters | ⩫" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4917", "Certificate Number": "4917", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "WildFire 11.0 WF-500 and WF-500-B", "Module Type": "Hardware", "Validation Date": "12/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4917.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4917", "module_name": "WildFire 11.0 WF-500 and WF-500-B", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/12/2026", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and physical kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The WildFire 11.0 WF-500 and WF-500-B module identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4916", "Certificate Number": "4916", "Vendor Name": "Aruba, a Hewlett Packard Enterprise company", "Module Name": "AP-514, AP-515, AP-534, AP-535, AP-584, AP-585, AP-587, AP-635 and AP-655 Access Points", "Module Type": "Hardware", "Validation Date": "12/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4916.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4916", "module_name": "AP-514, AP-515, AP-534, AP-535, AP-584, AP-585, AP-587, AP-635 and AP-655 Access Points", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/11/2026", "overall_level": 2, "caveat": "Interim validation. When operated in the approved mode, with tamper evident labels installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Aruba's 802.11 Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-3 mode, Aruba APs in conjunction with a Mobility Controller support the WPA2/WPA3 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4915", "Certificate Number": "4915", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Raphael\")", "Module Type": "Firmware-hybrid", "Validation Date": "12/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4915.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4915", "module_name": "AMD ASP Cryptographic CoProcessor (\"Raphael\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/11/2029", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The module is present in these models (OPNs): 7945 (100-000000598), 7745 (100-000000599), 7645 (100-000000600)", "detail_available": true, "algorithms": [ "RSA", "SHA" ], "algorithms_detailed": [ "A4649 | RSA \\[FIPS186-4\\] | PSS with SHA2-384 | 4096 | Digital signatureverification", "A4649 | SHA \\[FIPS180-4\\] | SHA2-384 | N/A | Message digest", "DigitalSignatureVerification | Verify a digitalsignature | \"FIPS mode:on\" | Message,public key,signature | Pass/fail | RSA PSSusing SHA2-384 | CO | RSA publickey: W, E", "Self-test | Initiate on-demand self-tests by reset | None | N/A | Pass/fail | SHA2-384RSA PSS | CO | N/A", "RSA publickey | Public key used forRSA signatureverification | 4096 bits | 150 bits | Public key | N/A | N/A", "RSA public key | Digital Signature Verification | API input parameters No output | RAM | While the module is operational | Remove power from the SoC | PSP | None", "SHA2-384 | Default | N/A | Messagedigest | Firmwareintegrity | Modulebecomesoperational | Performed onfips\\_module.bin", "SHA2-384 | Default | 32-bitmessage | KAT | CAST | Module isoperational | Messagedigest | Moduleinitialization", "RSA | Default | PSS using4096-bit keySHA2-384 | KAT | CAST | Signatureverification | Moduleinitialization", "Error State | The moduleimmediatelystops executing | SHA2-384 self-testerror | Reset of themodule | Error code AA0000FB", "RSA self-test error | Error code AA0000FC" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4914", "Certificate Number": "4914", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Storm Peak\")", "Module Type": "Firmware-hybrid", "Validation Date": "12/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4914.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4914", "module_name": "AMD ASP Cryptographic CoProcessor (\"Storm Peak\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/11/2029", "overall_level": 1, "caveat": "No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The module is present in these models: 7945WX, 7955WX, 7965WX, 7975WX, 7985WX, 7995WX.", "detail_available": true, "algorithms": [ "RSA", "SHA" ], "algorithms_detailed": [ "A4650 | RSA\\[FIPS186-4\\] | PSS with SHA2-384 | 4096 | Digital signature verification", "A4650 | SHA\\[FIPS180-4\\] | SHA2-384 | N/A | Message digest" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4913", "Certificate Number": "4913", "Vendor Name": "Ciena Corporation", "Module Name": "WaveLogic 5 Extreme Encryption Modem", "Module Type": "Hardware", "Validation Date": "12/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4913.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4913", "module_name": "WaveLogic 5 Extreme Encryption Modem", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/8/2026", "overall_level": 2, "caveat": "Interim validation. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ciena WaveLogic 5e Encryption Modem with AES-256-GCM, wire-speed optical layer encryption with line rates up to 800G for up to 6.4T of encrypted line capacity.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4912", "Certificate Number": "4912", "Vendor Name": "SafeLogic Inc.", "Module Name": "CryptoComply for Java 140-3", "Module Type": "Software", "Validation Date": "12/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4912.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4912", "module_name": "CryptoComply for Java 140-3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SafeLogic’s CryptoComply for Java 140-3 is designed to provide FIPS 140-3 validated cryptographic functionality and is available for licensing", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA" ], "algorithms_detailed": [ "AES | A6047 | Modes:CBC,CFB8,CFB128,CTR,ECB,FF1,OFBKey sizes:128,192,256 bits | AES\\[FIPS197,SP800-38A\\],AESFF1Format PreservingEncryption\\[SP800-38G\\] | Encryption,Decryption", "AES CBCCiphertextStealing(CS) | A6047 | Modes:CBC-CS1,CBC-CS2,CBC-CS3Key sizes:128,192,256bits | \\[Addendum to SP800-38A,Oct2010\\] | Encryption,Decryption", "AES CCM | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38C\\] | Generation,Authentication", "AES CMAC | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38B\\] | Generation,Authentication", "AES GCM/GMAC1 | A6047 | Key sizes:128,192,256 bits | \\[SP 800-38D\\] | Generation,Authentication", "AES KW,KWP(KTS:Key Wrapping UsingAES2) | A6047 | Modes:AES KW,KWPKey sizes:128,192,256 bits(key establishment methodology providing128,192 or256bits of encryption strength) | \\[SP 800-38F\\] | Key Wrapping", "DRBG,Counter DRBG | A6047 | AES128,AES192,AES256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,Hash DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "DRBG,HMAC DRBG | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA2-512,SHA-512/224,SHA2-512/256 | \\[SP 800-90Ar1\\] | Random Bit Generation", "ECDSA | A6047 | Curves/Key sizes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571 | \\[FIPS 186-5\\] | Key Generation,Key Verification,SignatureGeneration,SignatureVerification", "ECDSA | A6047 | Curves/Key sizes:P-192,K-163,B-1635 | \\[FIPS 186-4\\] | Key Verification,SignatureVerification", "HMAC | A6047 | SHA sizes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512,SHA-512/224,SHA-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | \\[FIPS 198-1\\] | Generation,Authentication", "KAS-ECC6 | A6047 | DomainParameterGenerationMethods/Schemes:P-224,P-256,P-384,P-521,K-233,K-283,K-409,K-571,B-233,B-283,B-409,B-571ephemeralUnified,fullMqv,fullUnified,onePassDh,onePassMqv,onePassUnified,staticUnifiedCurves specified above providingbetween112and256bitsofencryptionstrength | \\[SP800-56Ar3\\] | Key Agreement", "HMAC-RIPEMD128 | RIPEMD128 HMAC", "HMAC-RIPEMD160 | RIPEMD160 HMAC", "HMAC-RIPEMD256 | RIPEMD256 HMAC", "HMAC-RIPEMD320 | RIPEMD320 HMAC", "HMAC-TIGER | TIGER HMAC", "HMAC-WHIRLPOOL | WHIRLPOOL HMAC", "KAS14using SHA-512/224orSHA-512/256(non-compliant) | Key Agreement using SHA-512/224and SHA-512/256based KDFs", "KBKDFusing SHA-512/224orSHA-512/256(non-compliant) | KBKDF2using the PRFs SHA-512/224and SHA-512/256", "RSA(non-compliant15) | Non-compliantRSA signature schemes", "SHACAL-2 | SHACAL2 block cipher", "Triple-DES | Triple-DES cipher" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4911", "Certificate Number": "4911", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module", "Module Type": "Software", "Validation Date": "12/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4911.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4911", "module_name": "Canonical Ltd. Ubuntu 22.04 Strongswan Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/2/2029", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy with module Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4794, operating in the approved mode, and with module Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module validated to FIPS 140-3 under Cert. #4894, operating in the approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Strongswan IKE daemon implementing the IKEv2 protocol to negotiate the key material for IPSec.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4910", "Certificate Number": "4910", "Vendor Name": "Digital.ai Software, Inc.", "Module Name": "Digital.ai Key & Data Protection Module", "Module Type": "Software", "Validation Date": "12/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4910.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4910", "module_name": "Digital.ai Key & Data Protection Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/2/2026", "overall_level": 1, "caveat": "Interim Validation; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Digital.ai Key & Data Protection Module is a sophisticated implementation of whitebox cryptography, (Class A safety-critical software per IEC 62304) that ingests cryptographic keys for use in the cryptographic operations performed by methods in the Digital.ai Key & Data Protection Module libraries.", "detail_available": true, "algorithms": [ "AES", "ECDSA", "HMAC", "KAS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4909", "Certificate Number": "4909", "Vendor Name": "Quadient Technologies", "Module Name": "Quadient Postal Security Device", "Module Type": "Hardware", "Validation Date": "12/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4909.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4909", "module_name": "Quadient Postal Security Device", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/2/2026", "overall_level": 3, "caveat": "Interim Validation", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Quadient Postal Security Device is a multi-chip standalone cryptographic module that serves as the core security component of postal franking machines and must meet physical security FIPS 140-3 level 3 requirements (as required by the USPS®).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4908", "Certificate Number": "4908", "Vendor Name": "AudioCodes Ltd.", "Module Name": "Mediant Virtual Edition SBC and Cloud Edition SBC", "Module Type": "Software", "Validation Date": "12/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4908.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4908", "module_name": "Mediant Virtual Edition SBC and Cloud Edition SBC", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/2/2026", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "AudioCodes Ltd. is a leading vendor of advanced networking and media processing solutions for the for the digital workplace. The AudioCodes Mediant family of Session Border Controllers (SBCs) offers a line of versatile IP communications platforms that connect VoIP and TDM networks, built on years of carrier-grade VoIP deployments and expertise. AudioCode’s SBCs provide the interoperability, security, and quality assurance that service providers need to connect their enterprise and residential customers reliably and securely to SIP trunk and hosted telephony services." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4907", "Certificate Number": "4907", "Vendor Name": "AudioCodes Ltd.", "Module Name": "Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway", "Module Type": "Hardware", "Validation Date": "12/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4907.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4907", "module_name": "Mediant 800 Session Border Controller/Media Gateway, Mediant 2600/4000B/9080B Session Border Controllers, and MediaPack 1288 Media Gateway", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/2/2026", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The AudioCodes Mediant family of Session Border Controllers (SBCs) offers a line of versatile IP communications platforms that connect VoIP and TDM networks, built on years of carrier-grade VoIP deployments and expertise.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4906", "Certificate Number": "4906", "Vendor Name": "FUJIFILM Business Innovation Corp.", "Module Name": "FUJIFILM BI Cryptographic Kernel Module for WRL", "Module Type": "Software", "Validation Date": "12/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4906.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4906", "module_name": "FUJIFILM BI Cryptographic Kernel Module for WRL", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/1/2026", "overall_level": 1, "caveat": "Interim Validation; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a software module. The primary purpose of the FUJIFILM BI Cryptographic Kernel Module for WRL is to provide encryption/decryption of data for the multifunction devices.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4905", "Certificate Number": "4905", "Vendor Name": "Certes Networks, Inc.", "Module Name": "Certes Cryptographic Module", "Module Type": "Software", "Validation Date": "11/27/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4905.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4905", "module_name": "Certes Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Certes Cryptographic Module is a general-purpose cryptographic library incorporated into the Certes family of products to provide FIPS 140-2 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4904", "Certificate Number": "4904", "Vendor Name": "Alteryx, Inc.", "Module Name": "Alteryx OpenSSL FIPS Provider (fips.dll)", "Module Type": "Software", "Validation Date": "11/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4904.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4904", "module_name": "Alteryx OpenSSL FIPS Provider (fips.dll)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Alteryx OpenSSL FIPS Provider (fips.dll) is a software library which provides a C-language application program interface (API) for use by Alteryx applications which require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4903", "Certificate Number": "4903", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Key Variable Loader (KVL) 5000 PIKE", "Module Type": "Hardware", "Validation Date": "11/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4903.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4903", "module_name": "Key Variable Loader (KVL) 5000 PIKE", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/24/2026", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Key Variable Loader (KVL) 5000 PIKE provides security services for the KVL 5000. The KVL 5000 is a portable key distribution device that consists of KVL Host Application processor and KVL 5000 PIKE Hardware Security Module (HSM). The KVL 5000 allows programmers to generate, transport, and load encryption keys, securely and efficiently into secure communication products thereby enabling secure encrypted communications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4902", "Certificate Number": "4902", "Vendor Name": "Honeywell International Inc.", "Module Name": "Qualcomm® Inline Crypto Engine (SDCC)", "Module Type": "Hardware", "Validation Date": "11/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4902.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4902", "module_name": "Qualcomm® Inline Crypto Engine (SDCC)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/16/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "QTI Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4901", "Certificate Number": "4901", "Vendor Name": "Honeywell International Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "11/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4901.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4901", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4900", "Certificate Number": "4900", "Vendor Name": "Panzura", "Module Name": "Panzura CloudFS™ FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "11/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4900.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4900", "module_name": "Panzura CloudFS™ FIPS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic module for use with Panzura products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐", "ephemeralUnified ‐ KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐", "dhEphem ‐ KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KAS1 ‐ KAS Role ‐ initiator, responder", "KAS2 ‐ KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KTS‐OAEP‐basic ‐ KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202 | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | FIPS 140‐3 Security Policy | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4899", "Certificate Number": "4899", "Vendor Name": "SK hynix Inc.", "Module Name": "PE9110 E1.S and PE9010 M.2 22110D NVMe TCG Opal SSC SEDs", "Module Type": "Hardware", "Validation Date": "11/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4899.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4899", "module_name": "PE9110 E1.S and PE9010 M.2 22110D NVMe TCG Opal SSC SEDs", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/21/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "SK hynix PE9110 E1.S and PE9010 M.2 22110D NVMe TCG Opal SSC SEDs are high-performance self-encrypting solid state drives with the support of NVMe interface and TCG Opal SSC. It has a built-in AES256-XTS which encrypts and decrypts the user data without any performance loss.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4898", "Certificate Number": "4898", "Vendor Name": "Rambus Inc.", "Module Name": "SafeZone FIPS SW Cryptographic Module", "Module Type": "Software", "Validation Date": "11/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4898.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4898", "module_name": "SafeZone FIPS SW Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/21/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SafeZone FIPS SW Cryptographic Module is a FIPS 140-3 Level 1 validated software cryptographic module from Rambus. The module provides a set of commonly used cryptographic primitives by exposing a custom API for a wide range of applications, typically running on a general-purpose operating system.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4897", "Certificate Number": "4897", "Vendor Name": "Corsec Security, Inc.", "Module Name": "CorSSL", "Module Type": "Software", "Validation Date": "11/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4897.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4897", "module_name": "CorSSL", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/20/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CorSSL offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data. The libcrypto library provides the main cryptographic functionality for the module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4896", "Certificate Number": "4896", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "Module Type": "Software-hybrid", "Validation Date": "11/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4896.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4896", "module_name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/20/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode and installed, initialized and configured as specified in Section 11.5 of the Security Policy with module Qualcomm® Pseudo Random Number Generator validated to FIPS 140-3 under Cert. #4732.", "module_type": "Software-hybrid", "embodiment": "Single Chip", "description": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library provides various software cryptographic functionalities to the 64bit Qualcomm Trusted Execution Environment Trusted Applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4895", "Certificate Number": "4895", "Vendor Name": "F5, Inc.", "Module Name": "Cryptographic Module for BIG-IP", "Module Type": "Software", "Validation Date": "11/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4895.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4895", "module_name": "Cryptographic Module for BIG-IP", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/20/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic library offering various cryptographic mechanisms to BIG-IP Virtual Edition.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "A3947,A3948 | AES\\[FIPS197,SP800-38A,SP800-38D\\] | ECB,CBC,GCM | 128/192/256-bit AESkey/strength from128 to 256-bits | Symmetric encryption and decryption", "A3947 | AES\\[FIPS197,SP800-38A\\] | CTR | 128/192/256-bit AESkey/strength from128 to 256-bits | Symmetric encryption and decryption", "A3947,A3948 | AES\\[FIPS197,SP800-38D\\] | GMAC | 128/192/256-bit AESkey/strength from128 to 256-bits | MAC generation/verification", "A3947,A3948 | KTS(AES)\\[FIPS197,SP800-38F,SP800-38D\\] | GCM | 128/256-bitAESkey/strengthfrom128and256-bits. | Key wrapping", "A3947 | CTR\\_DRBG\\[SP800-90Ar1\\] | AES-256inCTRmode,withwithout derivationfunction,prediction resistanceenabledanddisabled | Entropyinput,seed,Vandkeyvalues/strengthis256-bits | Randomnumber generation", "A3947 | RSASigGen\\[FIPS186-4\\] | PKCS1.5withSHA-256,SHA-384 | 2048/3072/4096-bitmodulus/strengthfrom112to150-bits | RSA signature generation", "A3947 | RSASigVer\\[FIPS186-4\\] | PKCS1.5withSHA2-256,SHA2-384 | 2048/3072/4096-bitmodulus/strengthfrom112to150-bits | RSA signature verification", "A3947 | ECDSAKeyGen\\[FIPS186-4\\] | AppendixB.4.2:Testingcandidates | ECDSA/ECDHkeypairP-256andP-384curves/strength128and192-bits | ECDSA/ECDHkeypair generation", "A3947 | ECDSAKeyVer\\[FIPS186-4\\] | N/A | ECDSA/ECDHkeypairwithP-256andP-384curves/strength128and192-bits | ECDSA/ECDHpublickeyverification", "A3947 | ECDSASigGen\\[FIPS186-4\\] | SHA2-256,SHA2-384 | ECDSA P-256,P-384curves/strength128and192-bits | ECDSA signature generation", "A3947 | ECDSASigVer\\[FIPS186-4\\] | SHA2-256,SHA2-384 | ECDSA P-256,P-384curves/strength128and192-bits | ECDSA signature verification", "A3947,A3948 | SHA\\[FIPS180-4\\] | SHA-1 | N/A | Message digest", "A3947 | SHA\\[FIPS180-4\\] | SHA2-256,SHA2-384 | N/A | Message digest", "A3947,A3948 | HMAC\\[FIPS198\\] | HMAC-SHA-1 | 112 to1024-bitswithkeystrengths112-bits | MAC generation/verification", "A3947 | HMAC\\[FIPS198\\] | HMAC-SHA2-256,HMAC-SHA2-384 | 112 to1024-bitswithkeystrengths112to192-bits | MAC generation/verification", "A3947 | KAS-ECC-SSC\\[SP800-56Ar3\\] | Ephemeral Unified:KAS Role: initiator, responder | P-256,P-384/strength128and192-bits | EC Diffie-Hellman shared secret computation used in Key Agreement Scheme(KAS)IG D.F scenario 2(path1)", "A3947 | KAS-FFC-SSC\\[SP800-56Ar3\\] | dhEphemeral:KAS Role: initiator, responder | ffdhe2048,ffdhe3072,ffdhe4096/strengthfrom112to150-bits | Diffie-Hellman shared secret computation used in KAS IGD.F scenario 2(path1)", "A3947(CVL) | SSH KDF\\[SP800-135r1\\] | AES-128,AES-256withSHA2-256,SHA2-384 | 256-bit keys with256-bitkey strength | Key derivation", "A3947(CVL) | TLS KDF\\[SP800-135r1\\] | TLS version1.0/1.1 | 256-bits | Key derivation", "A3947(CVL) | TLS KDF\\[SP800-135r1\\]RFC7627 | TLS v1.2 | 256-bits | Key derivation", "MD5 | Allowed per IG 2.4.A | Message digest used in TLS 1.0/1.1 KDF only", "AES with OFB,CCM,CFB,XTS,KW modes,Blowfish,Camellia,CAST5,DES,IDEA,RC2,RC4,SEED,SM2,SM4,Triple-DES | Symmetric encryption and decryption", "SHA2-224,SHA2-512,SM3,MD4,MDC2,RIPEMD,Whirlpool | Message digest", "HMAC-SHA2-224,HMAC-SHA2-512,AESCMAC,Triple-DESCMAC | MAC generation/verification", "RSA key generation | RSA with 1024 and greater than 4096 up to 16384 modulus", "RSA signature generation and verification | PKCS #1 v1.5 scheme with 1024 and greater than 4096 up to 16384 modulus,for all SHA sizes", "Signature generation/Signature verification using PKCS #1v1.5 scheme with modulus size 2048,3072,4096-bits withSHA-1,SHA2-224,SHA2-512", "ECDSA | Key pair generation using P-224,P-521 curves", "Signature generation/Signature verification using curvesP-256,P-384 with SHA-1,SHA2-224,SHA2-512;using P-224,P-521 curves with any SHA sizes", "RSA encrypt/decrypt | RSA with modulus sizes up to 16384-bits", "DSA domain parameter generation,domainparameter verification,key pair generation,signature generation and verification | DSA with all key and SHA sizes", "HMAC\\_DRBG and Hash\\_DRBG using all SHA sizes,CTR\\_DRBG with AES-128,AES-192,ANSI X9.31 RNG | Random number generation", "Diffie-Hellman | Shared secret computation with groups other thanffdhe2048,ffdhe3072,ffdhe4096", "EC Diffie-Hellman | Shared secret computation:" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4894", "Certificate Number": "4894", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "11/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4894.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4894", "module_name": "Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/20/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-ECB | A3812 | SP 800-38A", "Counter DRBG | A3812 | SP 800-90A Rev. 1", "Hash DRBG | A3812 | SP 800-90A Rev. 1", "HMAC DRBG | A3812 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3812 | FIPS 198-1", "HMAC-SHA2-224 | A3812 | FIPS 198-1", "HMAC-SHA2-256 | A3812 | FIPS 198-1", "HMAC-SHA2-384 | A3812 | FIPS 198-1", "HMAC-SHA2-512 | A3812 | FIPS 198-1", "KAS-FFC-SSC Sp800-56Ar3 | A3812 | SP 800-56A Rev. 3 | Safe Primes Key Generation A3812 | SP 800-56A Rev. 3", "SHA-1 | A3812 | FIPS 180-4", "SHA2-224 | A3812 | FIPS 180-4", "SHA2-256 | A3812 | FIPS 180-4", "SHA2-384 | A3812 | FIPS 180-4", "SHA2-512 | A3812 | FIPS 180-4", "AES-ECB | A3813 | SP 800-38A", "Counter DRBG | A3813 | SP 800-90A Rev. 1", "ECDSA KeyGen (FIPS186-4) | A3813 | FIPS 186-4", "Hash DRBG | A3813 | SP 800-90A Rev. 1", "HMAC DRBG | A3813 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3813 | FIPS 198-1", "HMAC-SHA2-224 | A3813 | FIPS 198-1", "HMAC-SHA2-256 | A3813 | FIPS 198-1", "HMAC-SHA2-384 | A3813 | FIPS 198-1", "HMAC-SHA2-512 | A3813 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A3813 | SP 800-56A Rev. 3", "SHA-1 | A3813 | FIPS 180-4", "SHA2-224 | A3813 | FIPS 180-4", "SHA2-256 | A3813 | FIPS 180-4", "SHA2-384 | A3813 | FIPS 180-4", "SHA2-512 | A3813 | FIPS 180-4", "AES-CBC | A3814 | SP 800-38A", "AES-CCM | A3814 | SP 800-38C", "AES-CMAC | A3814 | SP 800-38B", "AES-CTR | A3814 | SP 800-38A", "AES-ECB | A3814 | SP 800-38A", "AES-GCM | A3814 | SP 800-38D", "AES-GMAC | A3814 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3814 | SP 800-38E", "Counter DRBG | A3814 | SP 800-90A Rev. 1", "Hash DRBG | A3814 | SP 800-90A Rev. 1", "HMAC DRBG | A3814 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3814 | FIPS 198-1", "HMAC-SHA2-224 | A3814 | FIPS 198-1", "HMAC-SHA2-256 | A3814 | FIPS 198-1", "HMAC-SHA2-384 | A3814 | FIPS 198-1", "HMAC-SHA2-512 | A3814 | FIPS 198-1 | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 11 of 103", "RSA SigVer (FIPS186-4) | A3814 | FIPS 186-4", "SHA-1 | A3814 | FIPS 180-4", "SHA2-224 | A3814 | FIPS 180-4", "SHA2-256 | A3814 | FIPS 180-4", "SHA2-384 | A3814 | FIPS 180-4", "SHA2-512 | A3814 | FIPS 180-4", "AES-KW | A3815 | SP 800-38F", "HMAC-SHA3-224 | A3816 | FIPS 198-1", "HMAC-SHA3-256 | A3816 | FIPS 198-1", "HMAC-SHA3-384 | A3816 | FIPS 198-1", "HMAC-SHA3-512 | A3816 | FIPS 198-1", "SHA3-224 | A3816 | FIPS 202", "SHA3-256 | A3816 | FIPS 202", "SHA3-384 | A3816 | FIPS 202", "SHA3-512 | A3816 | FIPS 202", "AES-CFB128 | A3817 | SP 800-38A", "AES-OFB | A3818 | SP 800-38A", "AES-CBC-CS3 | A3819 | SP 800-38A", "AES-ECB | A3820 | SP 800-38A", "AES-GCM | A3820 | SP 800-38D", "Counter DRBG | A3820 | SP 800-90A Rev. 1", "Hash DRBG | A3820 | SP 800-90A Rev. 1", "HMAC DRBG | A3820 | SP 800-90A Rev. 1", "AES-ECB | A3821 | SP 800-38A", "AES-GCM | A3821 | SP 800-38D", "Counter DRBG | A3821 | SP 800-90A Rev. 1", "Hash DRBG | A3821 | SP 800-90A Rev. 1", "HMAC DRBG | A3821 | SP 800-90A Rev. 1", "AES-CBC | A3822 | SP 800-38A", "AES-CCM | A3822 | SP 800-38C", "AES-CMAC | A3822 | SP 800-38B", "AES-CTR | A3822 | SP 800-38A", "AES-ECB | A3822 | SP 800-38A", "AES-GCM | A3822 | SP 800-38D", "AES-GMAC | A3822 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3822 | SP 800-38E", "Counter DRBG | A3822 | SP 800-90A Rev. 1", "Hash DRBG | A3822 | SP 800-90A Rev. 1", "HMAC DRBG | A3822 | SP 800-90A Rev. 1", "AES-KW | A3823 | SP 800-38F", "AES-ECB | A3824 | SP 800-38A", "AES-GCM | A3824 | SP 800-38D", "Counter DRBG | A3824 | SP 800-90A Rev. 1", "Hash DRBG | A3824 | SP 800-90A Rev. 1", "HMAC DRBG | A3824 | SP 800-90A Rev. 1", "AES-ECB | A3825 | SP 800-38A", "AES-GCM | A3825 | SP 800-38D", "Counter DRBG | A3825 | SP 800-90A Rev. 1", "Hash DRBG | A3825 | SP 800-90A Rev. 1", "HMAC DRBG | A3825 | SP 800-90A Rev. 1", "AES-CFB128 | A3826 | SP 800-38A", "AES-OFB | A3827 | SP 800-38A | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 12 of 103", "AES-CBC-CS3 | A3828 | SP 800-38A", "AES-CBC | A3829 | SP 800-38A", "AES-CCM | A3829 | SP 800-38C", "AES-CMAC | A3829 | SP 800-38B", "AES-CTR | A3829 | SP 800-38A", "AES-ECB | A3829 | SP 800-38A", "AES-GCM | A3829 | SP 800-38D", "AES-GMAC | A3829 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3829 | SP 800-38E", "Counter DRBG | A3829 | SP 800-90A Rev. 1", "AES-ECB | A3830 | SP 800-38A", "AES-GCM | A3830 | SP 800-38D", "Counter DRBG | A3830 | SP 800-90A Rev. 1", "Hash DRBG | A3830 | SP 800-90A Rev. 1", "HMAC DRBG | A3830 | SP 800-90A Rev. 1", "AES-ECB | A3831 | SP 800-38A", "AES-GCM | A3831 | SP 800-38D", "Counter DRBG | A3831 | SP 800-90A Rev. 1", "Hash DRBG | A3831 | SP 800-90A Rev. 1", "HMAC DRBG | A3831 | SP 800-90A Rev. 1", "AES-CBC | A3832 | SP 800-38A", "AES-CCM | A3832 | SP 800-38C", "AES-CMAC | A3832 | SP 800-38B", "AES-CTR | A3832 | SP 800-38A", "AES-ECB | A3832 | SP 800-38A", "AES-GCM | A3832 | SP 800-38D", "AES-GMAC | A3832 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3832 | SP 800-38E", "Counter DRBG | A3832 | SP 800-90A Rev. 1", "Hash DRBG | A3832 | SP 800-90A Rev. 1", "HMAC DRBG | A3832 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3832 | FIPS 198-1", "HMAC-SHA2-224 | A3832 | FIPS 198-1", "HMAC-SHA2-256 | A3832 | FIPS 198-1", "HMAC-SHA2-384 | A3832 | FIPS 198-1", "HMAC-SHA2-512 | A3832 | FIPS 198-1", "RSA SigVer (FIPS186-4) | A3832 | FIPS 186-4", "SHA-1 | A3832 | FIPS 180-4", "SHA2-224 | A3832 | FIPS 180-4", "SHA2-256 | A3832 | FIPS 180-4", "SHA2-384 | A3832 | FIPS 180-4", "SHA2-512 | A3832 | FIPS 180-4", "AES-ECB | A3833 | SP 800-38A", "AES-GCM | A3833 | SP 800-38D", "Counter DRBG | A3833 | SP 800-90A Rev. 1", "Hash DRBG | A3833 | SP 800-90A Rev. 1", "HMAC DRBG | A3833 | SP 800-90A Rev. 1", "AES-ECB | A3834 | SP 800-38A", "AES-GCM | A3834 | SP 800-38D", "Counter DRBG | A3834 | SP 800-90A Rev. 1", "Hash DRBG | A3834 | SP 800-90A Rev. 1", "HMAC DRBG | A3834 | SP 800-90A Rev. 1 | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 13 of 103", "AES-KW | A3835 | SP 800-38F", "AES-CFB128 | A3836 | SP 800-38A", "AES-OFB | A3837 | SP 800-38A", "AES-CBC-CS3 | A3838 | SP 800-38A", "HMAC-SHA3-224 | A3839 | FIPS 198-1", "HMAC-SHA3-256 | A3839 | FIPS 198-1", "HMAC-SHA3-384 | A3839 | FIPS 198-1", "HMAC-SHA3-512 | A3839 | FIPS 198-1", "SHA3-224 | A3839 | FIPS 202", "SHA3-256 | A3839 | FIPS 202", "SHA3-384 | A3839 | FIPS 202", "SHA3-512 | A3839 | FIPS 202", "AES-CBC | A3840 | SP 800-38A", "AES-CTR | A3840 | SP 800-38A", "AES-ECB | A3840 | SP 800-38A", "AES-GCM | A3840 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3840 | SP 800-38E", "Counter DRBG | A3840 | SP 800-90A Rev. 1", "Hash DRBG | A3840 | SP 800-90A Rev. 1", "HMAC DRBG | A3840 | SP 800-90A Rev. 1", "AES-ECB | A3841 | SP 800-38A", "AES-GCM | A3841 | SP 800-38D", "Counter DRBG | A3841 | SP 800-90A Rev. 1", "Hash DRBG | A3841 | SP 800-90A Rev. 1", "HMAC DRBG | A3841 | SP 800-90A Rev. 1", "AES-ECB | A3842 | SP 800-38A", "AES-GCM | A3842 | SP 800-38D", "Counter DRBG | A3842 | SP 800-90A Rev. 1", "Hash DRBG | A3842 | SP 800-90A Rev. 1", "HMAC DRBG | A3842 | SP 800-90A Rev. 1", "AES-CBC | A3843 | SP 800-38A", "AES-CCM | A3843 | SP 800-38C", "AES-CMAC | A3843 | SP 800-38B", "AES-CTR | A3843 | SP 800-38A", "AES-ECB | A3843 | SP 800-38A", "AES-GCM | A3843 | SP 800-38D", "AES-GMAC | A3843 | SP 800-38D", "AES-XTS Testing Revision 2.0 A3843 | SP 800-38E", "Counter DRBG | A3843 | SP 800-90A Rev. 1", "Hash DRBG | A3843 | SP 800-90A Rev. 1", "HMAC DRBG | A3843 | SP 800-90A Rev. 1", "AES-ECB | A3844 | SP 800-38A", "AES-GCM | A3844 | SP 800-38D", "Counter DRBG | A3844 | SP 800-90A Rev. 1", "Hash DRBG | A3844 | SP 800-90A Rev. 1", "HMAC DRBG | A3844 | SP 800-90A Rev. 1", "AES-ECB | A3845 | SP 800-38A", "AES-GCM | A3845 | SP 800-38D", "Counter DRBG | A3845 | SP 800-90A Rev. 1", "Hash DRBG | A3845 | SP 800-90A Rev. 1", "HMAC DRBG | A3845 | SP 800-90A Rev. 1", "AES-KW | A3846 | SP 800-38F | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 14 of 103", "AES-CFB128 | A3847 | SP 800-38A", "AES-OFB | A3848 | SP 800-38A", "AES-CBC-CS3 | A3849 | SP 800-38A", "Hash DRBG | A3850 | SP 800-90A Rev. 1", "HMAC DRBG | A3850 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3850 | FIPS 198-1", "HMAC-SHA2-224 | A3850 | FIPS 198-1", "HMAC-SHA2-256 | A3850 | FIPS 198-1", "HMAC-SHA2-384 | A3850 | FIPS 198-1", "HMAC-SHA2-512 | A3850 | FIPS 198-1", "RSA SigVer (FIPS186-4) | A3850 | FIPS 186-4", "SHA-1 | A3850 | FIPS 180-4", "SHA2-224 | A3850 | FIPS 180-4", "SHA2-256 | A3850 | FIPS 180-4", "SHA2-384 | A3850 | FIPS 180-4", "SHA2-512 | A3850 | FIPS 180-4", "Hash DRBG | A3851 | SP 800-90A Rev. 1", "HMAC DRBG | A3851 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3851 | FIPS 198-1", "HMAC-SHA2-224 | A3851 | FIPS 198-1", "HMAC-SHA2-256 | A3851 | FIPS 198-1", "HMAC-SHA2-384 | A3851 | FIPS 198-1", "HMAC-SHA2-512 | A3851 | FIPS 198-1", "RSA SigVer (FIPS186-4) | A3851 | FIPS 186-4", "SHA-1 | A3851 | FIPS 180-4", "SHA2-224 | A3851 | FIPS 180-4", "SHA2-256 | A3851 | FIPS 180-4", "SHA2-384 | A3851 | FIPS 180-4", "SHA2-512 | A3851 | FIPS 180-4", "Hash DRBG | A3852 | SP 800-90A Rev. 1", "HMAC DRBG | A3852 | SP 800-90A Rev. 1", "HMAC-SHA-1 | A3852 | FIPS 198-1", "HMAC-SHA2-224 | A3852 | FIPS 198-1", "HMAC-SHA2-256 | A3852 | FIPS 198-1", "HMAC-SHA2-384 | A3852 | FIPS 198-1", "HMAC-SHA2-512 | A3852 | FIPS 198-1", "RSA SigVer (FIPS186-4) | A3852 | FIPS 186-4", "SHA-1 | A3852 | FIPS 180-4", "SHA2-224 | A3852 | FIPS 180-4", "SHA2-256 | A3852 | FIPS 180-4", "SHA2-384 | A3852 | FIPS 180-4", "SHA2-512 | A3852 | FIPS 180-4", "AES-CBC | A3853 | SP 800-38A", "AES-CBC-CS3 | A3853 | SP 800-38A", "AES-CCM | A3853 | SP 800-38C", "AES-CMAC | A3853 | SP 800-38B", "AES-CTR | A3853 | SP 800-38A", "AES-ECB | A3853 | SP 800-38A", "AES-XTS Testing Revision 2.0 A3853 | SP 800-38E", "HMAC-SHA-1 | A3853 | FIPS 198-1", "HMAC-SHA2-224 | A3853 | FIPS 198-1", "HMAC-SHA2-256 | A3853 | FIPS 198-1 | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 15 of 103", "SHA-1 | A3853 | FIPS 180-4", "SHA2-224 | A3853 | FIPS 180-4", "SHA2-256 | A3853 | FIPS 180-4", "AES-CBC | A3854 | SP 800-38A", "AES-CBC-CS3 | A3854 | SP 800-38A", "AES-CCM | A3854 | SP 800-38C", "AES-CFB128 | A3854 | SP 800-38A", "AES-CMAC | A3854 | SP 800-38B", "AES-CTR | A3854 | SP 800-38A", "AES-ECB | A3854 | SP 800-38A", "AES-GCM | A3854 | SP 800-38D", "AES-GMAC | A3854 | SP 800-38D", "AES-KW | A3854 | SP 800-38F", "AES-OFB | A3854 | SP 800-38A", "AES-XTS Testing Revision 2.0 A3854 | SP 800-38E", "Counter DRBG | A3854 | SP 800-90A Rev. 1", "AES-ECB | A3855 | SP 800-38A", "AES-GCM | A3855 | SP 800-38D", "Counter DRBG | A3855 | SP 800-90A Rev. 1", "Hash DRBG | A3855 | SP 800-90A Rev. 1", "HMAC DRBG | A3855 | SP 800-90A Rev. 1", "AES-ECB | A3856 | SP 800-38A", "AES-GCM | A3856 | SP 800-38D", "Counter DRBG | A3856 | SP 800-90A Rev. 1", "Hash DRBG | A3856 | SP 800-90A Rev. 1", "HMAC DRBG | A3856 | SP 800-90A Rev. 1", "AES-CBC | A3857 | SP 800-38A", "AES-CTR | A3857 | SP 800-38A", "AES-ECB | A3857 | SP 800-38A", "AES-XTS Testing Revision 2.0 A3857 | SP 800-38E", "HMAC-SHA2-224 | A3857 | FIPS 198-1", "HMAC-SHA2-256 | A3857 | FIPS 198-1", "SHA2-224 | A3857 | FIPS 180-4", "SHA2-256 | A3857 | FIPS 180-4", "HMAC-SHA2-224 | A3858 | FIPS 198-1", "HMAC-SHA2-256 | A3858 | FIPS 198-1", "HMAC-SHA2-384 | A3858 | FIPS 198-1", "HMAC-SHA2-512 | A3858 | FIPS 198-1", "SHA2-224 | A3858 | FIPS 180-4", "SHA2-256 | A3858 | FIPS 180-4", "SHA2-384 | A3858 | FIPS 180-4", "SHA2-512 | A3858 | FIPS 180-4 | Name | Implementation | ECC and | DH CKG | Key Type:Asymmetric | ECC Curves:P-256, P-384 (strength of 128, 192 | bits) | DH groups:ffdhe2048, ffdhe3072, ffdhe4096, | ffdhe6144, ffdhe8192 (strength of 112-200 bits) | N/A | SP800-133r2, section | 4 (without XOR) | Canonical Ltd. Ubuntu 22.04 Kernel Crypto API Cryptographic Module FIPS 140-3 Non-Proprietary Security Policy | © 2024 Canonical Ltd. / atsec information security. | This document can be reproduced and distributed only whole and intact, including this copyright notice. | 16 of 103 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this module. | Non-Approved, Not Allowed Algorithms: | Name | Use and Function", "AES-GCM with | external IV | Encryption", "KBKDF (libkcapi)", "HKDF (libkcapi) | PBKDF2 (libkcapi) | Password-based key derivation", "RSA | Encryption primitive; Decryption primitive", "RSA with PKCS#1 | v1.5 padding | Signature generation (pre-hashed message); Signature verification (pre-hashed | message); Key encapsulation; Key un-encapsulation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4893", "Certificate Number": "4893", "Vendor Name": "Kiteworks (Accellion Inc.)", "Module Name": "Kiteworks FIPS Module", "Module Type": "Software", "Validation Date": "11/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4893.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4893", "module_name": "Kiteworks FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Kiteworks FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Kiteworks products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892", "Certificate Number": "4892", "Vendor Name": "Dell Inc., BSAFE Product Team", "Module Name": "Dell™ BSAFE™ Crypto Module for Java 7.0", "Module Type": "Software", "Validation Date": "11/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4892.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4892", "module_name": "Dell™ BSAFE™ Crypto Module for Java 7.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/18/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Crypto-J software library is designed for developers to incorporate FIPS 140-3 approved cryptography into Java-based products. Crypto-J security software helps protect sensitive data as it is stored, using strong encryption techniques that ease integration with existing data models. Using the capabilities of Crypto-J software in applications helps provide a persistent level of protection for data, lessening the risk of internal, as well as external, compromise.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4891", "Certificate Number": "4891", "Vendor Name": "Cisco Systems, Inc", "Module Name": "CiscoSSL FIPS Provider", "Module Type": "Firmware", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4891.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4891", "module_name": "CiscoSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/17/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The CiscoSSL FIPS Provider is a firmware library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module is comprised of a single object module file called fips.so.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3032 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS1 | A3032 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS2 | A3032 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A3032 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "AES-CCM | A3032 | KeyLength-128,192,256 | SP800-38C", "AES-CFB1 | A3032 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB128 | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3032 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-GCM | A3032 | Direction- Decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3032 | Direction- Decrypt, Encrypt IV Generation- External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-KW | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3032 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3032 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3032 | Prediction Resistance-Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-No,Yes | SP 800-90A Rev.1", "DSA KeyGen(FIPS186-4) | A3032 | L-2048,3072 N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3032 | L-2048,3072 N-224,256 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A3032 | L-1024,2048,3072 N-160,224,256 Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigGen(FIPS186-4) | A3032 | L-2048,3072 N-224,256 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A3032 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA KeyGen(FIPS186-4) | A3032 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3032 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3032 | Component-No,YesCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3032 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "Hash DRBG | A3032 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC DRBG | A3032 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC-SHA-1 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3032 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3032 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3032 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A3032 | Curve-P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A3032 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A3032 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme dhEphem-KAS Role initiator, responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A3032 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme KAS1-KAS Role initiator, responderKAS2-KAS Role initiator, responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A3032 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A3032 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A3032 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192Increment8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3032 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224, | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3032 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF IKEv2(CVL) | A3032 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A3032 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SP800-108 | A3032 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SRTP(CVL) | A3032 | AES Key Length-128,192,256 | SP 800-135Rev.1", "KDF SSH(CVL) | A3032 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3032 | Modulo-2048,3072,4096,6144Key Generation Methods-rskapg1-basic,rskapg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3032 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3032 | Key Generation Mode-B.3.6Modulo-2048,3072,4096 | FIPS186-4", "RSA SigGen(FIPS186-4) | A3032 | Signature Type-ANSI X9.31,PKCS 1.5PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3032 | Private Key Format-crt | FIPS186-4", "RSA SigVer(FIPS186-4) | A3032 | Signature Type-ANSI X9.31,PKCS 1.5PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "SHA-1 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-224 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-256 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-384 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-512 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-512/224 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA2-512/256 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS180-4", "SHA3-224 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS202", "SHA3-256 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS202", "SHA3-384 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS202", "SHA3-512 | A3032 | Message Length-Message Length:0-65536Increment8 | FIPS202", "SHAKE-128 | A3032 | Output Length-Output Length:16-65536Increment8 | FIPS202", "SHAKE-256 | A3032 | Output Length-Output Length:16-65536Increment8 | FIPS202", "TLS v1.2KDFRFC7627(CVL) | A3032 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP800-135Rev.1", "TLS v1.3 KDF(CVL) | A3032 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "TDES-CBC | A3032 | Direction-Decrypt | SP 800-67Rev.2", "TDES-CMAC | A3032 | Direction-Verification | SP 800-67Rev.2", "TDES-ECB | A3032 | Direction-Decrypt | SP 800-67Rev.2", "AES-CBC | A3252 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3252 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3252 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3252 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3252 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3252 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3252 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3252 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3252 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3252 | Direction - Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS TestingRevision 2.0 | A3252 | Direction - Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A3252 | Prediction Resistance - YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "DSA KeyGen(FIPS186-4) | A3252 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A3252 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A3252 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigGen(FIPS186-4) | A3252 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigVer(FIPS186-4) | A3252 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A3252 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3252 | Curve-P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3252 | Component-No,YesCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3252 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "Hash DRBG | A3252 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2- | SP 800-90ARev.1", "HMAC DRBG | A3252 | Prediction Resistance - YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC-SHA-1 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3252 | Key Length-Key Length:8-524288 Increment8 | FIPS 198-1", "KAS-ECC CDH-ComponentSP800-56Ar3(CVL) | A3252 | Curve-P-256,P-384,P-521 | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A3252 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A3252 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,modp-2048,modp-3072,modp-4096Scheme dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A3252 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpq1-basic, | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A3252 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStepSP800-56Cr2 | A3252 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStepSP800-56Cr2 | A3252 | MAC Salting Methods-default,randomKDF Mode-feedbackDerived Key Length-2048Shared Secret Length-Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A3252 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3252 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF IKEv2(CVL) | A3252 | Diffie-Hellman Shared Secret Length-Diffie-Hellman Shared Secret Length:2048Derived Keying Material Length-Derived Keying Material Length:3072Hash Algorithm-SHA-1 | SP 800-135Rev.1", "KDF SNMP(CVL) | A3252 | Password Length-Password Length:256,64 | SP 800-135Rev.1", "KDF SP800-108 | A3252 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SRTP(CVL) | A3252 | AES Key Length-128,192,256 | SP 800-135Rev.1", "KDF SSH(CVL) | A3252 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KTS-IFC | A3252 | Modulo-2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "PBKDF | A3252 | Iteration Count-Iteration Count:1-10000Increment1Password Length-Password Length:8-128Increment8 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3252 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3252 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA Signature Primitive(CVL) | A3252 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3252 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A3252 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-224 | A3252 | Message Length-Message Length:0-65536Increment8 | FIPS 180-4", "SHA2-256 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512/224 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512/256 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA3-224 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-256 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-384 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-512 | A3252 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHAKE-128 | A3252 | Output Length - Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A3252 | Output Length - Output Length:16-65536 Increment8 | FIPS 202", "TLS v1.2 KDF RFC7627(CVL) | A3252 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "TLS v1.3 KDF (CVL) | A3252 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135 Rev.1", "TDES-CBC | A3252 | Direction-Decrypt | SP 800-67 Rev.2", "TDES-CMAC | A3252 | Direction-Verification | SP 800-67 Rev.2", "TDES-ECB | A3252 | Direction-Decrypt | SP 800-67 Rev.2", "Random Number Generation | DRBG | Used for random number and | Counter DRBGHash DRBGHMAC DRBGCounter DRBG" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4890", "Certificate Number": "4890", "Vendor Name": "Riverbed Technology, LLC", "Module Name": "Riverbed Cryptographic Module 3.0", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4890.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4890", "module_name": "Riverbed Cryptographic Module 3.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Riverbed Cryptographic Module is a general-purpose cryptographic library incorporated into the SteelHead family of products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ | ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐ | dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ | KAS1 ‐ | KAS Role ‐ initiator, responder | KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4 | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Large Message Sizes ‐ 1, 2, 4, 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202 | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4 | FIPS 140‐3 Security Policy | Riverbed Cryptographic Module 3.0 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4889", "Certificate Number": "4889", "Vendor Name": "IBM", "Module Name": "AIX FIPS Crypto Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4889.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4889", "module_name": "AIX FIPS Crypto Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AIX FIPS Crypto Provider is based on OpenSSL 3.0 and is supported on AIX for the Power 8, Power 9, Power 10 and above platforms.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.so | 3.0.10 with KP\\_1.2 | N/A | HMAC-SHA2-256 #A4481 over the complete module file image", "AES-CBC | A4481 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4481 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4481 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4481 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A4481 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction- Decrypt, Encrypt IV Generation-External, Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A4481 | Direction- Decrypt, Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4481 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4481 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4481 | Curve-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme - ephemeralUnified-KAS Role - initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme -dhEphem-KAS Role - initiator,responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rskapg1-prime-factor,rskapg2-basic,rskapg2-crt,rskapg2-prime-factorScheme-KAS1-KAS Role -initiator,responderScheme-KAS2-KAS Role -initiator,responder | SP 800-56A Rev.3", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP800-56CRev.2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, random", "KDF Mode - feedback", "KDF ANS 9.42(CVL) | A4481 | KDF Type-DER", "Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512", "KDF ANS 9.63(CVL) | A4481 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512", "KDF SP800-108 | A4481 | KDF Mode-Counter,Feedback", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256", "Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000Increment1", "TLS v1.2 KDF RFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384", "KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3 Modulo-2048,3072,4096 Primality Tests-Table C.2 Private Key Format-Standard | FIPS186-4", "KTS-IFC | A4481 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "AES-CMAC | A4481 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP800-38D", "HMAC-SHA-1 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-224 | A4481 | Key Length-Key Length:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "SHA-1 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHAKE-128 | A4481 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "SHAKE-256 | A4481 | Output Length-Output Length:16-65536 Increment8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "Hash DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "ECDSA SigGen(FIPS186-4) | A4481 | Component - No, YesCurve-B233,B283,B409,B571,k233,k283,k409,k571,P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4481 | Component - NoCurve-B163,B233,B283,B409,B571,k163,k233,k283,k409,k571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBCAES-CBC-CS1AES-CBC-CS2AES-CBC-CS3AES-CFB1AES-CFB128AES-CFB8AES-CTRAES-ECBAES-OFBAES-XTS Testing Revision 2.0", "Cipher(Auth) | BC-Auth | Authenticated ciphers | AES-CCMAES-GCMAES-KWAES-KWP", "Key agreement | KAS-SSC | Key agreement | KAS:KAS-ECC-SSC provides between 112 and 256 bits of encryption strength; KAS-FFC-SSC provides between 112 and 200 bits of encryption strength; KAS-IFC-SSC provides between 112 and 200 bits of encryption strength | KAS-ECC CDH-Component SP800-56Ar3 KAS-ECC-SSC Sp800-56Ar3 KAS-FFC-SSC Sp800-56Ar3 KAS-IFC-SSC", "Key derivation | KAS-135KDF KAS-56CKDF KBKDF PBKDF | KAS-KDF HKDF SP800-56Cr2 KAS-KDF OneStep SP800-56Cr2 KAS-KDF TwoStep SP800-56Cr2 KDF ANS 9.42 KDF ANS 9.63 KDF SP800-108 KDF SSH PBKDF TLS v1.2 KDF RFC7627 TLS v1.3 KDF", "Key management ECC | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | ECDSA KeyGen(FIPS186-4) ECDSA KeyVer(FIPS186-4)", "Key management Edwards | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | EDDSA KeyGen EDDSA KeyVer", "Key management FFC | AsymKeyPair-KeyGen | DSA KeyGen(FIPS186-4) DSA PQGGen(FIPS186-4) DSA PQGVer(FIPS186-4) Safe Primes Key Generation Safe Primes Key Verification", "Key management IFC | AsymKeyPair-KeyGen | RSA KeyGen(FIPS186-4)", "Key transport | KTS-Encap | KTS:2048, 3072, 4096 or 6144-bit keys provide between 112 and 176 bits of encryption strength | KTS-iFC", "KTS(Cipher w/CMAC, GMAC,HMAC,KMAC) | BC-Auth BC-UnAuth MAC | SP 800-38F Section 3.1 Provisions | KTS:128, 192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-CBC AES-CBC-CS1 AES-CBC-CS2 AES-CBC-CS3 AES-CFB1 AES-CFB128", "KTS(AES KW,KWP) | BC-Auth | KTS:128,192 or 256-bit keysprovide between128 and256 bitsof encryption strength | AES-KWAES-KWP", "MAC AES(CMAC,GMAC) | MAC | AES-GMACAES-CMAC", "MAC HMAC | MAC | HMAC-SHA-1HMAC-SHA2-224HMAC-SHA2-256HMAC-SHA2-384HMAC-SHA2-512HMAC-SHA2-512/224HMAC-SHA2-512/256HMAC-SHA3-224HMAC-SHA3-256HMAC-SHA3-384HMAC-SHA3-512", "Message Digest | SHA | SHA-1SHA2-224SHA2-256SHA2-384SHA2-512SHA2-512/224SHA2-512/256SHA3-224SHA3-256SHA3-384SHA3-512", "Message Digest(XOF SHAKE) | XOF | SHAKE-128SHAKE-256", "Random | DRBG | Counter DRBGHash DRBGHMAC DRBG", "Signature DSA | DigSig-SigGenDigSig-SigVer | DSA SigGen(FIPS186-4)DSA SigVer(FIPS186-4)", "Signature ECDSA | DigSig-SigGenDigSig-SigVer | ECDSA SigGen(FIPS186-4)ECDSA SigVer(FIPS186-4)", "Signature EDDSA | DigSig-SigGenDigSig-SigVer | EDDSA SigGenEDDSA SigVer", "Signature RSA | DigSig-SigGenDigSig-SigVer | RSA SigGen(FIPS186-4)RSA SigGen(FIPS186-5)RSA Signature PrimitiveRSA SigVer(FIPS186-4)RSA SigVer(FIPS186-5)", "Initialize | Module initialization, including instantiation of the opaque (managed within the module) Counter DRBG instance. | FIPS\\_OK | Core handle, dispatch in and out, provider context. | Initialization status(1=pass,0=fail). | Random MAC HMAC | CO-DRBG\\_EI:W,E,Z-DRBG\\_Seed:G,E,Z-DRBG\\_Key:G,W,E-DRBG\\_V:G,W,E", "Key agreement | Perform key agreement primitives on behalf of the calling process(does not establish keys into the module). | FIPS\\_OK | Key structs(key agreement keys);flags. | Status return;key agreement shared secret. | CKG Section 5Key agreement | CO-KAS\\_Private\\_ECC:W,E-KAS\\_Public\\_ECC:W,E-KAS\\_Private\\_FFC:W,E-KAS\\_Public\\_FFC:W,E-KAS\\_Private\\_IFC:W,E-KAS\\_Public\\_IFC:W,E-KAS\\_SS\\_ECC:G,R-KAS\\_SS\\_FFC:G,R-KAS\\_SS\\_IFC:G,R", "Key derivation | Derive keying material from a shared secret. | FIPS\\_OK | Key agreement shared secret;flags. | Status return;derived keying material. | Key derivationCKG Section 6.2 | CO-KD\\_DKM\\_KDF:G,R-KD\\_PW\\_PBKDF:W,E-KD\\_DKM\\_PBKDF:G,R-KD\\_SK:W,E", "Key management | Generate asymmetric key pairs. | FIPS\\_OK | ECDSA,EdDSA:curve identifier.DSA,RSA:domain parameter targets. | Status return;general digital signature private and public keys. | Key management ECCKey management EdwardsKey management FFCKey management IFCCKG Section4 | CO-DRBG\\_C:G,W,E-DRBG\\_Key:W,G,E-DRBG\\_V:W,G,E-GKP\\_Private\\_ECC:G,R-GKP\\_Public\\_ECC:G,R-GKP\\_Private\\_Edwards:G,R-GKP\\_Public\\_Edwards:G,R-GKP\\_Private\\_FFC:G,R-GKP\\_Public\\_FFC:G,R-GKP\\_Public\\_IFC:G,R-GKP\\_Public\\_IFC:G,R", "Key transport | Encapsulate or decapsulate key material on behalf of the calling process. | FIPS\\_OK | Key encapsulation/decapsulation key or Key wrap/unwrap key. | Status return;key transport shared secret. | CKG Section 5Key transport KTS(Cipher w/CMAC,GMAC,HMAC,KMAC)KTS(AES KW,KWP) | CO-KTS\\_KDK\\_IFC:W,E-KTS\\_KEK\\_IFC:W,E-KTS\\_SS\\_IFC:G,R", "Message authentication | Generate or verify data integrity. | FIPS\\_OK | Keyed hash key. | Status return; MAC output value. | MAC AES (CMAC, GMAC)MAC HMACMAC KMAC (XOF) | CO- KH\\_Key\\_AES-CMAC: W,E- KH\\_Key\\_AES-GMAC: W,E- KH\\_Key\\_HMAC: W,E- KH\\_Key\\_KMAC: W,E", "Message digest | Generate a message digest. | FIPS\\_OK | Message; flags. | Status return; Hash output value. | Message Digest Message Digest (XOF SHAKE)", "Random | Generate random bits using the DRBG. | FIPS\\_OK | DRBG struct (RBG State); DRBG\\_Seed. | Status return; Random value. | Random CKG Section 4 | CO- DRBG\\_C: W,E- DRBG\\_Ei: W,E,Z- DRBG\\_Seed: G,E,Z- DRBG\\_Key: W,E- DRBG\\_V: W,E", "Signature | Generate or verify digital signatures. (SSPs are passed in by the calling process.) | FIPS\\_OK | Sign: signing key; message. Verify: signature value; flags; sizes. | Status return; Signature value. | CKG Section 5 Signature DSA Signature ECDSA Signature EDDSA Signature RSA | CO- DS\\_SGK\\_ECC: W,E- DS\\_SVK\\_ECC: W,E- DS\\_GK\\_Edwards: W,E- DS\\_SVK\\_Edwards: W,E- DS\\_SGK\\_FFC: W,E- DS\\_SVK\\_FFC: W,E- DS\\_SGK\\_IFC: W,E- DS\\_SVK\\_IFC: W,E", "Teardown | Uninstantiate the module; zeroizes internal CTR DRBG state (DRBG\\_KEY, DRBG\\_V). | FIPS\\_OK | Provider context. | None. | CO- DRBG\\_KEY: Z- DRBG\\_V: Z", "DRBG\\_C | Element of Hash DRBG state. | Size:440-888-Strength:160≤s≤256 | Hash\\_DRBG\\_C-CSP | Random | Random", "DRBG\\_EI | Entropy input from an external source used for DRBG seeding. | Size:128-2^35-Strength:128≤s≤256 | Other-CSP | Random", "DRBG\\_Key | Element of CTR DRBG or HMAC DRBG state. | Size:128-256,128-256-Strength:128≤s≤256,160≤s≤256 | CTR\\_DRBG\\_Key,HMAC\\_DRBG\\_Key-CSP | Random | Random", "DRBG\\_Seed | Seed used for DRBG Instantiation and Reseed. | Size:128-256-Strength:128≤s≤256 | Other-CSP | Random | Random", "DRBG\\_V | Element of CTR, Hash or HMAC DRBG state. | Size:128-256,128-256,128-256-Strength:128≤s≤256,128≤s≤256,128≤s≤256 | CTR\\_DRBG\\_Key,Hash\\_DRBG\\_Key,HMAC\\_DRBG\\_Key-CSP | Random | Random", "DS\\_SGK\\_ECC | SigGen(private)key. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521-CSP | Signature ECDSA", "DS\\_SGK\\_Edwards | SigGen(private)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-CSP | Signature EDDSA", "DS\\_SGK\\_FFC | SigGen(private)key. | Size:2048,2048,3072-Strength:s=112,s=112,s=128 | L=2048/N=224,L=2048/N=256,L=3072/N=256-CSP | Signature DSA", "DS\\_SGK\\_IFC | SigGen(private)key. | Size:2048,3072,4096,6144,8192-Strength:s=112,s=128,s=152,s=176,s=200 | k=2048,k=3072,k=4096,k=6144,k=8192-CSP | Signature RSA", "DS\\_SVK\\_ECC | SigVer(public)key. | Size:163,233,283,409,571,163,233,283,409,571,192,224,256,384,521-Strength:s<112,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521-PSP | Signature ECDSA", "DS\\_SVK\\_Edwards | SigVer(public)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-PSP | Signature EDDSA", "DS\\_SVK\\_FFC | SigVer(public)key. | Size:1024,2048,2048,3072-Strength:s<112,s=112,s=128 | L=1024/N=160,L=2048/N=224,L=2048/N=256,L=3072/N=256-PSP | Signature DSA", "DS\\_SVK\\_IFC | SigVer(public)key. | Size:1024,2048,3072,4096,6144,8192-Strength:s≤112,s=112,s=128,s=152,s=176,s=200 | k=1024,k=2048,k=3072,k=4096,k=6144,k=8192-PSP | Signature RSA", "GKP\\_Private\\_ECC | General ECDSA(private)key. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521-CSP | Key managementECC | Key managementECC", "GKP\\_Private\\_Edwards | General EdDSA(private)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-CSP | Key managementEdwards | Key managementEdwards", "GKP\\_Private\\_IFC | General RSA(private)key. | Size:2048,3072,4096,6144,8192-Strength:s=112,s=128,s=152,s=176,s=200 | k=2048,k=3072,k=4096,k=6144,k=8192-CSP | Key managementIFC | Key managementIFC", "GKP\\_Public\\_ECC | General ECDSA(public)key. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521-PSP | Key managementECC | Key managementECC", "GKP\\_Public\\_Edwards | General EdDSA(public)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-PSP | Key managementEdwards | Key managementEdwards", "GKP\\_Public\\_IFC | General RSA(public)key. | Size:2048,3072,4096,6144,8192-Strength:s=112,s=128,s=152,s=176,s=200 | k=2048,k=3072,k=4096,k=6144,k=8192-PSP | Key managementIFC | Key managementIFC", "KAS\\_Private\\_ECC | Key pair component used for shared secret generation. | Size: 233, 283, 409, 571, 233, 283, 409, 571, 224, 256, 384, 521 - Strength: s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256 | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 - CSP | Key agreement", "KAS\\_Private\\_FFC | Key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, 112 ≤ s ≤ 128, 112 ≤ s ≤ 152, 112 ≤ s ≤ 176, 112 ≤ s ≤ 200 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 - CSP | Key agreement", "KAS\\_Private\\_IFC | Key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, s = 128, s = 152, s = 176, s = 200 | k=2048, k=3072, k=4096, k=6144, k=8192 - CSP | Key agreement", "KAS\\_Public\\_ECC | Peer key pair component used for shared secret generation. | Size: 233, 283, 409, 571, 233, 283, 409, 571, 224, 256, 384, 521 - Strength: s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256 | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 - PSP | Key agreement", "KAS\\_Public\\_FFC | Peer key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, 112 ≤ s ≤ 128, 112 ≤ s ≤ 152, 112 ≤ s ≤ 176, 112 ≤ s ≤ 200 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 - PSP | Key agreement", "KAS\\_Public\\_IFC | Peer key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, s = 128, s = 152, s = 176, s = 200 | k=2048, k=3072, k=4096, k=6144, k=8192 - PSP | Key agreement", "KAS\\_SS\\_ECC | Shared secret calculation z output value (for KDF). | Size: 112 - 256 - Strength: 112 - 256 | Other - CSP | Key agreement | Key agreement", "KAS\\_SS\\_FFC | Shared secret calculation z output value (for KDF). | Size: 112 - 256 - Strength: 112 - 200 | Other - CSP | Key agreement | Key agreement", "KAS\\_SS\\_IFC | Shared secret calculation z output value (for KDF). | Size:112-256-Strength:112-200 | Other-CSP | Key agreement | Key agreement", "KD\\_DKM\\_PBKDF | PBKDF derived key material | Size:128-Strength:128 | Other-CSP | Key derivation | Key derivation", "KD\\_PW\\_PBKDF | PBKDF password input. | Size:128-Strength:128 | Other-CSP | Key derivation | Key derivation", "KH\\_Key\\_AES-CMAC | Keyed Hash key. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | MAC AES(CMAC,GMAC)", "KH\\_Key\\_AES-GMAC | Keyed Hash key. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | MAC AES(CMAC,GMAC)", "KH\\_Key\\_HMAC | Keyed Hash key. | Size:112-2048-Strength:112-256 | Other-CSP | MAC HMAC", "KTS\\_KDK\\_IFC | RSA key deencapsulation Key(key transport). | Size:2048,3072,4096,6144-Strength:s=112,s=128,s=152,s=176 | Other-CSP | Key transport", "KTS\\_KEK\\_IFC | RSA key encapsulation Key(key transport). | Size:2048,3072,4096,6144-Strength:s=112,s=128,s=152,s=176 | Other-PSP | Key transport", "KTS\\_SS\\_IFC | RSA key transport shared secret. | Size:112-256-Strength:s=112-s=176 | Other-CSP | Key transport | Key transport", "SC\\_EDK\\_AES | Symmetric encryption and decryption. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | Cipher(Unauth)Cipher(Auth)", "DRBG\\_C | I O | RAM:Plaintext | Call lifetime | C | DRBG\\_Seed:Derived From DRBG\\_V:Used with", "DRBG\\_EI | I | RAM:Plaintext | Call lifetime | C | DRBG\\_Seed:Constituent", "DRBG\\_Key | I O | RAM:Plaintext | Call lifetime (module up time for internal DRBG) | C T | DRBG\\_Seed:Derived From DRBG\\_V:Used with", "DRBG\\_Seed | RAM:Plaintext | Call lifetime | C | DRBG\\_C:Derives DRBG\\_KEY:Derives DRBG\\_V:Derives DRBG\\_EI:Incorporates", "DRBG\\_V | I O | RAM:Plaintext | Call lifetime (module up time for internal DRBG) | C T | DRBG\\_Seed:Derived From DRBG\\_KEY:Used with", "KAS\\_Public\\_ECC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_ECC:Paired With", "KAS\\_Public\\_FFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_FFC:Paired With", "KAS\\_Public\\_IFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_IFC:Paired With", "KAS\\_SS\\_ECC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_ECC:Calculated From KAS\\_Public\\_ECC:Calculated From", "KAS\\_SS\\_FFC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Private\\_FFC:Calculated From KAS\\_Public\\_FFC:Calculated From", "KAS\\_SS\\_IFC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Private\\_IFC:Calculated From KAS\\_Public\\_IFC:Calculated From", "KTS\\_KDK\\_IFC | I | RAM:Plaintext | Call lifetime | C | KTS\\_SS\\_IFC:Unwraps", "KTS\\_KEK\\_IFC | I | RAM:Plaintext | Call lifetime | C | KTS\\_SS\\_IFC:Wraps", "KTS\\_SS\\_IFC | O | RAM:Plaintext | Call lifetime | C | KTS\\_KDK\\_IFC:Unwrapped By KTS\\_KEK\\_IFC:Wrapped By", "SW Integrity | HMAC-SHA2-256 #A4481 | HMAC over the complete module file image | SW/FW Integrity | FIPS\\_OK or PROV\\_R\\_FIPS\\_MODULE\\_IN\\_ERROR\\_STATE", "AES-ECB | 128-bit | KAT | CAST | FIPS\\_OK | Encrypt | Performed on module load.", "AES-ECB | 128-bit | KAT | CAST | FIPS\\_OK | Decrypt | Performed on module load.", "AES-GCM | 256-bit | KAT | CAST | FIPS\\_OK | Encrypt | Performed on module load.", "AES-GCM | 256-bit | KAT | CAST | FIPS\\_OK | Decrypt | Performed on module load.", "Counter DRBG | AES-128 with derivation function | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "DSA SigGen(FIPS186-4) | 2048-bit with SHA2-384 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "DSA SigVer(FIPS186-4) | 2048-bit with SHA2-384 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "ECDSA SigGen(FIPS186-4) | P-224 with SHA2-512 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "ECDSA SigVer(FIPS186-4) | P-224 with SHA2-512 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "EDDSA ED448 SigGen | Edwards448 SigGen with SHA2-256 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "EDDSA ED448 SigVer | Edwards448 SigVer with SHA2-256 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "EDDSA ED25519 SigGen | Edwards25519 SigGen with SHA2-512 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "EDDSA ED25519 SigVer | Edwards25519 SigVer with SHA2-512 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "Hash DRBG | SHA2-256 | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "HMAC DRBG | SHA-1 | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "HMAC-SHA2-256 | SHA2-256 with a 256-bit key | KAT | CAST | FIPS\\_OK | Generate | Performed on module load.", "KAS-ECC-SSCSp800-56Ar3 | P-256 | KAT | CAST | FIPS\\_OK | Ephemeral Unified Shared Secret(Z) Computation | Performed on module load.", "KAS-FFC-SSCSp800-56Ar3 | L=2048/N=256 | KAT | CAST | FIPS\\_OK | dhEphem Shared Secret(Z) Computation | Performed on module load.", "KAS-IFC-SSC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Section 8.2.2 RSA Primitive Computation | Performed on module load.", "KAS-KDFOneStep SP800-56Cr2 | SHA2-224 | KAT | CAST | FIPS\\_OK | SP 800-56C Rev.2 Section 4OneStep KDF(AKA OpenSSL single-step or SS-KDF) | Performed on module load.", "KAS-KDFTwoStep SP800-56Cr2 | SHA2-256 | KAT | CAST | FIPS\\_OK | SP 800-56C Rev.2 Section 5TwoStep KDF(HKDF variant) | Performed on module load.", "KDF ANS 9.42 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.1 ANSIX9.42-2001 KDF KAT | Performed on module load.", "KDF ANS 9.63 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.1X9.63-2001 KDF KAT | Performed on module load.", "KDF SP800-108 | HMAC-SHA2-256 | KAT | CAST | FIPS\\_OK | SP 800-108 Rev.1 Section 4.1 KATfor a Counter Mode KDF | Performed on module load.", "KDF SSH | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.2SSHv2 KDF KAT | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Decrypt for CRT | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Encrypt for Basic | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Decrypt for Basic | Performed on module load.", "PBKDF | SHA2-256,24-byte password,36-byte salt,iteration count of4096 | KAT | CAST | FIPS\\_OK | SP 800-132 Section 5.3 KATof Master Key derivation | Performed on module load.", "RSA SigGen(FIPS186-4) | k=2048 with SHA2-256 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "RSA SigVer(FIPS186-4) | k=2048 with SHA2-256 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "SHA-1 | SHA-1 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "SHA2-512 | SHA2-512 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "SHA3-256 | SHA3-256 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "TLS v1.2 KDFRFC7627 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 4.2.2 TLS1.2 KAT | Performed on module load.", "TLS v1.3 KDF | Fixed input KAT | KAT | CAST | FIPS\\_OK | RFC8446 Section 7.1 TLS v1.3 KDF KAT | Performed on module load.", "DSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign, Verify | Performed on FFC(DSA,KAS-FFC-SSC)key pair generation,prior to returning the key pair on conclusion of the call.", "ECDSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on ECC(ECDSA)key pair generation,prior to returning the key pair on conclusion of the call.", "EDDSA KeyGen | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on Edwards(EdDSA)key pair generation,prior to returning the key pair on conclusion of the call.", "RSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on IFC(RSA,KAS-IFC-SSC,KTS-IFC)key pair generation,prior to returning the key pair on conclusion of the call.", "AES-ECB | KAT | CAST | On demand | On power on or reset", "AES-GCM | KAT | CAST | On demand | On power on or reset", "Counter DRBG | KAT | CAST | On demand | On power on or reset", "DSA SigGen(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "DSA SigVer(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "ECDSA SigGen(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "ECDSA SigVer(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "EDDSA ED448 SigGen | KAT | CAST | On demand | On power on or reset", "EDDSA ED448 SigVer | KAT | CAST | On demand | On power on or reset", "EDDSA ED25519 SigGen | KAT | CAST | On demand | On power on or reset", "EDDSA ED25519 SigVer | KAT | CAST | On demand | On power on or reset", "Hash DRBG | KAT | CAST | On demand | On power on or reset", "HMAC DRBG | KAT | CAST | On demand | On power on or reset", "HMAC-SHA2-256 | KAT | CAST | On demand | On power on or reset", "KAS-ECC-SSC Sp800-56Ar3 | KAT | CAST | On demand | On power on or reset", "KAS-FFC-SSC Sp800-56Ar3 | KAT | CAST | On demand | On power on or reset", "KAS-IFC-SSC | KAT | CAST | On demand | On power on or reset", "KAS-KDF OneStep SP800-56Cr2 | KAT | CAST | On demand | On power on or reset", "KAS-KDF TwoStep SP800-56Cr2 | KAT | CAST | On demand | On power on or reset", "KDF ANS 9.42 | KAT | CAST | On demand | On power on or reset", "KDF ANS 9.63 | KAT | CAST | On demand | On power on or reset", "KDF SP800-108 | KAT | CAST | On demand | On power on or reset", "KDF SSH | KAT | CAST | On demand | On power on or reset", "KTS-IFC | KAT | CAST | On demand | On power on or reset", "PBKDF | KAT | CAST | On demand | On power on or reset", "RSA SigGen(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "RSA SigVer(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "SHA-1 | KAT | CAST | On demand | On power on or reset", "SHA2-512 | KAT | CAST | On demand | On power on or reset", "SHA3-256 | KAT | CAST | On demand | On power on or reset", "TLS v1.2 KDF RFC7627 | KAT | CAST | On demand | On power on or reset", "TLS v1.3 KDF | KAT | CAST | On demand | On power on or reset", "DSA KeyGen(FIPS186-4) | PCT | PCT | On demand | On power on or reset", "ECDSA KeyGen(FIPS186-4) | PCT | PCT | On demand | On power on or reset", "EDDSA KeyGen | PCT | PCT | On demand | On power on or reset", "RSA KeyGen(FIPS186-4) | PCT | PCT | On demand | On power on or reset" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4888", "Certificate Number": "4888", "Vendor Name": "Keysight Technologies", "Module Name": "Keysight OpenSSL 3 FIPS Provider for Network Visibility", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4888.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4888", "module_name": "Keysight OpenSSL 3 FIPS Provider for Network Visibility", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Keysight Technologies FIPS Provider for OpenSSL 3 is integrated into Keysight’s network visibility product family to provide FIPS 140-3 validated cryptography for protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CCM | A6771 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB1 | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CTR | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A6771 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A6771 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A6771 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A6771 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A6771 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnifiedKAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A6771 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme-dhEphemKAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A6771 | Modulo -2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1KAS Role-initiator,responderScheme-KAS2KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A6771 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A6771 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A6771 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A6771 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A6771 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF SP800-108 | A6771 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A6771 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A6771 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A6771 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A6771 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A6771 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A6771 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A6771 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A6771 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A6771 | Curve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "EDDSA KeyGen | A6771 | Curve-ED-25519,ED-448 | FIPS186-5", "EDDSA KeyVer | A6771 | Curve-ED-25519,ED-448 | FIPS186-5", "RSA KeyGen(FIPS186-4) | A6771 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS186-4", "KTS-IFC | A6771 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basicKAS Role-initiator,responderKey Transport Method-Key Length-1024 | SP 800-56BRev.2", "AES-CMAC | A6771 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-GMAC | A6771 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "HMAC-SHA-1 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-224 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-256 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-384 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-224 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-256 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-384 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "HMAC-SHA3-512 | A6771 | Key Length-KeyLength:112-2048Increment8 | FIPS198-1", "SHA-1 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A6771 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A6771 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A6771 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A6771 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A6771 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A6771 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A6771 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "ECDSA SigGen(FIPS186-4) | A6771 | Component-NoCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A6771 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A6771 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A6771 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A6771 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A6771 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A6771 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A6771 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA Signature Primitive(CVL) | A6771 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A6771 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A6771 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | Keysight OpenSSL 3 FIPS Provider for Network Visibility | NIST,SP800-90ARev.1", "HMAC DRBG with SHA3-256,SHA3-512 | Keysight OpenSSL 3 FIPS Provider for Network Visibility | NIST,SP800-90ARev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBC:(A6771)AES-CBC-CS1:(A6771)AES-CBC-CS2:(A6771)AES-CBC-CS3:(A6771)AES-CFB1:(A6771)AES-CFB128:(A6771)AES-CFB8:(A6771)AES-CTR:(A6771)AES-ECB:(A6771)AES-OFB:(A6771)AES-XTS Testing Revision 2.0:(A6771)", "Cipher(Auth) | BC-Auth | Authentication ciphers | AES-CCM:(A6771)AES-GCM:(A6771)AES-KW:(A6771)AES-KWP:(A6771)", "Key agreement | KAS-SSC | Key agreement | KAS:KAS-ECC-SSC provides between 112 and 256 bits of encryption strength;KAS-FFC-SSC provides between 112 and 200 bits of encryption strength;KAS-IFC-SSC provides between 112 and 200 bits of encryption strength | KAS-ECC CDH-Component SP800-56Ar3:(A6771)KAS-ECC-SSC Sp800-56Ar3:(A6771)KAS-FFC-SSC Sp800-56Ar3:(A6771)KAS-IFC-SSC:(A6771)", "Key derivation | KAS-135KDFKAS-56CKDFKBKDFPBKDF | KAS-KDF HKDF SP800-56Cr2:(A6771)KAS-KDF OneStep SP800-56Cr2:(A6771)KAS-KDF TwoStep SP800-56Cr2:(A6771)KDF ANS9.42:(A6771)KDF ANS9.63:(A6771)KDF SP800-108:(A6771)KDF SSH:(A6771)PBKDF:(A6771)TLSv1.2 KDF RFC7627:(A6771)TLSv1.3 KDF:(A6771)", "Key management ECC | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | ECDSA KeyGen(FIPS186-4):(A6771) ECDSA KeyVer(FIPS186-4):(A6771)", "Key management Edwards | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | EDDSA KeyGen:(A6771) EDDSA KeyVer:(A6771)", "Key management FFC | AsymKeyPair-KeyGen | DSA KeyGen(FIPS186-4):(A6771) DSA PQGGen(FIPS186-4):(A6771) DSA PQGVer(FIPS186-4):(A6771) Safe Primes Key Generation:(A6771) Safe Primes Key Verification:(A6771)", "Key management IFC | AsymKeyPair-KeyGen | RSA KeyGen(FIPS186-4):(A6771)", "Key transport | KTS-Encap | KTS:2048,3072,4096 or 6144-bit keys provide between 112 and 176 bits of encryption strength | KTS-IFC:(A6771)", "KTS(Cipher w/CMAC, GMAC,HMAC,KMAC) | BC-Auth BC-UnAuth MAC | SP 800-38F Section 3.1 Provisions | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-CBC:(A6771) AES-CBC-CS1:(A6771) AES-CBC-CS2:(A6771) AES-CBC-CS3:(A6771) AES-CFB1:(A6771) AES-CFB128:(A6771) AES-CFB8:(A6771) AES-CTR:(A6771) AES-ECB:(A6771) AES-OFB:(A6771) AES-CCM:(A6771) AES-GCM:(A6771) AES-GMAC:(A6771) AES-CMAC:(A6771) HMAC-SHA-1:(A6771) HMAC-SHA2-224:(A6771) HMAC-SHA2-256:(A6771) HMAC-SHA2-384:(A6771) HMAC-SHA2-512:(A6771) HMAC-SHA2-512/224:(A6771) HMAC-SHA2-512/256:(A6771) HMAC-SHA3-224:(A6771) HMAC-SHA3-256:(A6771) HMAC-SHA3-384:(A6771) HMAC-SHA3-512:(A6771)", "KTS(AES KW,KWP) | BC-Auth | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-KW:(A6771)AES-KWP:(A6771)", "MAC AES(CMAC,GMAC) | MAC | AES-GMAC:(A6771)AES-CMAC:(A6771)", "MAC HMAC | MAC | HMAC-SHA-1:(A6771)HMAC-SHA2-224:(A6771)HMAC-SHA2-256:(A6771)HMAC-SHA2-384:(A6771)HMAC-SHA2-512:(A6771)HMAC-SHA2-512/224:(A6771)HMAC-SHA2-512/256:(A6771)HMAC-SHA3-224:(A6771)HMAC-SHA3-256:(A6771)HMAC-SHA3-384:(A6771)HMAC-SHA3-512:(A6771)", "Message Digest | SHA | SHA-1:(A6771)SHA2-224:(A6771)SHA2-256:(A6771)SHA2-384:(A6771)SHA2-512:(A6771)SHA2-512/224:(A6771)SHA2-512/256:(A6771)SHA3-224:(A6771)SHA3-256:(A6771)SHA3-384:(A6771)SHA3-512:(A6771)", "Message Digest(XOF SHAKE) | XOF | SHAKE-128:(A6771)SHAKE-256:(A6771)", "Random | DRBG | Counter DRBG:(A6771)Hash DRBG:(A6771)HMAC DRBG:(A6771)", "Signature DSA | DigSig-SigGenDigSig-SigVer | DSA SigGen(FIPS186-4):(A6771)DSA SigVer(FIPS186-4):(A6771)", "Signature ECDSA | DigSig-SigGen", "DigSig-SigVer | ECDSA SigGen(FIPS186-4):(A6771)", "ECDSA SigVer(FIPS186-4):(A6771)", "Signature EDDSA | DigSig-SigGen", "DigSig-SigVer | EDDSA SigGen:(A6771)", "EDDSA SigVer:(A6771)", "Signature RSA | DigSig-SigGen", "DigSig-SigVer | RSA SigGen(FIPS186-4):(A6771)", "RSA SigGen(FIPS186-5):(A6771)", "RSA Signature Primitive:(A6771)", "RSA SigVer(FIPS186-4):(A6771)", "RSA SigVer(FIPS186-5):(A6771)", "Initialize | Module initialization, including instantiation of the opaque (managed within the module) Counter DRBG instance. | FIPS\\_OK | Core handle, dispatch in and out, provider context. | Initialization status(1=pass,0=fail). | Random MAC HMAC | CO-DRBG\\_EI:W,E,Z-DRBG\\_Seed:G,E,Z-DRBG\\_Key:G,W,E-DRBG\\_V:G,W,E", "Key agreement | Perform key agreement primitives on behalf of the calling process (does not establish keys into the module). | FIPS\\_OK | Key structs(key agreement keys);flags. | Status return;key agreement shared secret. | CKG Section 5 Key agreement | CO-KAS\\_Private\\_ECC:W,E-KAS\\_Public\\_ECC:W,E-KAS\\_Private\\_FFC:W,E-KAS\\_Public\\_FFC:W,E-KAS\\_Public\\_IFC:W,E-KAS\\_Public\\_IFC:W,E-KAS\\_SS\\_ECC:G,R-KAS\\_SS\\_FFC:G,R-KAS\\_SS\\_IFC:G,R", "Key derivation | Derive keying material from a shared secret. | FIPS\\_OK | Key agreement shared secret;flags. | Status return;derived keying material. | Key derivation CKG Section 6.2 | CO-KD\\_DKM\\_KDF:G,R-KD\\_PW\\_PBKDF:W,E-KD\\_DKM\\_PBKDF:G,R-KD\\_SK:W,E", "Key management | Generate asymmetric key pairs. | FIPS\\_OK | ECDSA,EdDSA:curve identifier.DSA,RSA:domain parameter targets. | Status return;general digital signature private and public keys. | Key management ECC Key management EdwardsKey management FFCKey management IFICKG Section 4 | CO-DRBG\\_C:G,W,E-DRBG\\_KEY:W,G,E-DRBG\\_V:W,G,E-GPK\\_Private\\_ECC:G,R-GPK\\_Public\\_ECC:G,R-GPK\\_Private\\_Edwards:G,R-GPK\\_Public\\_Edwards:G,R-GPK\\_Public\\_FFC:G,R-GPK\\_Public\\_FFC:G,R", "Key transport | Encapsulate or decapsulate key material on behalf of the calling process. | FIPS\\_OK | Key encapsulation/decapsulation key or Key wrap/unwrap key. | Status return;key transport shared secret. | CKG Section 5Key transportKTS(Cipher w)/CMAC,GMAC,HMAC,KMAC)KTS(AES KW,KWP) | CO-KTS\\_KDK\\_IFC:W,E-KTS\\_KEK\\_IFC:W,E-KTS\\_SS\\_IFC:G,R", "Message authentication | Generate or verify data integrity. | FIPS\\_OK | Keyed hash key. | Status return;MAC output value. | MAC AES(CMAC,GMAC)MAC HMACMAC KMAC(XOF) | CO-KH\\_Key\\_AES-CMAC:W,E-KH\\_Key\\_AES-GMAC:W,E-KH\\_Key\\_HMAC:W,E-KH\\_Key\\_KMAC:W,E", "Message digest | Generate a message digest. | FIPS\\_OK | Message;flags. | Status return;Hash output value. | Message Digest Message Digest(XOF SHAKE)", "Random | Generate random bits using the DRBG. | FIPS\\_OK | DRBG struct(RBG State);DRBG\\_Seed. | Status return;Random value. | RandomCKG Section4 | CO-DRBG\\_C:W,E-DRBG\\_EI:W,E,Z-DRBG\\_SEeed:G,E,Z-DRBG\\_KEY:W,E-DRBG\\_V:W,E", "Signature | Generate or verify digital signatures.(SSPs are passed in by the calling process.) | FIPS\\_OK | Sign:signing key;message.Verify:signature value;flags;sizes. | Status return;Signature value. | CKG Section5Signature DSASignature ECDSASignature EDDSASignature RSA | CO-DS\\_SGK\\_ECC:W,E-DS\\_SVK\\_ECC:W,E-DS\\_SGK\\_Edwards:W,E-DS\\_SVK\\_Edwards:W,E", "Teardown | Uninstantiate the module; zeroizes internal CTR DRBG state (DRBG\\_Key, DRBG\\_V). | FIPS\\_OK | Provider context. | None. | CO-DRBG\\_Key:Z-DRBG\\_V:Z", "Zeroize | Zeroization of allocated key structures using openssl\\_cleanse. | FIPS\\_OK | Memory pointer. | Void. | CO-DRBG\\_C:Z-DRBG\\_EI:Z-DRBG\\_Key:Z-DRBG\\_Seed:Z-DRBG\\_V:Z-DS\\_SGK\\_ECC:Z-DS\\_SGK\\_Edwards:Z-DS\\_SGK\\_FFC:Z-DS\\_SGK\\_IFC:Z-DS\\_SVK\\_ECC:Z-DS\\_SVK\\_Edwards:Z-DS\\_SVK\\_FFC:Z-DS\\_SVK\\_IFC:Z-GKP\\_Private\\_ECC:Z-GKP\\_Private\\_Edwards:Z-GKP\\_Private\\_FFC:Z-GKP\\_Private\\_IFC:Z-GKP\\_Public\\_ECC:Z-GKP\\_Public\\_Edwards:Z-GKP\\_Public\\_FFC:Z-GKP\\_Public\\_IFC:Z-KAS\\_Private\\_ECC:Z-KAS\\_Private\\_FFC:Z-GKP\\_Private\\_ECC:Z-KAS\\_Private\\_IFC:Z-KAS\\_Public\\_ECC:Z-KAS\\_Public\\_IFC:Z-KAS\\_SS\\_ECC:Z-KD\\_DKM\\_KDF:Z-KD\\_DKM\\_PBKDF:Z", "DRBG\\_C | Element of Hash DRBG state. | Size:440-888-Strength:160≤s≤256 | Hash\\_DRBG\\_C-CSP | Random | Random", "DRBG\\_EI | Entropy input from an external source used for DRBG seeding. | Size:128-2^35-Strength:128≤s≤256 | Other-CSP | Random", "DRBG\\_Key | Element of CTR DRBG or HMAC DRBG state. | Size:128-256,128-256-Strength:128≤s≤256,160≤s≤256 | CTR\\_DRBG\\_Key,HMAC\\_DRBG\\_Key-CSP | Random | Random", "DRBG\\_Seed | Seed used for DRBG Instantiation and Reseed. | Size: 128-256 - Strength: 128 ≤ s ≤ 256 | Other - CSP | Random | Random", "DRBG\\_V | Element of CTR, Hash or HMAC DRBG state. | Size: 128-256, 128-256, 128-256 - Strength: 128 ≤ s ≤ 256, 128 ≤ s ≤ 256 | CTR\\_DRBG\\_Key, Hash\\_DRBG\\_Key, HMAC\\_DRBG\\_Key - CSP | Random | Random", "DS\\_SGK\\_ECC | SigGen (private) key. | Size: 233, 283, 409, 571, 233, 283, 409, 571, 224, 256, 384, 521 - Strength: s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256 | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 - CSP | Signature ECDSA", "DS\\_SGK\\_Edwards | SigGen (private) key. | Size: 255, 448 - Strength: s = 128, s = 224 | Edwards25519, Edwards448 - CSP | Signature EDDSA", "DS\\_SGK\\_FFC | SigGen (private) key. | Size: 2048, 2048, 3072 - Strength: s = 112, s = 112, s = 128 | L=2048/N=224, L=2048/N=256, L=3072/N=256 - CSP | Signature DSA", "DS\\_SGK\\_IFC | SigGen (private) key. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, s = 128, s = 152, s = 176, s = 200 | k=2048, k=3072, k=4096, k=6144, k=8192 - CSP | Signature RSA", "DS\\_SVK\\_ECC | SigVer (public) key. | Size: 163, 233, 283, 409, 571, 163, 233, 283, 409, 571, 192, 224, 256, 384, 521 - Strength: s < 112, s = 112, s = 128, s = 192, s = 256, s < 112, s = 128, s = 192, s = 256, s < 112, s = 128, s = 192, s = 256 | B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 - PSP | Signature ECDSA", "DS\\_SVK\\_Edwards | SigVer (public) key. | Size: 255, 448 - Strength: s = 128, s = 224 | Edwards25519, Edwards448 - PSP | Signature EDDSA", "DS\\_SVK\\_FFC | SigVer (public) key. | Size: 1024, 2048, 2048, 3072 - Strength: s < 112, s = 112, s = 128 | L=1024/N=160, L=2048/N=224, L=2048/N=256, L=3072/N=256 - PSP | Signature DSA", "DS\\_SVK\\_IFC | SigVer (public) key. | Size: 1024, 2048, 3072, 4096, 6144, 8192 - Strength: s ≤ 112, s = 112, s = 128, s = 152, s = 176, s = 200 | k=1024, k=2048, k=3072, k=4096, k=6144, k=8192 - PSP | Signature RSA", "GKP\\_Private\\_ECC | General ECDSA(private)key. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521-CSP | Key managementECC | Key managementECC", "GKP\\_Private\\_Edwards | General EdDSA(private)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-CSP | Key managementEdwards | Key managementEdwards", "GKP\\_Private\\_IFC | General RSA(private)key. | Size:2048,3072,4096,6144,8192-Strength:s=112,s=128,s=152,s=176,s=200 | k=2048,k=3072,k=4096,k=6144,k=8192-CSP | Key managementIFC | Key managementIFC", "GKP\\_Public\\_ECC | General ECDSA(public)key. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521-PSP | Key managementECC | Key managementECC", "GKP\\_Public\\_Edwards | General EdDSA(public)key. | Size:255,448-Strength:s=128,s=224 | Edwards25519,Edwards448-PSP | Key managementEdwards | Key managementEdwards", "GKP\\_Public\\_IFC | General RSA(public)key. | Size:2048,3072,4096,6144,8192-Strength:s=112,s=128,s=152,s=176,s=200 | k=2048,k=3072,k=4096,k=6144,k=8192-PSP | Key managementIFC | Key managementIFC", "KAS\\_Private\\_ECC | Key pair componentused for shared secret generation. | Size:233,283,409,571,233,283,409,571,224,256,384,521-Strength:s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256,s=112,s=128,s=192,s=256 | B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521-CSP | Key agreement", "KAS\\_Private\\_FFC | Key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, 112 ≤ s ≤ 128, 112 ≤ s ≤ 152, 112 ≤ s ≤ 176, 112 ≤ s ≤ 200 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 - CSP | Key agreement", "KAS\\_Private\\_IFC | Key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, s = 128, s = 152, s = 176, s = 200 | k=2048, k=3072, k=4096, k=6144, k=8192 - CSP | Key agreement", "KAS\\_Public\\_ECC | Peer key pair component used for shared secret generation. | Size: 233, 283, 409, 571, 233, 283, 409, 571, 224, 256, 384, 521 - Strength: s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256, s = 112, s = 128, s = 192, s = 256 | B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 - PSP | Key agreement", "KAS\\_Public\\_FFC | Peer key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, 112 ≤ s ≤ 128, 112 ≤ s ≤ 152, 112 ≤ s ≤ 176, 112 ≤ s ≤ 200 | ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 - PSP | Key agreement", "KAS\\_Public\\_IFC | Peer key pair component used for shared secret generation. | Size: 2048, 3072, 4096, 6144, 8192 - Strength: s = 112, s = 128, s = 152, s = 176, s = 200 | k=2048, k=3072, k=4096, k=6144, k=8192 - PSP | Key agreement", "KAS\\_SS\\_ECC | Shared secret calculation z output value (for KDF). | Size: 112 - 256 - Strength: 112 - 256 | Other - CSP | Key agreement | Key agreement", "KAS\\_SS\\_FFC | Shared secret calculation z output value (for KDF). | Size: 112 - 256 - Strength: 112 - 200 | Other - CSP | Key agreement | Key agreement", "KAS\\_SS\\_IFC | Shared secret calculation z output value (for KDF). | Size: 112 - 256 - Strength: 112 - 200 | Other - CSP | Key agreement | Key agreement", "KD\\_DKM\\_PBKDF | PBKDF derived key material | Size: 128 - Strength: 128 | Other - CSP | Key derivation | Key derivation", "KD\\_PW\\_PBKDF | PBKDF password input. | Size:128-Strength:128 | Other-CSP | Key derivation | Key derivation", "KH\\_Key\\_AES-CMAC | Keyed Hash key. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | MAC AES(CMAC,GMAC)", "KH\\_Key\\_AES-GMAC | Keyed Hash key. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | MAC AES(CMAC,GMAC)", "KH\\_Key\\_HMAC | Keyed Hash key. | Size:112-2048-Strength:112-256 | Other-CSP | MAC HMAC", "KTS\\_KDK\\_IFC | RSA key deencapsulation Key(key transport). | Size:2048,3072,4096,6144-Strength:s=112,s=128,s=152,s=176 | Other-CSP | Key transport", "KTS\\_KEK\\_IFC | RSA key encapsulation Key(key transport). | Size:2048,3072,4096,6144-Strength:s=112,s=128,s=152,s=176 | Other-PSP | Key transport", "KTS\\_SS\\_IFC | RSA key transport shared secret. | Size:112-256-Strength:s=112-s=176 | Other-CSP | Key transport | Key transport", "SC\\_EDK\\_AES | Symmetric encryption and decryption. | Size:128,192,256-Strength:s=128,s=192,s=256 | AES-128,AES-192,AES-256-CSP | Cipher(Unauth)Cipher(Auth)", "DRBG\\_Seed | RAM:Plaintext | Call lifetime | C | DRBG\\_C:Derives DRBG\\_Key:Derives DRBG\\_V:Derives DRBG\\_EI:Incorporates", "DRBG\\_V | IO | RAM:Plaintext | Call lifetime(module up time for internal DRBG) | CT | DRBG\\_Seed:Derived From DRBG\\_Key:Used with", "KAS\\_Private\\_ECC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_ECC:Paired With", "KAS\\_Private\\_FFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_FFC:Paired With", "KAS\\_Private\\_IFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_IFC:Paired With", "KAS\\_Public\\_ECC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_ECC:Paired With", "KAS\\_Public\\_FFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_FFC:Paired With", "KAS\\_Public\\_IFC | I | RAM:Plaintext | Call lifetime | C | KAS\\_Public\\_IFC:Paired With", "KAS\\_SS\\_ECC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Private\\_ECC:Calculated From KAS\\_Public\\_ECC:Calculated From", "KAS\\_SS\\_FFC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Private\\_FFC:Calculated From KAS\\_Public\\_FFC:Calculated From", "KAS\\_SS\\_IFC | O | RAM:Plaintext | Call lifetime | C | KAS\\_Private\\_IFC:Calculated From KAS\\_Public\\_IFC:Calculated From", "KTS\\_KDK\\_IFC | I | RAM:Plaintext | Call lifetime | C | KTS\\_SS\\_IFC:Unwraps", "KTS\\_KEK\\_IFC | I | RAM:Plaintext | Call lifetime | C | KTS\\_SS\\_IFC:Wraps", "KTS\\_SS\\_IFC | O | RAM:Plaintext | Call lifetime | C | KTS\\_KDK\\_IFC:Unwrapped By KTS\\_KEK\\_IFC:Wrapped By", "SW Integrity | HMAC-SHA2-256 #A6771 | HMAC over the complete module file image | SW/FW Integrity | FIPS\\_OK or PROV\\_R\\_FIPS\\_MODULE\\_IN\\_ERROR\\_STATE", "AES-ECB | 128-bit | KAT | CAST | FIPS\\_OK | Encrypt | Performed on module load.", "AES-ECB | 128-bit | KAT | CAST | FIPS\\_OK | Decrypt | Performed on module load.", "AES-GCM | 256-bit | KAT | CAST | FIPS\\_OK | Encrypt | Performed on module load.", "AES-GCM | 256-bit | KAT | CAST | FIPS\\_OK | Decrypt | Performed on module load.", "Counter DRBG | AES-128 with derivation function | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "DSA SigGen(FIPS186-4) | 2048-bit with SHA2-384 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "DSA SigVer(FIPS186-4) | 2048-bit with SHA2-384 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "ECDSA SigGen(FIPS186-4) | P-224 with SHA2-512 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "ECDSA SigVer(FIPS186-4) | P-224 with SHA2-512 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "EDDSA ED448 SigGen | Edwards448 SigGen with SHA2-256 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "EDDSA ED448 SigVer | Edwards448 SigVer with SHA2-256 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "EDDSA ED25519 SigGen | Edwards25519 SigGen with SHA2-512 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "EDDSA ED25519 SigVer | Edwards25519 SigVer with SHA2-512 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "Hash DRBG | SHA2-256 | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "HMAC DRBG | SHA-1 | KAT | CAST | FIPS\\_OK | Instantiate, Generate, Reseed | Performed on module load.", "HMAC-SHA2-256 | SHA2-256 with a 256-bit key | KAT | CAST | FIPS\\_OK | Generate | Performed on module load.", "KAS-ECC-SSCSp800-56Ar3 | P-256 | KAT | CAST | FIPS\\_OK | Ephemeral Unified Shared Secret(Z) Computation | Performed on module load.", "KAS-FFC-SSCSp800-56Ar3 | L=2048/N=256 | KAT | CAST | FIPS\\_OK | dhEphem Shared Secret(Z) Computation | Performed on module load.", "KAS-IFC-SSC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Section 8.2.2RSA Primitive Computation | Performed on module load.", "KAS-KDFOneStep SP800-56Cr2 | SHA2-224 | KAT | CAST | FIPS\\_OK | SP 800-56C Rev.2 Section 4OneStep KDF(AKA OpenSSL single-step or SS-KDF) | Performed on module load.", "KAS-KDFTwoStep SP800-56Cr2 | SHA2-256 | KAT | CAST | FIPS\\_OK | SP 800-56C Rev.2 Section 5TwoStep KDF(HKDF variant) | Performed on module load.", "KDF ANS 9.42 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.1ANSI X9.42-2001 KDF KAT | Performed on module load.", "KDF ANS 9.63 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.1X9.63-2001 KDF KAT | Performed on module load.", "KDF SP800-108 | HMAC-SHA2-256 | KAT | CAST | FIPS\\_OK | SP 800-108 Rev.1 Section 4.1KAT for a Counter Mode KDF | Performed on module load.", "KDF SSH | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section 5.2SSHv2 KDF KAT | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Decrypt for CRT | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Encrypt for Basic | Performed on module load.", "KTS-IFC | k=2048 | KAT | CAST | FIPS\\_OK | SP 800-56B Rev.2 Decrypt for Basic | Performed on module load.", "PBKDF | SHA2-256,24-byte password,36-byte salt,iteration count of4096 | KAT | CAST | FIPS\\_OK | SP 800-132 Section 5.3KAT ofMaster Key derivation | Performed on module load.", "RSA SigGen(FIPS186-4) | k=2048 with SHA2-256 | KAT | CAST | FIPS\\_OK | Sign | Performed on module load.", "RSA SigVer(FIPS186-4) | k=2048 with SHA2-256 | KAT | CAST | FIPS\\_OK | Verify | Performed on module load.", "SHA-1 | SHA-1 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "SHA2-512 | SHA2-512 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "SHA3-256 | SHA3-256 | KAT | CAST | FIPS\\_OK | Simple SHA KAT | Performed on module load.", "TLS v1.2 KDF RFC7627 | Fixed input KAT | KAT | CAST | FIPS\\_OK | SP 800-135 Rev.1 Section4.2.2 TLS1.2 KAT | Performed on module load.", "TLS v1.3 KDF | Fixed input KAT | KAT | CAST | FIPS\\_OK | RFC8446 Section7.1 TLSv1.3 KDF KAT | Performed on module load.", "DSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign, Verify | Performed on FFC(DSA,KAS-FFC-SSC)key pair generation,prior to returning the key pair on conclusion of the call.", "ECDSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on ECC(ECDSA)key pair generation,prior to returning the key pair on conclusion of the call.", "EDDSA KeyGen | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on Edwards(EdDSA)key pair generation,prior to returning the key pair on conclusion of the call.", "RSA KeyGen(FIPS186-4) | PCT performed using the generated key pair | PCT | PCT | FIPS\\_OK | Sign,Verify | Performed on IFC(RSA,KAS-IFC-SSC,KTS-IFC)key pair generation,prior to returning the key pair on conclusion of the call.", "AES-ECB | KAT | CAST | On demand | On power on or reset", "AES-GCM | KAT | CAST | On demand | On power on or reset", "Counter DRBG | KAT | CAST | On demand | On power on or reset", "DSA SigGen(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "DSA SigVer(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "ECDSA SigGen(FIPS186-4) | KAT | CAST | On demand | On power on or reset", "ECDSA SigVer (FIPS186-4) | KAT | CAST | On demand | On power on or reset", "EDDSA ED448 SigGen | KAT | CAST | On demand | On power on or reset", "EDDSA ED448 SigVer | KAT | CAST | On demand | On power on or reset", "EDDSA ED25519 SigGen | KAT | CAST | On demand | On power on or reset", "EDDSA ED25519 SigVer | KAT | CAST | On demand | On power on or reset", "Hash DRBG | KAT | CAST | On demand | On power on or reset", "HMAC DRBG | KAT | CAST | On demand | On power on or reset", "HMAC-SHA2-256 | KAT | CAST | On demand | On power on or reset", "KAS-ECC-SSC Sp800-56Ar3 | KAT | CAST | On demand | On power on or reset", "KAS-FFC-SSC Sp800-56Ar3 | KAT | CAST | On demand | On power on or reset", "KAS-IFC-SSC | KAT | CAST | On demand | On power on or reset", "KAS-KDF OneStep SP800-56Cr2 | KAT | CAST | On demand | On power on or reset", "KAS-KDF TwoStep SP800-56Cr2 | KAT | CAST | On demand | On power on or reset", "KDF ANS 9.42 | KAT | CAST | On demand | On power on or reset", "KDF ANS 9.63 | KAT | CAST | On demand | On power on or reset", "KDF SP800-108 | KAT | CAST | On demand | On power on or reset", "KDF SSH | KAT | CAST | On demand | On power on or reset", "KTS-IFC | KAT | CAST | On demand | On power on or reset", "PBKDF | KAT | CAST | On demand | On power on or reset", "RSA SigGen (FIPS186-4) | KAT | CAST | On demand | On power on or reset", "RSA SigVer (FIPS186-4) | KAT | CAST | On demand | On power on or reset", "SHA-1 | KAT | CAST | On demand | On power on or reset", "SHA2-512 | KAT | CAST | On demand | On power on or reset", "SHA3-256 | KAT | CAST | On demand | On power on or reset", "TLS v1.2 KDF RFC7627 | KAT | CAST | On demand | On power on or reset", "TLS v1.3 KDF | KAT | CAST | On demand | On power on or reset", "DSA KeyGen (FIPS186-4) | PCT | PCT | On demand | On power on or reset", "ECDSA KeyGen (FIPS186-4) | PCT | PCT | On demand | On power on or reset", "EDDSA KeyGen | PCT | PCT | On demand | On power on or reset", "RSA KeyGen (FIPS186-4) | PCT | PCT | On demand | On power on or reset" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4887", "Certificate Number": "4887", "Vendor Name": "Extreme Networks", "Module Name": "Extreme Networks Cryptographic Provider 3", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4887.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4887", "module_name": "Extreme Networks Cryptographic Provider 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Extreme Networks Cryptographic Provider is a software library providing a C-language application program interface (API) for use by Extreme Networks products that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CBC-CS1 A5892 Direction - decrypt, encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CBC-CS2 A5892 Direction - decrypt, encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CBC-CS3 A5892 Direction - decrypt, encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CCM A5892 Key Length - 128, 192, 256 SP 800-38C", "AES-CFB1 A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CFB128 A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CFB8 A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-CTR A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-ECB A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-GCM A5892 Direction - Decrypt, Encrypt IV Generation - External Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 SP 800-38D", "AES-KW A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F", "AES-KWP A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38F", "AES-OFB A5892 Direction - Decrypt, Encrypt Key Length - 128, 192, 256 SP 800-38A", "AES-XTS Testing Revision 2.0 A5892 Direction - Decrypt, Encrypt Key Length - 128, 256 SP 800-38E | * * *", "KAS-ECC CDH-Component SP800-56Ar3 (CVL) \\| A5892 \\| Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 \\| SP 800-56A Rev. 3", "KAS-ECC-SSC Sp800-56Ar3 \\| A5892 \\| Domain Parameter Generation Methods - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 | Scheme - ephemeralUnified - | KAS Role - initiator, responder", "KAS-FFC-SSC Sp800-56Ar3 \\| A5892 \\| Domain Parameter Generation Methods - FB, FC, ffde2048, ffde3072, ffdhe4096, ffdhe8192, modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 | Scheme - dhEphem - KAS Role - initiator, responder", "KAS-IFC-SSC \\| A5892 \\| Modulo - 2048, 3072, 4096, 6144, 8192 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor | Scheme - KAS1 - KAS Role - initiator, responder | Scheme - KAS2 - KAS Role - initiator, responder", "KDA HKDF SP800-56Cr2 \\| A5892 \\| Derived Key Length - 2048 | Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 | HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512", "KDA OneStep SP800-56Cr2 \\| A5892 \\| Derived Key Length - 2048 | Shared Secret Length: 224-8192 Increment 8", "KDA TwoStep SP800-56Cr2 \\| A5892 \\| MAC Salting Methods - default, random", "KDF Mode - feedback | Derived Key Length - 2048 | Shared Secret Length: 224-8192 Increment 8", "KDF ANS 9.42 (CVL) \\| A5892 \\| KDF Type - DER", "Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | Key Data Length - Key Data Length: 8-4096 Increment 8", "KDF ANS 9.63 (CVL) \\| A5892 \\| Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Key Data Length - Key Data Length: 128, 4096 | * * *", "KDF SP800-108 A5892 KDF Mode - Counter, Feedback Supported Lengths - Supported Lengths: 8, 72, 128, 776, 3456, 4096 SP 800-108 Rev. 1", "KDF SSH (CVL) A5892 Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. 1", "PBKDF A5892 Iteration Count - Iteration Count: 1-10000 Increment 1 Password Length - Password Length: 8-128 Increment 8 SP 800-132", "TLS v1.2 KDF RFC7627 (CVL) A5892 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 SP 800-135 Rev. 1", "TLS v1.3 KDF (CVL) A5892 HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHE SP 800-135 Rev. 1", "DSA KeyGen (FIPS186-4) A5892 L - 2048, 3072 N - 224, 256 FIPS 186-4", "DSA PQGGen (FIPS186-4) A5892 L - 2048, 3072 N - 224, 256 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 FIPS 186-4", "DSA PQGVer (FIPS186-4) A5892 L - 1024, 2048, 3072 N - 160, 224, 256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 FIPS 186-4", "ECDSA KeyGen (FIPS186-4) A5892 Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521 Secret Generation Mode - Testing Candidates FIPS 186-4", "ECDSA KeyVer (FIPS186-4) A5892 Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, P-521 FIPS 186-4", "EDDSA KeyGen A5892 Curve - ED-25519, ED-448 FIPS 186-5", "EDDSA KeyVer A5892 Curve - ED-25519, ED-448 FIPS 186-5 | Safe Primes Key Generation A5892 Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 SP 800-56A Rev. 3 | Safe Primes Key Verification A5892 Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp-2048, modp-3072, modp-4096, modp-6144, modp-8192 SP 800-56A Rev. 3", "RSA KeyGen (FIPS186-4) A5892 Key Generation Mode - B-3.3 Modulo - 2048, 3072, 4096 Primality Tests - Table C.2 Private Key Format - Standard FIPS 186-4 | * * * | Extreme Networks Cryptographic Provider 3", "KTS-IFC | A5892 | Modulo - 2048, 3072, 4096, 6144 | Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, | rsakpg2-prime-factor | Scheme - KTS-OAEP-basic - | KAS Role - initiator, responder | Key Transport Method - | Key Length - 1024", "AES-CMAC | A5892 | Direction - Generation, Verification | Key Length - 128, 192, 256 | SP 800-38B", "AES-GMAC | A5892 | Direction - Decrypt, Encrypt | IV Generation - External, Internal | IV Generation Mode - 8.2.1 | Key Length - 128, 192, 256 | SP 800-38D", "HMAC-SHA-1 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A5892 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1 | KMAC-128 | A5892 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | KMAC-256 | A5892 | Message Length - Message Length: 0-65536 Increment 8 | Key Data Length - Key Data Length: 128-1024 Increment 8 | SP 800-185 | * * *", "SHA-1 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-224 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-256 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-384 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-512 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-512/224 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA2-512/256 A5892 Message Length - Message Length: 0-65528 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 180-4", "SHA3-224 A5892 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202", "SHA3-256 A5892 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202", "SHA3-384 A5892 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202", "SHA3-512 A5892 Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 FIPS 202", "SHAKE-128 A5892 Output Length - Output Length: 16-65536 Increment 8 FIPS 202", "SHAKE-256 A5892 Output Length - Output Length: 16-65536 Increment 8 FIPS 202", "Counter DRBG A5892 Prediction Resistance - Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - No, Yes SP 800-90A Rev. 1", "Hash DRBG A5892 Prediction Resistance - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 SP 800-90A Rev. 1", "HMAC DRBG A5892 Prediction Resistance - Yes Mode - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 SP 800-90A Rev. 1 | * * *", "EDDSA SigGen (FIPS186-4) A5892 Component - No, Yes FIPS 186-4 | Curve - B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, P-224, P-256, P-384, P-521", "Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "ECDSA SigVer (FIPS186-4) A5892 Component - No FIPS 186-4 | Curve - B-163, B-233, B-283, B-409, B-571, K-163, K-233, K-283, K-409, K-571, P-192, P-224, P-256, P-384, | P-521", "Hash Algorithm - SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256", "DSA SigGen (FIPS186-4) A5892 L - 2048, 3072 FIPS 186-4 | N - 224, 256", "DSA SigVer (FIPS186-4) A5892 L - 1024, 2048, 3072 FIPS 186-4 | N - 160, 224, 256", "EDDSA SigGen A5892 Curve - ED-25519, ED-448 FIPS 186-5", "EDDSA SigVer A5892 Curve - ED-25519, ED-448 FIPS 186-5", "RSA SigGen (FIPS186-4) A5892 Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 2048, 3072, 4096 FIPS 186-4", "RSA SigGen (FIPS186-5) A5892 Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss FIPS 186-5", "RSA Signature Primitive (CVL) A5892 Private Key Format - crt FIPS 186-4", "RSA SigVer (FIPS186-4) A5892 Signature Type - ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo - 1024, 2048, 3072, 4096 FIPS 186-4", "RSA SigVer (FIPS186-5) A5892 Modulo - 2048, 3072, 4096 | Signature Type - pkcs1v1.5, pss FIPS 186-5 | Name Properties Implementation Reference | CKG Section 4 Extreme Networks Cryptographic Provider 3 NIST, SP 800-133 Rev. 2 | CKG Section 5 Extreme Networks Cryptographic Provider 3 NIST, SP 800-133 Rev. 2 | CKG Section 6.2 Extreme Networks Cryptographic Provider 3 NIST, SP 800-133 Rev. 2", "Hash DRBG with SHA3-256, SHA3-512 Extreme Networks Cryptographic Provider 3 NIST, SP 800-90A Rev. 1", "HMAC DRBG with SHA3-256, SHA3-512 Extreme Networks Cryptographic Provider 3 NIST, SP 800-90A Rev. 1 | * * * | Extreme Networks Cryptographic Provider 3 | Non-Approved, Allowed Algorithms: | N/A for this module. | Non-Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non-Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4886", "Certificate Number": "4886", "Vendor Name": "Gallagher Group Ltd", "Module Name": "Gallagher FIPS Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4886.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4886", "module_name": "Gallagher FIPS Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Gallagher creates and delivers integrated security solutions to meet varying needs, from basic access control right through to high security alarm systems. The Gallagher FIPS Provider for OpenSSL 3 provides cryptographic services for a range of Gallagher products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES‐CBC | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS1 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS2 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CBC‐CS3 | A4481 | Direction ‐ decrypt, encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CCM | A4481 | Key Length ‐ 128, 192, 256 | SP 800‐38C", "AES‐CFB1 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB128 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CFB8 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐CTR | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐ECB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐GCM | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "AES‐KW | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "AES‐KWP | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38F", "AES‐OFB | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 192, 256 | SP 800‐38A", "AES‐XTS Testing Revision 2.0 | A4481 | Direction ‐ Decrypt, Encrypt | Key Length ‐ 128, 256 | SP 800‐38E", "KAS‐ECC CDH‐Component", "SP800‐56Ar3 (CVL) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | SP 800‐56A | Rev. 3", "KAS‐ECC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, | P‐256, P‐384, P‐521 | Scheme ‐ | ephemeralUnified ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐FFC‐SSC Sp800‐56Ar3 | A4481 | Domain Parameter Generation Methods ‐ FB, FC, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, | modp‐2048, modp‐3072, modp‐4096, modp‐6144, modp‐8192 | Scheme ‐ | dhEphem ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KAS‐IFC‐SSC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144, 8192 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐ | KAS1 ‐ | KAS Role ‐ initiator, responder | KAS2 ‐ | KAS Role ‐ initiator, responder | SP 800‐56A | Rev. 3", "KDA HKDF SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | HMAC Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256,", "SHA3‐224, SHA3‐256, SHA3‐384, SHA3‐512 | SP 800‐56C | Rev. 2 | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "KDA OneStep SP800‐56Cr2 | A4481 | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDA TwoStep SP800‐56Cr2 | A4481 | MAC Salting Methods ‐ default, random", "KDF Mode ‐ feedback | Derived Key Length ‐ 2048 | Shared Secret Length ‐ Shared Secret Length: 224‐8192 Increment 8 | SP 800‐56C | Rev. 2", "KDF ANS 9.42 (CVL) | A4481", "KDF Type ‐ DER", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256, SHA3‐", "224, SHA3‐256, SHA3‐384, SHA3‐512 | Key Data Length ‐ Key Data Length: 8‐4096 Increment 8 | SP 800‐135 | Rev. 1", "KDF ANS 9.63 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | Key Data Length ‐ Key Data Length: 128, 4096 | SP 800‐135 | Rev. 1", "KDF SP800‐108 | A4481", "KDF Mode ‐ Counter, Feedback | Supported Lengths ‐ Supported Lengths: 8, 72, 128, 776, 3456, 4096 | SP 800‐108 | Rev. 1", "KDF SSH (CVL) | A4481", "Cipher ‐ AES‐128, AES‐192, AES‐256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "PBKDF | A4481 | Iteration Count ‐ Iteration Count: 1‐10000 Increment 1 | Password Length ‐ Password Length: 8‐128 Increment 8 | SP 800‐132", "TLS v1.2 KDF RFC7627 (CVL) | A4481", "Hash Algorithm ‐ SHA2‐256, SHA2‐384, SHA2‐512 | SP 800‐135 | Rev. 1", "TLS v1.3 KDF (CVL) | A4481 | HMAC Algorithm ‐ SHA2‐256, SHA2‐384", "KDF Running Modes ‐ DHE, PSK, PSK‐DHE | SP 800‐135 | Rev. 1", "DSA KeyGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256 | FIPS 186‐4", "DSA PQGGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "Hash Algorithm ‐ SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "DSA PQGVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "Hash Algorithm ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | FIPS 186‐4", "ECDSA KeyGen (FIPS186‐4) | A4481 | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521 | Secret Generation Mode ‐ Testing Candidates | FIPS 186‐4", "ECDSA KeyVer (FIPS186‐4) | A4481 | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521 | FIPS 186‐4 | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "EDDSA KeyGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA KeyVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5 | Safe Primes Key Generation | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3 | Safe Primes Key Verification | A4481 | Safe Prime Groups ‐ ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, modp‐2048, modp‐3072, | modp‐4096, modp‐6144, modp‐8192 | SP 800‐56A | Rev. 3", "RSA KeyGen (FIPS186‐4) | A4481 | Key Generation Mode ‐ B.3.3 | Modulo ‐ 2048, 3072, 4096 | Primality Tests ‐ Table C.2 | Private Key Format ‐ Standard | FIPS 186‐4", "KTS‐IFC | A4481 | Modulo ‐ 2048, 3072, 4096, 6144 | Key Generation Methods ‐ rsakpg1‐basic, rsakpg1‐crt, rsakpg1‐prime‐factor, rsakpg2‐basic, rsakpg2‐crt, | rsakpg2‐prime‐factor | Scheme ‐", "KTS‐OAEP‐basic ‐ | KAS Role ‐ initiator, responder | Key Transport Method ‐ | Key Length ‐ 1024 | SP 800‐56B | Rev. 2", "AES‐CMAC | A4481 | Direction ‐ Generation, Verification | Key Length ‐ 128, 192, 256 | SP 800‐38B", "AES‐GMAC | A4481 | Direction ‐ Decrypt, Encrypt | IV Generation ‐ External, Internal | IV Generation Mode ‐ 8.2.1 | Key Length ‐ 128, 192, 256 | SP 800‐38D", "HMAC‐SHA‐1 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC‐SHA2‐512/224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA2‐512/256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐224 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐256 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐384 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1", "HMAC‐SHA3‐512 | A4481 | Key Length ‐ Key Length: 112‐2048 Increment 8 | FIPS 198‐1 | KMAC‐128 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185 | KMAC‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | Key Data Length ‐ Key Data Length: 128‐1024 Increment 8 | SP 800‐185", "SHA‐1 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐384 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512/224 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA2‐512/256 | A4481 | Message Length ‐ Message Length: 0‐65528 Increment 8 | FIPS 180‐4", "SHA3‐224 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐256 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐384 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHA3‐512 | A4481 | Message Length ‐ Message Length: 0‐65536 Increment 8 | FIPS 202", "SHAKE‐128 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "SHAKE‐256 | A4481 | Output Length ‐ Output Length: 16‐65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ AES‐128, AES‐192, AES‐256 | Derivation Function Enabled ‐ No, Yes | SP 800‐90A | Rev. 1", "Hash DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1 | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification.", "HMAC DRBG | A4481 | Prediction Resistance ‐ Yes", "Mode ‐ SHA‐1, SHA2‐224, SHA2‐256, SHA2‐384, SHA2‐512, SHA2‐512/224, SHA2‐512/256 | SP 800‐90A | Rev. 1", "ECDSA SigGen (FIPS186‐4) | A4481 | Component ‐ No, Yes | Curve ‐ B‐233, B‐283, B‐409, B‐571, K‐233, K‐283, K‐409, K‐571, P‐224, P‐256, P‐384, P‐521", "ECDSA SigVer (FIPS186‐4) | A4481 | Component ‐ No | Curve ‐ B‐163, B‐233, B‐283, B‐409, B‐571, K‐163, K‐233, K‐283, K‐409, K‐571, P‐192, P‐224, P‐256, P‐384, | P‐521", "DSA SigGen (FIPS186‐4) | A4481 | L ‐ 2048, 3072 | N ‐ 224, 256", "DSA SigVer (FIPS186‐4) | A4481 | L ‐ 1024, 2048, 3072 | N ‐ 160, 224, 256", "EDDSA SigGen | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "EDDSA SigVer | A4481 | Curve ‐ ED‐25519, ED‐448 | FIPS 186‐5", "RSA SigGen (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 2048, 3072, 4096 | FIPS 186‐4", "RSA SigGen (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5", "RSA Signature Primitive (CVL) | A4481 | Private Key Format ‐ crt | FIPS 186‐4", "RSA SigVer (FIPS186‐4) | A4481 | Signature Type ‐ ANSI X9.31, PKCS 1.5, PKCSPSS | Modulo ‐ 1024, 2048, 3072, 4096 | FIPS 186‐4", "RSA SigVer (FIPS186‐5) | A4481 | Modulo ‐ 2048, 3072, 4096 | Signature Type ‐ pkcs1v1.5, pss | FIPS 186‐5 | FIPS 140‐3 Security Policy | Gallagher FIPS Provider for OpenSSL 3 | This non‐proprietary Security Policy document may be freely reproduced and distributed in its entirety without modification. | Vendor‐Affirmed Algorithms: | Name | Implementation | CKG Section 4 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 5 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2 | CKG Section 6.2 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐133 Rev. 2", "Hash DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1", "HMAC DRBG with SHA3‐256, SHA3‐512 | KeyPair FIPS Provider for OpenSSL 3 | NIST, SP 800‐90A Rev. 1 | Non‐Approved, Allowed Algorithms: | N/A for this module. | Non‐Approved, Allowed Algorithms with No Security Claimed: | N/A for this Module. | Non‐Approved, Not Allowed Algorithms: | N/A for this Module." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4885", "Certificate Number": "4885", "Vendor Name": "ZPE Systems", "Module Name": "ZPE Systems FIPS Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4885.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4885", "module_name": "ZPE Systems FIPS Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The ZPE Systems FIPS Provider for OpenSSL 3 is included in the Nodegrid Operating System used in several ZPE Systems' products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "fips.so | 3.0.10 with KP\\_1.2 | N/A | HMAC-SHA2-256 #A4481 over the complete module file image", "AES-CBC | A4481 | Direction- Decrypt, EncryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4481 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4481 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4481 | Direction-decrypt, encryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4481 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-KW | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A4481 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction-Decrypt,EncryptKey Length-128,256 | SP 800-38E", "KAS-ECC CDH-ComponentSP800-56Ar3(CVL) | A4481 | Curve-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521 | SP 800-56ARev.3", "KAS-ECC-SSCSp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B233,B283,B409,B571,K233,K283,K409,K571,P224,P256,P384,P521Scheme ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192modp-2048,modp-3072,modp-4096,modp-6144,modp-8192SchemedhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-IFC-SSC | A4481 | Modulo-2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorSchemeKAS1-KAS Role-initiator,responderKAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4481 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096 Increment 8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4481 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF SP800-108 | A4481 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS186-4", "AES-CMAC | A4481 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP800-38D", "HMAC-SHA-1 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length - Key Length: 112-2048 Increment 8 | FIPS 198-1", "SHA-1 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4 | FIPS 202", "SHAKE-128 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "Counter DRBG | A4481 | Prediction Resistance-YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "Hash DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "HMAC DRBG | A4481 | Prediction Resistance-YesMode-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | SP 800-90ARev.1", "ECDSA SigGen(FIPS186-4) | A4481 | Component - No, YesCurve-B233,B283,B409,B571,k233,k283,k409,k571,P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4481 | Component - NoCurve-B163,B233,B283,B409,B571,k163,k233,k283,k409,k571,P192,P224,P256,P384,P521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS186-4", "RSA SigGen(FIPS186-5) | A4481 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format-crt | FIPS186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-5) | A4481 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,pss | FIPS186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBCAES-CBC-CS1AES-CBC-CS2AES-CBC-CS3AES-CFB1AES-CFB128AES-CFB8AES-CTRAES-ECBAES-OFBAES-XTS Testing Revision 2.0", "Cipher(Auth) | BC-Auth | Authentication ciphers | AES-CCMAES-GCMAES-KWAES-KWP", "Key agreement | KAS-SSC | Key agreement | KAS:KAS-ECC-SSC provides between 112 and 256 bits of encryption strength; KAS-FFC-SSC provides between 112 and 200 bits of encryption strength; KAS-IFC-SSC provides between 112 and 200 bits of encryption strength | KAS-ECC CDH-ComponentSP800-56Ar3KAS-ECC-SSC Sp800-56Ar3KAS-FFC-SSC Sp800-56Ar3KAS-IFC-SSC", "Key derivation | KAS-135KDFKAS-56CKDFKBKDFPBKDF | KAS-KDF HKDF SP800-56Cr2KAS-DDF OneStep SP800-56Cr2KAS-KDF TwoStep SP800-56Cr2KDF ANS 9.42KDF ANS 9.63KDF SP800-108KDF SSHPBKDF", "TLS v1.3 KDF", "AsymKeyPair-KeyVer | ECDSA KeyGen(FIPS186-4)", "ECDSA KeyVer(FIPS186-4)", "AsymKeyPair-KeyVer | EDDSA KeyGen", "EDDSA KeyVer", "Key management FFC | AsymKeyPair-KeyGen | DSA KeyGen(FIPS186-4)", "DSA PQGGen(FIPS186-4)", "DSA PQGVer(FIPS186-4)", "Key management IFC | AsymKeyPair-KeyGen | RSA KeyGen(FIPS186-4)", "Key transport | KTS-Encap | KTS:2048, 3072, 4096 or 6144-bit keys provide between 112 and 176 bits of encryption strength | KTS-IFC", "KTS(Cipher w/CMAC,GMAC,HMAC,KMAC) | BC-Auth", "MAC | SP 800-38F Section 3.1 Provisions | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-CBC", "AES-CBC-CS1", "AES-CBC-CS2", "AES-CBC-CS3", "AES-CFB1", "AES-CFB128", "AES-CFB8", "AES-CTR", "AES-ECB", "AES-OFB", "AES-CCM", "AES-GCM", "AES-GMAC", "AES-CMAC", "HMAC-SHA-1", "HMAC-SHA2-224", "HMAC-SHA2-256", "HMAC-SHA2-384", "HMAC-SHA2-512", "HMAC-SHA2-512/224", "HMAC-SHA2-512/256", "HMAC-SHA3-224", "HMAC-SHA3-256", "HMAC-SHA3-512", "KTS(AES KW,KWP) | BC-Auth | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-KW", "AES-KWP", "MAC AES(CMAC,GMAC) | MAC | AES-GMAC", "MAC HMAC | MAC | HMAC-SHA-1", "HMAC-SHA3-384", "Message Digest | SHA | SHA-1", "SHA2-224", "SHA2-256", "SHA2-384", "SHA2-512", "SHA2-512/224", "SHA2-512/256", "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "Message Digest(XOF SHAKE) | XOF | SHAKE-128", "SHAKE-256", "Random | DRBG | Counter DRBG", "Hash DRBG", "HMAC DRBG", "Signature DSA | DigSig-SigGen", "DigSig-SigVer | DSA SigGen(FIPS186-4)", "DSA SigVer(FIPS186-4)", "Signature ECDSA | DigSig-SigGen", "DigSig-SigVer | ECDSA SigGen(FIPS186-4)", "ECDSA SigVer(FIPS186-4)", "Signature EDDSA | DigSig-SigGen", "DigSig-SigVer | EDDSA SigGen", "EDDSA SigVer", "Signature RSA | DigSig-SigGen", "DigSig-SigVer | RSA SigGen(FIPS186-4)", "RSA SigGen(FIPS186-5)", "RSA Signature Primitive", "RSA SigVer(FIPS186-4)", "RSA SigVer(FIPS186-5)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4884", "Certificate Number": "4884", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS Key Management Service HSM", "Module Type": "Hardware", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4884.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4884", "module_name": "AWS Key Management Service HSM", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/17/2026", "overall_level": 3, "caveat": "Interim validation. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4883", "Certificate Number": "4883", "Vendor Name": "F5, Inc.", "Module Name": "F5OS-A Cryptographic Module", "Module Type": "Firmware", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4883.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4883", "module_name": "F5OS-A Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/17/2026", "overall_level": 2, "caveat": "Interim Validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals with F5-ADD-BIG-FIPS140 kit installed as indicated in the Security Policy.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "F5OS-A Cryptographic Module Platform layer services for F5 appliance platforms", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4882", "Certificate Number": "4882", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks QFX10002, QFX10008 and QFX10016", "Module Type": "Hardware", "Validation Date": "11/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4882.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4882", "module_name": "Juniper Networks QFX10002, QFX10008 and QFX10016", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/17/2026", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks QFX10002, QFX10008, QFX10016 are QFX Series switches. The cryptographic module provides for an encrypted connection, using SSH, between the management station and the QFX switch.", "detail_available": true, "algorithms": [ "DRBG", "HMAC", "SHA" ], "algorithms_detailed": [ "HMAC DRBG | A3337 | Prediction Resistance - Yes", "Mode - SHA2-256 | SP 800-90A", "HMAC-SHA2-", "SHA2-256 | A3337 | Message Length - Message Length: 0-65536 Increment 8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4881", "Certificate Number": "4881", "Vendor Name": "Broadcom Inc.", "Module Name": "VMware’s VPN Crypto Module", "Module Type": "Firmware", "Validation Date": "11/15/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4881.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4881", "module_name": "VMware’s VPN Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/14/2026", "overall_level": 1, "caveat": "Interim validation", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "VMware's VPN Crypto Module is a firmware cryptographic module whose purpose is to provide FIPS 140-3 validated cryptographic functions to various applications utilizing VPN capabilities.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4880", "Certificate Number": "4880", "Vendor Name": "Advanced Micro Devices (AMD), Microsoft Corporation", "Module Name": "Pluton Security Processor ROM", "Module Type": "Hardware", "Validation Date": "11/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4880.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4880", "module_name": "Pluton Security Processor ROM", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/13/2026", "overall_level": 2, "caveat": "Interim validation", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Pluton Security Processor ROM module is a sub-chip cryptographic subsystem within the AMD Ryzen 6000 Series System on a Chip (SOC).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4879", "Certificate Number": "4879", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series", "Module Type": "Hardware", "Validation Date": "11/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4879.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4879", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/13/2026", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Samsung NVMe TCG Opal SSC SEDs PM1743/PM1745 Series SSD (Solid State Drive), satisfies all applicable FIPS 140-3 security level 2 requirements, supporting TCG Opal SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES hardware engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4878", "Certificate Number": "4878", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Express 4 MACsec Cryptographic Module", "Module Type": "Software-hybrid", "Validation Date": "11/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4878.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4878", "module_name": "Juniper Express 4 MACsec Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/12/2029", "overall_level": 1, "caveat": "Interim validation. When operated with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 operating in approved mode, and module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Express 4 MACsec Cryptographic Module is composed by the MACsec blocks that are part of the Juniper Networks® Express 4 processor in hardware, which provides the AES GCM and XPN algorithm implementations for encrypting and decrypting MACsec traffic, and a device driver in software, which provides the functionality to comply with FIPS 140-3 requirements (i.e. integrity test, self-tests), as well as the API to configure the hardware component.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4877", "Certificate Number": "4877", "Vendor Name": "HPE Aruba Networking", "Module Name": "HPE OpenSSL Cryptographic Module on Red Hat Enterprise Linux", "Module Type": "Software", "Validation Date": "11/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4877.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4877", "module_name": "HPE OpenSSL Cryptographic Module on Red Hat Enterprise Linux", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4876", "Certificate Number": "4876", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "Hewlett Packard Enterprise OpenSSL 3 Provider", "Module Type": "Software", "Validation Date": "11/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4876.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4876", "module_name": "Hewlett Packard Enterprise OpenSSL 3 Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/12/2026", "overall_level": 1, "caveat": "Interim validation. When configured as specified in Section 11.2 of the Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Hewlett Packard Enterprise OpenSSL 3 Provider Module is one of the components within a variety of Hewlett Packard Enterprise and HPE Aruba products, including the Aruba Mobility Conductors, Mobility Controllers/Gateways, and controller-managed Aruba Access Points (APs) running the ArubaOS operating system running on the Aruba hardware-based equipment or Aruba virtual appliances.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "A4803 | AES-CBC | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-CCM | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-CFB128 | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-CFB8 | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-CMAC | AES | 128,192,256 bits | Message Authentication", "A4803 | AES-CTR | AES | 128-256 bits | DRBG", "A4803 | AES-ECB | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-GCM | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-GMAC | AES | 128,192,256 bits | Message Authentication", "A4803 | AES-KW | AES | 128,192,256 bits | Key Transport", "A4803 | AES-KWP | AES | 128,192,256 bits | Key Transport", "A4803 | AES-OFB | AES | 128,192,256 bits | Data Encryption/Decryption", "A4803 | AES-XTS Testing Revision 2.0 | AES | 128,256 bits | Data Encryption/Decryption", "A4803 | Counter DRBG | Counter DRBG | 128,192,256 bits | Generate random numbers with SP800-90A Rev 1", "A4803 | ECDSA KeyGen(FIPS186-4) | ECDSA KeyGen(FIPS186) | ≥112bits | Generate an asymmetric keypair", "A4803 | ECDSA KeyVer(FIPS186-4) | ECDSA KeyVer(FIPS186) | ≥112bits | Verify an asymmetric keypair parameters", "A4803 | ECDSA SigGen(FIPS186-4) | ECDSA SigGen(FIPS186) | ≥112bits | Generate digital signatures", "A4803 | ECDSA SigVer(FIPS186-4) | ECDSA SigVer(FIPS186) | ≥112bits | Verify digital signatures", "A4803 | HMAC-SHA2-224 | HMAC | 224bits | Message Authentication", "A4803 | HMAC-SHA2-256 | HMAC | 256bits | Message Authentication", "A4803 | HMAC-SHA2-384 | HMAC | 384bits | Message Authentication", "A4803 | HMAC-SHA2-512 | HMAC | 512bits | Message Authentication", "A4803 | HMAC-SHA3-224 | HMAC | 224bits | Message Authentication", "A4803 | HMAC-SHA3-256 | HMAC | 256bits | Message Authentication", "A4803 | HMAC-SHA3-384 | HMAC | 384bits | Message Authentication", "A4803 | HMAC-SHA3-512 | HMAC | 512bits | Message Authentication", "A4803 | KAS-ECCCDH-ComponentSP800-56Ar3 | KAS | 112to256bits | Shared Secret Computation", "A4803 | KAS-ECCSSCSp800-56Ar3 | KAS | 112to256bits | Shared Secret Computation", "A4803 | KAS-FFCSSCSp800-56Ar3 | KAS | 112to200bits | Shared Secret Computation", "A4803 | KDF SP800-108 | KDF SP800 | ≥112 bits | Key Derivation", "A4803 | KDF SSH | KDF SSH | ≥112 bits | Key Derivation Function", "A4803 | PBKDF | PBKDF | ≥112bits | Perform key derivation", "A4803 | RSA KeyGen(FIPS186-4) | RSA KeyGen(FIPS186) | 2048bits | Generate RSA key pair", "A4803 | RSA SigGen(FIPS186-4) | RSA SigGen(FIPS186) | 128-256bits | Generate RSA digital signatures", "A4803 | RSA SigVer(FIPS186-4) | RSA SigVer(FIPS186) | 128-256bits | Verify RSA digital signatures", "A4803 | RSA Signature Primitive | RSA Signature Primitive | 128-256bits | Generate RSA digital signatures", "A4803 | SHA2-224 | SHA2 | 224bits | Message Digest", "A4803 | SHA2-256 | SHA2 | 256bits | Message Digest", "A4803 | SHA2-384 | SHA2 | 384bits | Message Digest", "A4803 | SHA2-512 | SHA2 | 512bits | Message Digest", "A4803 | SHA3-224 | SHA3 | 224bits | Message Digest", "A4803 | SHA3-256 | SHA3 | 256bits | Message Digest", "A4803 | SHA3-384 | SHA3 | 384bits | Message Digest", "A4803 | SHA3-512 | SHA3 | 512bits | Message Digest", "A4803 | SHAKE-128 | SHAKE | 128bits | Message Digest", "A4803 | SHAKE-256 | SHAKE | 256bits | Message Digest", "A4803 | TLS v1.2 KDF RFC7627 | TLS v1.2 KDF RFC7627 | ≥112bits | Key Derivation Function", "A4803 | TLS v1.3 KDF | TLS v1.3 KDF | ≥112bits | Key Derivation Function" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4875", "Certificate Number": "4875", "Vendor Name": "Geotab Inc.", "Module Name": "Geotab Cryptographic Module", "Module Type": "Firmware", "Validation Date": "11/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4875.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4875", "module_name": "Geotab Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/12/2026", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Firmware", "embodiment": "Single Chip", "description": "Geotab Cryptographic Module provides a library of functions to perform general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4874", "Certificate Number": "4874", "Vendor Name": "Senetas Corporation Ltd., distributed by Thales SA", "Module Name": "CE Crypto Module", "Module Type": "Firmware", "Validation Date": "11/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4874.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4874", "module_name": "CE Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/11/2029", "overall_level": 1, "caveat": "Interim validation", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The CE Crypto Module is a firmware cryptographic module running on a multi-chip standalone general-purpose compute platform. The module provides low-level cryptographic primitives to the overall platform and its functions.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4873", "Certificate Number": "4873", "Vendor Name": "Symantec, A Division of Broadcom", "Module Name": "Edge SWG", "Module Type": "Software-hybrid", "Validation Date": "11/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4873.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4873", "module_name": "Edge SWG", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/10/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode and when installed, initialized and configured as specified in Section 11.1.1 of the Security Policy. The protocols TLS v1.0 and v1.1 shall not be used when operated in approved mode.", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Edge SWG appliances from Symantec provide companies the ability to deploy a scalable proxy-based security solution to protect their organization against advanced threats. The Edge SWG acts as gateway between web users and the Internet: a single point where all web traffic can be monitored and corporate policies for web use can be enforced.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4872", "Certificate Number": "4872", "Vendor Name": "Veeam Software Corporation", "Module Name": "Veeam Cryptographic Module", "Module Type": "Software", "Validation Date": "11/08/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4872.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4872", "module_name": "Veeam Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Veeam Cryptographic Module provides FIPS-Approved cryptographic functions and services to various Veeam products, including, but not limited to, Veeam Data Platform (VDP), Veeam Availability Suite (VAS), Veeam Backup & Replication, Veeam ONE, Veeam Agents, and other Veeam Components.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4871", "Certificate Number": "4871", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Solutions Cryptographic Software Module", "Module Type": "Software-hybrid", "Validation Date": "11/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4871.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4871", "module_name": "Motorola Solutions Cryptographic Software Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/6/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g. keys).", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Motorola Solutions Cryptographic Software Module is a software-hybrid based cryptographic module that provides cryptographic services to applications that support the APCO Project 25 standard and run on a General-Purpose Computer (GPC) hardware platform that supports processor algorithm acceleration." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4870", "Certificate Number": "4870", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Astro PDEG Motorola Advanced Crypto Engine (MACE)", "Module Type": "Hardware", "Validation Date": "11/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4870.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4870", "module_name": "Astro PDEG Motorola Advanced Crypto Engine (MACE)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/6/2026", "overall_level": 3, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The ASTRO PDEG MACE provides secure key management, and data encryption for the Motorola Solutions PDEG Encryption Unit.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4869", "Certificate Number": "4869", "Vendor Name": "Senetas Corporation Ltd, distributed by Thales SA (SafeNet)", "Module Name": "CN Series Encryptors", "Module Type": "Hardware", "Validation Date": "11/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4869.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4869", "module_name": "CN Series Encryptors", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/5/2029", "overall_level": 3, "caveat": "Interim Validation. When operated in approved mode and initialized as per Section 2.3.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The CN4010, CN4020, CN6010, CN6100, CN6110, CN6140, CN9100 and CN9120 are high-speed hardware encryption platforms that secure data over twisted-pair and optical Ethernet networks. The modules support line rates from 10Mb/s to 100Gb/s. All models except CN4010 are equipped with pluggable transceivers to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES algorithms in CFB, CTR and GCM modes. Additional transmission security is provided via TRANSEC (Traffic Flow Security) which can be used to remove patterns in network traffic and prevent traffic analysis attacks.", "detail_available": true, "algorithms": [ "AES", "ECDH", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4868", "Certificate Number": "4868", "Vendor Name": "Tanium", "Module Name": "Tanium OpenSSL 3 FIPS Module", "Module Type": "Software", "Validation Date": "11/06/202411/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4868.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4868", "module_name": "Tanium OpenSSL 3 FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Tanium OpenSSL 3 FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Tanium products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4867", "Certificate Number": "4867", "Vendor Name": "Forcepoint", "Module Name": "Forcepoint Next Generation Firewall", "Module Type": "Hardware", "Validation Date": "11/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4867.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4867", "module_name": "Forcepoint Next Generation Firewall", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/5/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. The tamper evident seals ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4866", "Certificate Number": "4866", "Vendor Name": "SK hynix NAND Product Solutions Corp (d/b/a Solidigm)", "Module Name": "Solidigm® P5520 SSD (ADP-RR)", "Module Type": "Hardware", "Validation Date": "11/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4866.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4866", "module_name": "Solidigm® P5520 SSD (ADP-RR)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/4/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 2.4 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Solidigm P5520 SSD (ADP-RR) module provides data-at-rest protection, using AES-XTS-256 to encrypt user data prior to being written to media.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4865", "Certificate Number": "4865", "Vendor Name": "Broadcom Inc.", "Module Name": "VMware’s Linux Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "11/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4865.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4865", "module_name": "VMware’s Linux Kernel Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/4/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode and installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The VMware's Linux Kernel Cryptographic Module 5.0.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4971 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4971 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A4971 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB128 | A4971 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A4971 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A4971 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4971 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4971 | Direction-Decrypt,Encrypt IV Generation-External IV Generation Mode-8.2.2 KeyLength-128,192,256 | SP 800-38D", "AES-XTS Testing Revision 2.0 | A4971 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "Counter DRBG | A4971 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A4971 | Curve-P-256,P-384 Secret Generation Mode-Extra Bits | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4971 | Curve-P-256,P-384 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4971 | Curve-P-256,P-384 Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "Hash DRBG | A4971 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A4971 | Prediction Resistance - No, Yes Mode - SHA-1,SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA-1 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A4971 | Key Length - Key Length:128-2048 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4971 | Domain Parameter Generation Methods-P-256,P-384 Scheme ephemeralUnified-KAS Role - initiator, responder | SP 800-56A Rev.3", "RSA SigGen(FIPS186-4) | A4971 | Signature Type-PKCS1.5 Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4971 | Signature Type-PKCS1.5 Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-224 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-256 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 180-4", "SHA3-224 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-256 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-384 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "SHA3-512 | A4971 | Message Length - Message Length:0-65536 Increment8 | FIPS 202", "AES-GCM | A4972 | Direction- Decrypt, EncryptIV Generation- External, InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,192,256 | SP 800-38D", "AES CBC-MAC(SP800-38C) | CBC-MAC as an authentication mode outside of theCCM context.", "AES GCM | Encryption(ExternalIV)", "RSA PKCS1v1.5 | Key Transport", "AES using modes usingRFC3686(CTR) | Encryptionand Decryption", "AES using modes usingRFC4543(GCM)和RFC4309(CCM) | Authenticated Encryptionand Decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4864", "Certificate Number": "4864", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM9A3 Series", "Module Type": "Hardware", "Validation Date": "11/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4864.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4864", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM9A3 Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/3/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Samsung NVMe TCG Opal SSC SEDs PM9A3 Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS 3072 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4863", "Certificate Number": "4863", "Vendor Name": "Ericsson Enterprise Wireless Solutions, Inc.", "Module Name": "Cradlepoint Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "11/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4863.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4863", "module_name": "Cradlepoint Kernel Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "11/3/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode with module Cradlepoint Cryptographic Module validated to FIPS 140-3 under Cert. #4770 operating in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ericsson Kernel Cryptographic Module is a software module running as part of Ericsson’s NetCloud OS kernel. It provides FIPS-Approved symmetric encryption and decryption, hashing, message authentication, and key establishment services to consuming applications via an Application Programming Interface (API).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4862", "Certificate Number": "4862", "Vendor Name": "Progress Software Corporation", "Module Name": "Progress LoadMaster FIPS Object Module", "Module Type": "Software", "Validation Date": "11/04/202402/24/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4862.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4862", "module_name": "Progress LoadMaster FIPS Object Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Progress LoadMaster FIPS Object Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4861", "Certificate Number": "4861", "Vendor Name": "Broadcom, Inc", "Module Name": "VMware’s OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "11/04/202412/05/202403/18/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4861.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4861", "module_name": "VMware’s OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The VMware’s OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4860", "Certificate Number": "4860", "Vendor Name": "Nokia of America Corporation (Nokia)", "Module Name": "Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L)", "Module Type": "Hardware", "Validation Date": "10/31/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4860.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4860", "module_name": "Nokia 1830 Photonic Service Switch (PSS) & Nokia 1830 Photonic Service Interconnect- Line (PSI-L)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/30/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "1830 Photonic Service Switch (PSS): Scalable optimized end-to-end optical transport solutions for metro, regional and long-haul networks. 1830 Photonic Service Switch - x( PSS -x): Scalable and efficient P-OTN switching for multi-protocol wholesale services. 1830 Photonic Service Interconnect -X (PSI-8L) is a scalable and modular shelf that provides a DataCenter form factor compatible option to deploy Photonic Line configuration.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4859", "Certificate Number": "4859", "Vendor Name": "Hewlett Packard Enterprise", "Module Name": "Hewlett Packard Enterprise FIPS Provider", "Module Type": "Software", "Validation Date": "10/30/202408/25/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4859.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4859", "module_name": "Hewlett Packard Enterprise FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Hewlett Packard Enterprise FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4858", "Certificate Number": "4858", "Vendor Name": "Wind River Systems, Inc.", "Module Name": "Wind River FIPS Provider", "Module Type": "Software", "Validation Date": "10/30/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4858.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4858", "module_name": "Wind River FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Wind River FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4857", "Certificate Number": "4857", "Vendor Name": "Red Hat(R), Inc.", "Module Name": "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "10/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4857.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4857", "module_name": "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/28/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.2 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4856", "Certificate Number": "4856", "Vendor Name": "Chainguard, Inc.", "Module Name": "Chainguard OpenSSL 3.0 FIPS Provider Module", "Module Type": "Software", "Validation Date": "10/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4856.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4856", "module_name": "Chainguard OpenSSL 3.0 FIPS Provider Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Chainguard OpenSSL 3.0 FIPS Provider Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4855", "Certificate Number": "4855", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 22.04 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "10/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4855.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4855", "module_name": "Canonical Ltd. Ubuntu 22.04 GnuTLS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/27/2029", "overall_level": 1, "caveat": "Interim validation. When operated in the approved mode. When installed, initialized, and configured as specified in section 11.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS protocol. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3665 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A3665 | Key Length-128,256 | SP 800-38C", "AES-GCM | A3665 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "HMAC-SHA-1 | A3665 | Key Length-Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A3665 | Key Length-Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3665 | Key Length-Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3665 | Key Length-Key Length:112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3665 | Key Length-Key Length:112-524288 Increment 8 | FIPS 198-1", "SHA-1 | A3665 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3665 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3665 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3665 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3665 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A3667 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A3667 | Direction-Generation,VerificationKey Length-128,256 | SP 800-38B", "AES-GCM | A3667 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GMAC | A3667 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "Counter DRBG | A3667 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-No | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A3667 | Curve-P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3667 | Curve-P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3667 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3667 | Component-NoCurve-P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-4", "HMAC-SHA-1 | A3667 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3667 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3667 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3667 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3667 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A3667 | Domain Parameter Generation Methods-P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KAS-FFC-SSCSp800-56Ar3 | A3667 | Domain Parameter Generation Methods-ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MMODP-4096,MMODP-6144,MMODP-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56ARev.3", "KDF TLS(CVL) | A3667 | TLS Version-v1.0/1.1 | SP 800-135Rev.1", "PBKDF | A3667 | Iteration Count-Iteration Count:10-1000 Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3667 | Key Generation Mode-B.3.2Modulo-2048,3072,4096Hash Algorithm-SHA2-384Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3667 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3667 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3667 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3667 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3667 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3667 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3667 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A3667 | Hash Algorithm-SHA2-256,SHA2-384 | SP 800-135Rev.1", "AES-CBC | A3708 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3708 | KeyLength-128,256 | SP 800-38C", "AES-CMAC | A3708 | Direction-Generation,VerificationKeyLength-128,256 | SP 800-38B", "AES-GCM | A3708 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-CBC | A3709 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3709 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-CBC | A3711 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3711 | KeyLength-128,256 | SP 800-38C", "AES-CMAC | A3711 | Direction-Generation,VerificationKeyLength-128,256 | SP 800-38B", "AES-GCM | A3711 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-CBC | A3712 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3712 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-CBC | A3713 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-GCM | A3713 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,256 | SP 800-38D", "AES-CBC | A3714 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3714 | Direction-Generation,VerificationKeyLength-128,256 | SP 800-38B", "HMAC-SHA-1 | A3714 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3714 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3714 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3714 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3714 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "SHA-1 | A3714 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-224 | A3714 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-256 | A3714 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-384 | A3714 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-512 | A3714 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "AES-CFB8 | A3670 | Direction - Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CFB8 | A3716 | Direction - Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-CFB8 | A3717 | Direction - Decrypt, Encrypt Key Length -128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3668 | Direction - Decrypt, Encrypt Key Length -128,256 | SP 800-38E", "HMAC-SHA-1 | A3710 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A3710 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3710 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3710 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3710 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "SHA-1 | A3710 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-224 | A3710 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-256 | A3710 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-384 | A3710 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "SHA2-512 | A3710 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 180-4", "KDA HKDF Sp800-56Cr1 | A3666 | Derived Key Length -2048 Shared Secret Length -Shared Secret Length:224-65336 Increment 8 HMAC Algorithm-HSA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56C Rev.2", "SHA3-224 | A3669 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 202", "SHA3-256 | A3669 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 202", "SHA3-384 | A3669 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 202", "SHA3-512 | A3669 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes -1,2,4,8 | FIPS 202", "SHA3-224 | A3715 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A3715 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3715 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3715 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 202", "CKG(asymmetric) | RSA:AsymmetricECDSA:AsymmetricEC Diffie-Hellman:AsymmetricSafeprimes:Asymmetric | N/A | SP 800-133r2 section4 example1without the use ofV(refer toadditional comment2ofIGD.H)", "CKG(symmetric) | AES:SymmetricHMAC:Symmetric | N/A | SP 800-133r2section4example1without the use ofV(refer toadditionalcomment2ofIGD.H)", "CMAC with Triple-DES | Message authentication code (MAC)", "DES | Symmetric encryption; Symmetric decryption", "Diffie-Hellman(with domain parameters other than safe primes) | Key agreement; Shared secret computation", "DSA | Key generation; Domain parameter generation; Digital signature generation; Digital signature verification", "ECDSA(with curves other than P-256,P-384,P-512) | Key generation; Public key verification", "ECDSA(with curves other than P-256,P-384,P-512 or hash functions other than SHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature generation; Digital signature verification", "EC Diffie-Hellman(with curves other than P-256,P-384,P-512) | Key agreement; Shared secret computation", "HMAC(with keys smaller than 112-bits) | Message authentication code(MAC)", "HMAC(with GOST) | Message authentication code(MAC)", "PBKDF(with non-approved message digest algorithms or using input parameters not meeting requirements stated in section 2.7 of the security policy) | Key derivation", "RSA(with keys smaller than 2048 bits or greater than 4096 bits) | Key generation", "RSA(with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions other than SHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature generation", "RSA(with keys smaller than 1024 bits or greater than 4096 bits and/or hash functions other than SHA2-224,SHA2-256,SHA2-384,SHA2-512) | Digital signature verification", "RSA(encapsulation and un-encapsulation with any key sizes) | Key encapsulation; Key un-encapsulation", "Triple-DES | Symmetric encryption; Symmetric decryption", "AES-GCM(when not used in the context of the TLS protocol) | Symmetric encryption; Symmetric decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4854", "Certificate Number": "4854", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]", "Module Type": "Software", "Validation Date": "10/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4854.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4854", "module_name": "Apple corecrypto Module v12.0 [Apple silicon, Kernel, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/27/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple Cryptographic Module for Apple silicon kernel space environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4853", "Certificate Number": "4853", "Vendor Name": "RigSec Technology Limited", "Module Name": "RIGFORT Pro Blockchain HSM", "Module Type": "Hardware", "Validation Date": "10/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4853.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4853", "module_name": "RIGFORT Pro Blockchain HSM", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/27/2026", "overall_level": 3, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The RIGFORT Pro Blockchain HSM is a Multiple-chip standalone cryptographic module. It is a security module that supports the encryption algorithm approved by FIPS 140-3 and with physical security protection measures, key management mechanisms, and security features to provide secured and applicable cryptographic services for customer systems. Specifically, the security features include key wrapping, message authentication code (MAC), message digest, data encryption and decryption, digital signature generation and verification, etc.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4852", "Certificate Number": "4852", "Vendor Name": "THALES", "Module Name": "Safeword3300 Platinum V2F", "Module Type": "Hardware", "Validation Date": "10/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4852.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4852", "module_name": "Safeword3300 Platinum V2F", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/23/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The module provides cryptographic services in support of Time-Based One-Time Password (TOTP) protocol [RFC 6238] and challenge-response based on the HMAC-based One-Time Password (HOTP) [RFC 4226] protocol.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4851", "Certificate Number": "4851", "Vendor Name": "SK hynix NAND Product Solutions Corp (d/b/a Solidigm)", "Module Name": "Solidigm® P5316 SSD (ADP-R)", "Module Type": "Hardware", "Validation Date": "10/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4851.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4851", "module_name": "Solidigm® P5316 SSD (ADP-R)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/22/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 2.4 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Solidigm P5316 SSD (ADP-R) module provides data-at-rest protection, using AES-XTS-256 to encrypt user data prior to being written to media.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4850", "Certificate Number": "4850", "Vendor Name": "Quantum Xchange", "Module Name": "Quantum Xchange Phio TX", "Module Type": "Hardware", "Validation Date": "10/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4850.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4850", "module_name": "Quantum Xchange Phio TX", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/22/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "N/A", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4849", "Certificate Number": "4849", "Vendor Name": "Brocade Communications Systems LLC", "Module Name": "Brocade Fabric OS FIPS Cryptographic Module", "Module Type": "Firmware", "Validation Date": "10/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4849.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4849", "module_name": "Brocade Fabric OS FIPS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/22/2029", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Brocade Fabric OS FIPS Cryptographic Module underpins Brocade’s Fabric Operating System equipment. The Brocade Fabric OS is the software foundation for Brocade’s purpose-built network infrastructure for mission-critical storage.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4848", "Certificate Number": "4848", "Vendor Name": "Dell Inc.", "Module Name": "Dell FIPS Module", "Module Type": "Software", "Validation Date": "10/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4848.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4848", "module_name": "Dell FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Dell FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Dell products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4847", "Certificate Number": "4847", "Vendor Name": "Keysight Technologies", "Module Name": "Keysight BC-FJA (Bouncy Castle FIPS Java API) for Network Visibility", "Module Type": "Software", "Validation Date": "10/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4847.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4847", "module_name": "Keysight BC-FJA (Bouncy Castle FIPS Java API) for Network Visibility", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Keysight Technologies BC-FJA (Bouncy Castle FIPS Java API) is integrated into Keysight’s network visibility product family to provide FIPS 140-3 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4846", "Certificate Number": "4846", "Vendor Name": "Red Hat, Inc.", "Module Name": "Red Hat Enterprise Linux 9 gnutls", "Module Type": "Software", "Validation Date": "10/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4846.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4846", "module_name": "Red Hat Enterprise Linux 9 gnutls", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/20/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with Red Hat Enterprise Linux 9.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4845", "Certificate Number": "4845", "Vendor Name": "Century Longmai Technology Co. Ltd", "Module Name": "mToken CryptoID", "Module Type": "Hardware", "Validation Date": "10/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4845.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4845", "module_name": "mToken CryptoID", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/20/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11of the Security Policy. When operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with Computer device via USB interface in a \"plug and play\" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A2660 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A2660 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-ECB | A2660 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-KW | A2660 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "ECDSA KeyGen(FIPS186-4) | A2663 | Curve-P-256,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A2663 | Curve-P-256,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A2663 | Component-NoCurve-P-256,P-521 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A2663 | Component-NoCurve-P-256,P-521 | FIPS186-4", "Hash DRBG | A2662 | Prediction Resistance - No Mode-SHA2-256 | SP 800-90A Rev.1", "HMAC-SHA2-256 | A2661 | Key Length-Key Length:128-256 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A2661 | Key Length-Key Length:128-256 Increment8 | FIPS198-1", "HMAC-SHA2-512 | A2661 | Key Length-Key Length:128-256 Increment8 | FIPS198-1", "KAS-ECC Sp800-56Ar3 | A2659 | Domain Parameter Generation Methods-P-256,P-521Function-Key Pair GenerationSchemeephemeralUnified-KAS Role-Initiator,ResponderKeyLength-256 | SP 800-56ARev.3", "RSA KeyGen(FIPS186-4) | A2663 | Key GenerationMode-B.3.3Modulo-2048Primality Tests-TableC.2Private Key Format-Standard | FIPS186-4", "RSA SigGen(FIPS186-4) | A2663 | SignatureType-PKCS1.5Modulo-2048 | FIPS186-4", "RSA SigVer(FIPS186-4) | A2663 | SignatureType-PKCS1.5Modulo-2048 | FIPS186-4", "SHA2-256 | A2661 | - | FIPS180-4", "SHA2-384 | A2661 | - | FIPS180-4", "SHA2-512 | A2661 | - | FIPS180-4", "\\[IG D.H\\] | \\[133\\] Sections 4 and 5.1 Asymmetric signature key generation using unmodified DRBG output:AisinoChip Electronics SCC-XE", "\\[133\\] Sections 4 and 5.2 Asymmetric key establishment key generation using unmodified DRBG output:AisinoChip Electronics SCC-XE", "\\[133\\] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output:ARM Cortex M0", "\\[133\\] Section 6.2.1 Derivation of symmetric keys | mToken CryptoID Core DRBG Component | Key Generation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4844", "Certificate Number": "4844", "Vendor Name": "EF Johnson Technologies", "Module Name": "Kenwood Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4844.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4844", "module_name": "Kenwood Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/16/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The KCM is a multi-chip embedded FIPS 140-3 hardware cryptographic module. It provides access to basic cryptographic algorithms with available long-term key storage within the module itself. This module is intended for use cases where the additional security provided by a level 3 module is needed.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4843", "Certificate Number": "4843", "Vendor Name": "Ruckus Wireless LLC", "Module Name": "Ruckus FastIron ICX™ 7150/7250 Series Switch/Router", "Module Type": "Hardware", "Validation Date": "10/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4843.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4843", "module_name": "Ruckus FastIron ICX™ 7150/7250 Series Switch/Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/16/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ICX® family of fixed form-factor switches works together to deliver a complete, scalable, and high-performance network solution that supports today’s demanding video, Unified Communications (UC), VDI, and mobile applications. They leverage the innovative Campus Fabric technology, which provides simplified network deployment and management, scale-out networking, and investment protection with the industry’s lowest total cost of ownership.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4842", "Certificate Number": "4842", "Vendor Name": "Secret Double Octopus", "Module Name": "Octopus Authentication Server Cryptographic Module", "Module Type": "Software", "Validation Date": "10/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4842.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4842", "module_name": "Octopus Authentication Server Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Octopus Authentication Server manages the authentication requests and the connection to the application on the mobile device to get the user approval.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4841", "Certificate Number": "4841", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 10.1 Next-Generation Hardware Firewalls", "Module Type": "Hardware", "Validation Date": "10/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4841.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4841", "module_name": "PAN-OS 10.1 Next-Generation Hardware Firewalls", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/15/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Palo Alto Networks offers a full line of next-generation security appliances that range from the PA-220, designed for enterprise remote offices, to the PA-7080, which is a modular chassis designed for high-speed datacenters. The platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4840", "Certificate Number": "4840", "Vendor Name": "Extron Electronics", "Module Name": "Extron Secure Shield", "Module Type": "Software", "Validation Date": "10/16/202407/15/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4840.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4840", "module_name": "Extron Secure Shield", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Extron Secure Shield is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4839", "Certificate Number": "4839", "Vendor Name": "NXP Semiconductors, Inc.", "Module Name": "i.MX8 DXL V2X", "Module Type": "Hardware", "Validation Date": "10/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4839.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4839", "module_name": "i.MX8 DXL V2X", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/15/2029", "overall_level": 3, "caveat": "When utilizing a Trusted Channel as specified in the Security Policy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "N/A", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4838", "Certificate Number": "4838", "Vendor Name": "NetApp, Inc.", "Module Name": "NetApp Cryptographic Security Module", "Module Type": "Software", "Validation Date": "10/16/202411/14/202401/20/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4838.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4838", "module_name": "NetApp Cryptographic Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4837", "Certificate Number": "4837", "Vendor Name": "NXP Semiconductors, Inc.", "Module Name": "i.MX8 DXL SECO HSM", "Module Type": "Hardware", "Validation Date": "10/15/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4837.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4837", "module_name": "i.MX8 DXL SECO HSM", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/14/2029", "overall_level": 3, "caveat": "When utilizing a Trusted Channel as specified in the Security Policy.", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The i.MX8 DXL SECO HSM hardware is a sub-chip subsystem of a single-chip embodiment that provides cryptographic engine and secure storage functions, intended for use in automotive or IoT applications." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4836", "Certificate Number": "4836", "Vendor Name": "Ruckus Wireless LLC", "Module Name": "Ruckus FastIron ICX ™ 7550/7650/7850 Series Switch/Router", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4836.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4836", "module_name": "Ruckus FastIron ICX ™ 7550/7650/7850 Series Switch/Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ICX® family of fixed form-factor switches works together to deliver a complete, scalable, and high-performance network solution that supports today’s demanding video, Unified Communications (UC), VDI, and mobile applications. They leverage the innovative Campus Fabric technology, which provides simplified network deployment and management, scale-out networking, and investment protection with the industry’s lowest total cost of ownership.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4835", "Certificate Number": "4835", "Vendor Name": "Forcepoint", "Module Name": "Forcepoint NGFW Cryptographic Kernel Module", "Module Type": "Software", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4835.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4835", "module_name": "Forcepoint NGFW Cryptographic Kernel Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Forcepoint NGFW Cryptographic Kernel Module is a software module that provides cryptographic services required by the Forcepoint NGFW product.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4834", "Certificate Number": "4834", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4834.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4834", "module_name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4833", "Certificate Number": "4833", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4833.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4833", "module_name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of Security Policy. No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4832", "Certificate Number": "4832", "Vendor Name": "Ruckus Wireless LLC", "Module Name": "Ruckus FastIron ICX ™ 7450 Series Switch/Router", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4832.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4832", "module_name": "Ruckus FastIron ICX ™ 7450 Series Switch/Router", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ICX® family of fixed form-factor switches works together to deliver a complete, scalable, and high-performance network solution that supports today’s demanding video, Unified Communications (UC), VDI, and mobile applications. They leverage the innovative Campus Fabric technology, which provides simplified network deployment and management, scale-out networking, and investment protection with the industry’s lowest total cost of ownership.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4831", "Certificate Number": "4831", "Vendor Name": "Hewlett Packard Enterprise Development LP", "Module Name": "iLO 5 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4831.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4831", "module_name": "iLO 5 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in the Security Policy Section 3", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The HP Integrated Lights-Out 5 (HP iLO 5) built into HP ProLiant Gen10 and Synergy servers is an autonomous secure management component embedded directly on the server motherboard. iLO helps simplify initial server setup, power and thermal optimization, remote server administration, and provides server health monitoring with the HP Active Health System (AHS).", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4830", "Certificate Number": "4830", "Vendor Name": "Cloud Software Group", "Module Name": "NetScaler MPX", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4830.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4830", "module_name": "NetScaler MPX", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper-evident seals are installed/applied as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Netscaler product line optimizes delivery of applications over the Internet and private networks. It is an Application Delivery Controller (ADC) that performs application-specific traffic analysis to intelligently distribute, optimize, and secure L4-L7 network traffic for web-applications. All these capabilities are combined into a single, integrated appliance for increased productivity, with lower overall total cost of ownership.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4829", "Certificate Number": "4829", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4829.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4829", "module_name": "PAN-OS 11.0 running on PA-400 Series, PA-800 Series, PA-1400 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2026", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Palo Alto Networks offers a full line of next-generation security appliances. Our platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4828", "Certificate Number": "4828", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "GlobalProtect App", "Module Type": "Software-hybrid", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4828.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4828", "module_name": "GlobalProtect App", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2026", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The GlobalProtect App is a software cryptographic module that runs on commercially available operating systems and mobile devices to provide security for users. The GlobalProtect App secures traffic using TLS or IPsec, and allows users to connect to corporate networks to access their company's resources from anywhere in the world.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4827", "Certificate Number": "4827", "Vendor Name": "IDEMIA", "Module Name": "FIPS Applet on RookySE", "Module Type": "Hardware", "Validation Date": "10/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4827.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4827", "module_name": "FIPS Applet on RookySE", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/10/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "A Cryptographic module that provide the cryptographic methods which includes: Key Generation / Verification & Signature Generation / Verification", "detail_available": true, "algorithms": [ "CVL", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4826", "Certificate Number": "4826", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip", "Module Type": "Hardware", "Validation Date": "10/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4826.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4826", "module_name": "KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/6/2029", "overall_level": 2, "caveat": "No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Single Chip", "description": "KIOXIA FIPS TC58NC1137GTC/TC58NC1138GTC Crypto Sub-Chip is used for solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825", "Certificate Number": "4825", "Vendor Name": "Microsoft Corporation", "Module Name": "Cryptographic Primitives Library", "Module Type": "Software", "Validation Date": "10/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825", "module_name": "Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4766 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4511 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4512 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4824", "Certificate Number": "4824", "Vendor Name": "AKEYLESS Security Ltd", "Module Name": "AKEYLESS FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "10/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4824.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4824", "module_name": "AKEYLESS FIPS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The AKEYLESS FIPS Cryptographic Module is a general-purpose cryptographic library incorporated into the AKEYLESS family of products to provide FIPS 140-2 validated cryptography for the protection of sensitive information.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4823", "Certificate Number": "4823", "Vendor Name": "Cloudlinux Inc., TuxCare division", "Module Name": "OpenSSL FIPS Provider for AlmaLinux 9", "Module Type": "Software", "Validation Date": "10/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4823.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4823", "module_name": "OpenSSL FIPS Provider for AlmaLinux 9", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/6/2029", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AlmaLinux 9.2 OpenSSL FIPS provider implementation providing cryptographic services to Linux user space software components.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "KDA OneStep SP800-56Cr2 | A4051 | SP 800-56C Rev.2", "KDA HKDF Sp800-56Cr1 | A4052 | SP 800-56C Rev.2", "TLS v1.3 KDF(CVL) | A4052 | SP 800-135 Rev.1", "Counter DRBG | A4053 | SP 800-90A Rev.1", "Hash DRBG | A4053 | SP 800-90A Rev.1", "HMAC DRBG | A4053 | SP 800-90A Rev.1", "AES-ECB | A4054 | SP 800-38A", "KDF SSH(CVL) | A4054 | SP 800-135 Rev.1", "ECDSA SigGen(FIPS186-4) | A4055 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4055 | FIPS186-4", "HMAC-SHA3-224 | A4055 | FIPS198-1", "HMAC-SHA3-256 | A4055 | FIPS198-1", "HMAC-SHA3-384 | A4055 | FIPS198-1", "HMAC-SHA3-512 | A4055 | FIPS198-1", "KDF ANS9.42(CVL) | A4055 | SP 800-135 Rev.1", "KDF ANS9.63(CVL) | A4055 | SP 800-135 Rev.1", "PBKDF | A4055 | SP 800-132", "SHA3-224 | A4055 | FIPS202", "SHA3-256 | A4055 | FIPS202", "SHA3-384 | A4055 | FIPS 202", "SHA3-512 | A4055 | FIPS 202", "SHAKE-128 | A4055 | FIPS 202", "SHAKE-256 | A4055 | FIPS 202", "AES-CBC | A4056 | SP 800-38A", "AES-CBC-CS1 | A4056 | SP 800-38A", "AES-CBC-CS2 | A4056 | SP 800-38A", "AES-CBC-CS3 | A4056 | SP 800-38A", "AES-CCM | A4056 | SP 800-38C", "AES-CFB1 | A4056 | SP 800-38A", "AES-CFB128 | A4056 | SP 800-38A", "AES-CFB8 | A4056 | SP 800-38A", "AES-CMAC | A4056 | SP 800-38B", "AES-CTR | A4056 | SP 800-38A", "AES-ECB | A4056 | SP 800-38A", "AES-KW | A4056 | SP 800-38F", "AES-KWP | A4056 | SP 800-38F", "AES-OFB | A4056 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4056 | SP 800-38E", "AES-CBC | A4057 | SP 800-38A", "AES-CBC-CS1 | A4057 | SP 800-38A", "AES-CBC-CS2 | A4057 | SP 800-38A", "AES-CBC-CS3 | A4057 | SP 800-38A", "AES-CCM | A4057 | SP 800-38C", "AES-CFB1 | A4057 | SP 800-38A", "AES-CFB128 | A4057 | SP 800-38A", "AES-CFB8 | A4057 | SP 800-38A", "AES-CMAC | A4057 | SP 800-38B", "AES-CTR | A4057 | SP 800-38A", "AES-ECB | A4057 | SP 800-38A", "AES-KW | A4057 | SP 800-38F", "AES-KWP | A4057 | SP 800-38F", "AES-OFB | A4057 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4057 | SP 800-38E", "AES-CBC | A4058 | SP 800-38A", "AES-CBC-CS1 | A4058 | SP 800-38A", "AES-CBC-CS2 | A4058 | SP 800-38A", "AES-CBC-CS3 | A4058 | SP 800-38A", "AES-CCM | A4058 | SP 800-38C", "AES-CFB1 | A4058 | SP 800-38A", "AES-CFB128 | A4058 | SP 800-38A", "AES-CFB8 | A4058 | SP 800-38A", "AES-CMAC | A4058 | SP 800-38B", "AES-CTR | A4058 | SP 800-38A", "AES-ECB | A4058 | SP 800-38A", "AES-KW | A4058 | SP 800-38F", "AES-KWP | A4058 | SP 800-38F", "AES-OFB | A4058 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4058 | SP 800-38E", "ECDSA KeyGen(FIPS186-4) | A4059 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4059 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4059 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4059 | FIPS 186-4", "HMAC-SHA-1 | A4059 | FIPS 198-1", "HMAC-SHA2-224 | A4059 | FIPS 198-1", "HMAC-SHA2-256 | A4059 | FIPS 198-1", "HMAC-SHA2-384 | A4059 | FIPS 198-1", "HMAC-SHA2-512 | A4059 | FIPS 198-1", "HMAC-SHA2-512/224 | A4059 | FIPS 198-1", "HMAC-SHA2-512/256 | A4059 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4059 | SP 800-56A Rev.3", "KDF ANS 9.42(CVL) | A4059 | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A4059 | SP 800-135 Rev.1", "PBKDF | A4059 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4059 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4059 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4059 | FIPS 186-4", "SHA-1 | A4059 | FIPS 180-4", "SHA2-224 | A4059 | FIPS 180-4", "SHA2-256 | A4059 | FIPS 180-4", "SHA2-384 | A4059 | FIPS 180-4", "SHA2-512 | A4059 | FIPS 180-4", "SHA2-512/224 | A4059 | FIPS 180-4", "SHA2-512/256 | A4059 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4059 | SP 800-135 Rev.1", "HMAC-SHA2-256 | A4060 | FIPS 198-1", "SHA2-256 | A4060 | FIPS 180-4", "AES-CBC | A4061 | SP 800-38A", "AES-CBC-CS1 | A4061 | SP 800-38A", "AES-CBC-CS2 | A4061 | SP 800-38A", "AES-CBC-CS3 | A4061 | SP 800-38A", "AES-CCM | A4061 | SP 800-38C", "AES-CFB1 | A4061 | SP 800-38A", "AES-CFB128 | A4061 | SP 800-38A", "AES-CFB8 | A4061 | SP 800-38A", "AES-CMAC | A4061 | SP 800-38B", "AES-CTR | A4061 | SP 800-38A", "AES-ECB | A4061 | SP 800-38A", "AES-KW | A4061 | SP 800-38F", "AES-KWP | A4061 | SP 800-38F", "AES-OFB | A4061 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4061 | SP 800-38E", "AES-CBC | A4062 | SP 800-38A", "AES-CBC-CS1 | A4062 | SP 800-38A", "AES-CBC-CS2 | A4062 | SP 800-38A", "AES-CBC-CS3 | A4062 | SP 800-38A", "AES-CCM | A4062 | SP 800-38C", "AES-CFB1 | A4062 | SP 800-38A", "AES-CFB128 | A4062 | SP 800-38A", "AES-CFB8 | A4062 | SP 800-38A", "AES-CMAC | A4062 | SP 800-38B", "AES-CTR | A4062 | SP 800-38A", "AES-ECB | A4062 | SP 800-38A", "AES-KW | A4062 | SP 800-38F", "AES-KWP | A4062 | SP 800-38F", "AES-OFB | A4062 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4062 | SP 800-38E", "AES-CBC | A4063 | SP 800-38A", "AES-CBC-CS1 | A4063 | SP 800-38A", "AES-CBC-CS2 | A4063 | SP 800-38A", "AES-CBC-CS3 | A4063 | SP 800-38A", "AES-CCM | A4063 | SP 800-38C", "AES-CFB1 | A4063 | SP 800-38A", "AES-CFB128 | A4063 | SP 800-38A", "AES-CFB8 | A4063 | SP 800-38A", "AES-CMAC | A4063 | SP 800-38B", "AES-CTR | A4063 | SP 800-38A", "AES-ECB | A4063 | SP 800-38A", "AES-KW | A4063 | SP 800-38F", "AES-KWP | A4063 | SP 800-38F", "AES-OFB | A4063 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4063 | SP 800-38E", "AES-ECB | A4064 | SP 800-38A", "KDF SSH(CVL) | A4064 | SP 800-135 Rev.1", "AES-ECB | A4065 | SP 800-38A", "KDF SSH(CVL) | A4065 | SP 800-135 Rev.1", "AES-ECB | A4066 | SP 800-38A", "KDF SSH(CVL) | A4066 | SP 800-135 Rev.1", "AES-GCM | A4067 | SP 800-38D", "AES-GMAC | A4067 | SP 800-38D", "AES-GCM | A4068 | SP 800-38D", "AES-GMAC | A4068 | SP 800-38D", "AES-GCM | A4069 | SP 800-38D", "AES-GMAC | A4069 | SP 800-38D", "AES-GCM | A4070 | SP 800-38D", "AES-GMAC | A4070 | SP 800-38D", "AES-GCM | A4071 | SP 800-38D", "AES-GMAC | A4071 | SP 800-38D", "AES-GCM | A4072 | SP 800-38D", "AES-GMAC | A4072 | SP 800-38D", "AES-GCM | A4073 | SP 800-38D", "AES-GMAC | A4073 | SP 800-38D", "AES-GCM | A4074 | SP 800-38D", "AES-GMAC | A4074 | SP 800-38D", "AES-GCM | A4075 | SP 800-38D", "AES-GMAC | A4075 | SP 800-38D", "AES-GCM | A4076 | SP 800-38D", "AES-GMAC | A4076 | SP 800-38D", "AES-GCM | A4077 | SP 800-38D", "AES-GMAC | A4077 | SP 800-38D", "AES-GCM | A4078 | SP 800-38D", "AES-GMAC | A4078 | SP 800-38D", "ECDSA KeyGen(FIPS186-4) | A4079 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4079 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4079 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4079 | FIPS186-4", "HMAC-SHA-1 | A4079 | FIPS198-1", "HMAC-SHA2-224 | A4079 | FIPS198-1", "HMAC-SHA2-256 | A4079 | FIPS198-1", "HMAC-SHA2-384 | A4079 | FIPS198-1", "HMAC-SHA2-512 | A4079 | FIPS198-1", "HMAC-SHA2-512/224 | A4079 | FIPS198-1", "HMAC-SHA2-512/256 | A4079 | FIPS198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4079 | SP800-56A Rev.3", "KDF ANS 9.42(CVL) | A4079 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4079 | SP800-135Rev.1", "PBKDF | A4079 | SP800-132", "RSA KeyGen(FIPS186-4) | A4079 | FIPS186-4", "RSA SigGen(FIPS186-4) | A4079 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4079 | FIPS 186-4", "SHA-1 | A4079 | FIPS 180-4", "SHA2-224 | A4079 | FIPS 180-4", "SHA2-256 | A4079 | FIPS 180-4", "SHA2-384 | A4079 | FIPS 180-4", "SHA2-512 | A4079 | FIPS 180-4", "SHA2-512/224 | A4079 | FIPS 180-4", "SHA2-512/256 | A4079 | FIPS 180-4", "TLS v1.2KDF RFC7627(CVL) | A4079 | SP 800-135Rev.1", "ECDSA KeyGen(FIPS186-4) | A4080 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4080 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4080 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4080 | FIPS 186-4", "HMAC-SHA-1 | A4080 | FIPS 198-1", "HMAC-SHA2-224 | A4080 | FIPS 198-1", "HMAC-SHA2-256 | A4080 | FIPS 198-1", "HMAC-SHA2-384 | A4080 | FIPS 198-1", "HMAC-SHA2-512 | A4080 | FIPS 198-1", "HMAC-SHA2-512/224 | A4080 | FIPS 198-1", "HMAC-SHA2-512/256 | A4080 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4080 | SP 800-56A Rev.3", "KDF ANS9.42(CVL) | A4080 | SP 800-135Rev.1", "KDF ANS9.63(CVL) | A4080 | SP 800-135Rev.1", "PBKDF | A4080 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4080 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4080 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4080 | FIPS 186-4", "SHA-1 | A4080 | FIPS 180-4", "SHA2-224 | A4080 | FIPS 180-4", "SHA2-256 | A4080 | FIPS 180-4", "SHA2-384 | A4080 | FIPS 180-4", "SHA2-512 | A4080 | FIPS 180-4", "SHA2-512/224 | A4080 | FIPS 180-4", "SHA2-512/256 | A4080 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4080 | SP 800-135 Rev.1", "ECDSA KeyGen(FIPS186-4) | A4081 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4081 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4081 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4081 | FIPS 186-4", "HMAC-SHA-1 | A4081 | FIPS 198-1", "HMAC-SHA2-224 | A4081 | FIPS 198-1", "HMAC-SHA2-256 | A4081 | FIPS 198-1", "HMAC-SHA2-384 | A4081 | FIPS 198-1", "HMAC-SHA2-512 | A4081 | FIPS 198-1", "HMAC-SHA2-512/224 | A4081 | FIPS 198-1", "HMAC-SHA2-512/256 | A4081 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4081 | SP 800-56A Rev.3", "KDF ANS 9.42(CVL) | A4081 | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A4081 | SP 800-135 Rev.1", "PBKDF | A4081 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4081 | FIPS186-4", "RSA SigGen(FIPS186-4) | A4081 | FIPS186-4", "RSA SigVer(FIPS186-4) | A4081 | FIPS186-4", "SHA-1 | A4081 | FIPS180-4", "SHA2-224 | A4081 | FIPS180-4", "SHA2-256 | A4081 | FIPS180-4", "SHA2-384 | A4081 | FIPS180-4", "SHA2-512 | A4081 | FIPS180-4", "SHA2-512/224 | A4081 | FIPS180-4", "SHA2-512/256 | A4081 | FIPS180-4", "TLS v1.2 KDF RFC7627(CVL) | A4081 | SP 800-135 Rev.1", "ECDSA KeyGen(FIPS186-4) | A4082 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4082 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A4082 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4082 | FIPS186-4", "HMAC-SHA-1 | A4082 | FIPS198-1", "HMAC-SHA2-224 | A4082 | FIPS198-1", "HMAC-SHA2-256 | A4082 | FIPS198-1", "HMAC-SHA2-384 | A4082 | FIPS198-1", "HMAC-SHA2-512 | A4082 | FIPS198-1", "HMAC-SHA2-512/224 | A4082 | FIPS198-1", "HMAC-SHA2-512/256 | A4082 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4082 | SP 800-56A Rev.3", "KDF ANS 9.42(CVL) | A4082 | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A4082 | SP 800-135 Rev.1", "PBKDF | A4082 | SP 800-132", "RSA KeyGen(FIPS186-4) | A4082 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4082 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4082 | FIPS 186-4", "SHA-1 | A4082 | FIPS 180-4", "SHA2-224 | A4082 | FIPS 180-4", "SHA2-256 | A4082 | FIPS 180-4", "SHA2-384 | A4082 | FIPS 180-4", "SHA2-512 | A4082 | FIPS 180-4", "SHA2-512/224 | A4082 | FIPS 180-4", "SHA2-512/256 | A4082 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4082 | SP 800-135 Rev.1", "KDF SP800-108 | A4084 | SP 800-108 Rev.1", "KAS-FFC-SSC Sp800-56Ar3 | A4085 | SP 800-56A Rev.3", "(CKG) Key Pair Generation | Key Pair Generation with RSA:2048-16384 bits keys(112-256 bits strength)Key Pair Generation with ECDSA:P-224, | N/A | SP 800-133r2Section 4example 1", "RSASignatureGeneration | PKCS#1v1.5 and PKCSPSS:SHA3-224,SHA3-256,SHA3-384,SHA3-512Key:2048-16384 bitsStrength:112-256bits | N/A | FIPS 140-3IGC.C", "RSASignatureVerification | PKCS#1v1.5和PKCSPSS:SHA3-224,SHA3-256,SHA3-384,SHA3-512Key:1024-16384 bitsStrength:80-256bits | N/A | FIPS 140-3IGC.C", "AES GCM (external IV) | Authentication Encryption", "HMAC (<112-bit keys) | Message Authentication Code", "KBKDF, KDA OneStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF(<112-bit keys) | Key Derivation", "KDA OneStep(SHAKE128,SHAKE256) | Key Derivation", "ANSX9.42KDF(SHAKE128,SHAKE256) | Key Derivation", "ANSX9.63KDF(SHA-1,SHAKE128,SHAKE256) | Key Derivation", "SSH KDF(SHA-512/224,SHA-512/256,SHA-3,SHAKE128,SHAKE256) | Key Derivation", "TLS 1.2KDF(SHA-1,SHA-224,SHA-512/224,SHA-512/256,SHA-3) | TLS Key Derivation", "TLS 1.3KDF(SHA-1,SHA-224,SHA-512,SHA-512/224,SHA-512/256,SHA-3) | TLS Key Derivation", "RSA(KAS1,KAS2 schemes) | Shared secret computation", "RSA and ECDSA(pre-hashed message) | Signature generation; Signature verification", "RSA-PSS(invalid salt length) | Signature generation; Signature verification", "RSA-OAEP | Asymmetric encryption; Asymmetric decryption", "Symmetric Encryption with AES | BC-UnAuth | Symmetric encryption using AES | AES-ECB:128,192,256 bits | AES-ECB", "AES-CBC:128,192,256 bits | AES-ECB", "AES-CBC-CS1:128,192,256 bits | AES-ECB", "AES-CBC-CS2:128,192,256 bits | AES-ECB", "AES-CBC-CS3:128,192,256 bits | AES-ECB", "AES-CFB1:128,192,256 bits | AES-ECB", "AES-CFB128:128,192,256 bits | AES-ECB", "AES-CFB8:128,192,256 bits | AES-ECB", "AES-CTR:128,192,256 | AES-ECB", "Key wrapping with AES-KW | KTS-Wrap | Key wrapping using AES KW | AES-KW:128,192,256bits | AES-KWAES-KWAES-KWAES-KWAES-KW", "Key unwrapping with AES-KW | KTS-Wrap | Key unwrapping using AES KW | AES-KW:128,192,256bits | AES-KWAES-KWAES-KWAES-KWAES-KW", "Key wrapping with AES-KWP | KTS-Wrap | Key wrapping using AES KWwith padding | AES-KWP:128,192,256bits | AES-KWPAES-KWPAES-KWP", "Key unwrapping with AES-KWP | KTS-Wrap | Key unwrapping using AES KW with padding | AES-KWP:128,192,256 bits | AES-KWP AES-KWP AES-KWP AES-KWP AES-KWP AES-KWP", "Key Derivation with KDA OneStep | KAS-56CKDF | Key Derivation using KDA OneStep | KDA OneStep SP800-56Cr2:112-256 bits | KDA OneStep SP800-56Cr2", "Key Derivation with X9.42 KDF | KAS-135KDF | Key Derivation using X9.42 KDF | KDF ANS 9.42:112-256 bits | KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42 KDF ANS 9.42", "Key Derivation with X9.63 KDF | KAS-135KDF | Key Derivation using X9.63 KDF | KDF ANS 9.63:112-256 bits | KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63 KDF ANS 9.63", "Key Derivation with SSH KDF | KAS-135KDF | Key Derivation | KDF SSH:112-256 bits | KDF SSH KDF SSH KDF SSH KDF SSH", "Key Derivation with HKDF | KAS-56CKDF | Key Derivation using HKDF | KDA HKDF Sp800-56Cr1:112-256 bits | KDA HKDF Sp800-56Cr1", "TLS Key Derivation | KAS-135KDF | TLS 1.2/1.3KeyDerivation | TLS v1.3 KDF:112-256bitsTLS v1.2 KDFRFC7627:112-256 bits | TLS v1.3KDFTLS v1.2KDFRFC7627TLS v1.2KDFRFC7627TLS v1.2KDFRFC7627TLS v1.2KDFRFC7627", "Key Derivation with KBKDF | KBKDF | Key derivation using KBKDF | Modes:Counter,FeedbackKDF SP800-108:112-256bits | KDF SP800-108", "Password-based Key Derivation | PBKDF | Password-based Key Derivation | PBKDF:112-256bits | PBKDFPBKDFPBKDFPBKDFPBKDF", "Random Number Generation | DRBG | Random Number Generation(IG D.R compliant) | Counter DRBG:128,192,256bitsHMAC DRBG:128,256bitsHash DRBG:128,256bits | CounterDRBGHMAC DRBGHash DRBG", "Signature Generation | DigSig-SigGen | Signature Generation | ECDSA SigGen(FIPS186-4):P-224,P-256,P-384,P-521(112,128,192,256bits)RSA SigGen(FIPS186-4):2048-16384bits(112-256bits) | ECDSASigGen(FIPS186-4)ECDSASigGen(FIPS186-4)ECDSASigGen(FIPS186-4)ECDSASigGen(FIPS186-4)ECDSASigGen(FIPS186-4)", "HMAC-SHA2-512/224", "HMAC-SHA2-512/256", "AES-CMAC", "AES-GMAC", "Message digest | SHA XOF | Message digest | SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHAKE-128", "SHAKE-256", "SHA-1", "SHA2-224", "Key unwrapping with AES-CCM | BC-Auth | Key unwrapping with AES CCM(as permitted by IG D.G) | Key:128,192,256 bit keys with 128,192,256 bits of key strength, respectively | AES-CCMAES-CCMAES-CCMAES-CCMAES-CCM", "Key wrapping with AES-GCM | KTS-Wrap | Key wrapping with AES GCM(as permitted by IG D.G) | Key:128,192,256 bit keys with 128,192,256 bits of key strength, respectively | AES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMA", "Key unwrapping with AES-GCM | BC-Auth | Key unwrapping with AES GCM(as permitted by IG D.G) | Key:128,192,256 bit keys with 128,192,256 bits of key strength, respectively | AES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMAES-GCMA", "Key Pair Generation with ECDSA | AsymKeyPair-KeyGen | Key Pair Generation using ECDSA | ECDSA KeyGen(FIPS186-4):P-224,P-256,P-384,P-521(112,128,192,256 bits) | ECDSAKeyGen(FIPS186-4)ECDSAKeyGen(FIPS186-4)ECDSAKeyGen(FIPS186-4)ECDSAKeyGen(FIPS186-4)ECDSA", "Key Pair Generation with RSA | AsymKeyPair-KeyGen | Key Pair Generation using RSA | RSA KeyGen(FIPS186-4):2048-15360 bits(112-256 bits) | RSA KeyGen(FIPS186-4)RSA KeyGen(FIPS186-4)RSA KeyGen(FIPS186-4)RSA KeyGen(FIPS186-4)RSA KeyGen(FIPS186-4)", "Key Pair Verification with ECDSA | AsymKeyPair-KeyVer | Key Pair Verification using ECDSA | Curves:P-224,P-256,P-384,P-521(112,128,192,256bits) | ECDSA KeyVer(FIPS186-4)ECDSA KeyVer(FIPS186-4)ECDSA KeyVer(FIPS186-4)ECDSA KeyVer(FIPS186-4)ECDSA KeyVer(FIPS186-4)", "Shared Secret Computation with DH | KAS-SSC | Shared Secret Computation using DH | KAS-FFC-SSC Sp800-56Ar3:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192, | KAS-FFC-SSC Sp800-56Ar3", "Shared Secret Computation with ECDH | KAS-SSC | Shared Secret Computation using EC Diffie-Hellman | KAS-ECC-SSC Sp800-56Ar3:P-224,P-256,P-384,P-521(112,128,192,256bits strength)Compliance:SP 800-56Arev3,FIPS 140-3 IGD.F.Scenario2(1)Scheme:ephemeralUnifiedKAS Role:initiator,responder | KAS-ECC-SSC Sp800-56Ar3KAS-ECC-SSC Sp800-56Ar3KAS-ECC-SSC Sp800-56Ar3KAS-ECC-SSC Sp800-56Ar3KAS-ECC-SSC Sp800-56Ar3" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4822", "Certificate Number": "4822", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Libica Cryptographic Module", "Module Type": "Software-hybrid", "Validation Date": "10/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4822.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4822", "module_name": "SUSE Linux Enterprise Libica Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/6/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode with module SUSE Linux Enterprise OpenSSL Cryptographic Module validated to FIPS 140-3 under Cert. #4725 operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The SUSE Linux Enterprise Server Libica Cryptographic Module is a software-hybrid module that provides general purpose cryptographic algorithms to applications running in the user space of the underlying operating system through a C language application program interface (API). The module is composed by a software library, which provides the API and a subset of the cryptographic algorithms, and the Central Processor Assist for Cryptographic Functions (CPACF), which is part of the z15 processor and provides cryptographic algorithms implemented in firmware and hardware.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4821", "Certificate Number": "4821", "Vendor Name": "Siemens Government Technologies", "Module Name": "SiPass OpenSSL 3 FIPS Module", "Module Type": "Software", "Validation Date": "10/04/202401/21/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4821.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4821", "module_name": "SiPass OpenSSL 3 FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SiPass OpenSSL 3 FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Siemens products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4820", "Certificate Number": "4820", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Junos® OS Evolved MACsec Cryptographic Library", "Module Type": "Software", "Validation Date": "10/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4820.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4820", "module_name": "Junos® OS Evolved MACsec Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/1/2029", "overall_level": 1, "caveat": "Interim validation. When operated with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 in approved mode, and module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates random strings whose strength is modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Junos® OS Evolved MACsec Cryptographic Library is a shared library in software, which provides cryptographic services for key wrapping, key derivation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4819", "Certificate Number": "4819", "Vendor Name": "Advanced Micro Devices, Inc. (AMD)", "Module Name": "AMD Pensando PenTrust Security Module", "Module Type": "Software-hybrid", "Validation Date": "10/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4819.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4819", "module_name": "AMD Pensando PenTrust Security Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/30/2029", "overall_level": 1, "caveat": "None", "module_type": "Software-hybrid", "embodiment": "Single Chip", "description": "This module provides strong security services to applications running on the AMD Pensando DPU 2.0", "detail_available": true, "algorithms": [ "AES", "ECDSA", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4453 | Direction-DecryptKey Length-128,192,256 | SP 800-38A", "AES-CTR | A4453 | Direction-DecryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4453 | Direction-DecryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4453 | Direction-DecryptIV Generation-ExternalKey Length-128,192,256 | SP 800-38D", "AES-GMAC | A4453 | Direction-DecryptIV Generation-ExternalKey Length-128,192,256 | SP 800-38D", "ECDSA SigVer(FIPS186-4) | A4453 | Component-NoCurve-P-384Hash Algorithm-SHA2-384 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4453 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,4096 | FIPS 186-4", "SHA2-256 | A4453 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-384 | A4453 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4", "SHA2-512 | A4453 | Message Length-Message Length:0-65536 Increment8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4818", "Certificate Number": "4818", "Vendor Name": "DigiCert, Inc.", "Module Name": "Mocana Cryptographic Loadable Kernel Module", "Module Type": "Software", "Validation Date": "10/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4818.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4818", "module_name": "Mocana Cryptographic Loadable Kernel Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/30/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Mocana Cryptographic Loadable Kernel Module is a software only, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4817", "Certificate Number": "4817", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v12.0 [Apple silicon, User, Software, SL1]", "Module Type": "Software", "Validation Date": "10/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4817.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4817", "module_name": "Apple corecrypto Module v12.0 [Apple silicon, User, Software, SL1]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/30/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple Cryptographic Module for Apple silicon user space environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4816", "Certificate Number": "4816", "Vendor Name": "Amazon Web Services Inc.", "Module Name": "AWS-LC Cryptographic Module (static)", "Module Type": "Software", "Validation Date": "10/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4816.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4816", "module_name": "AWS-LC Cryptographic Module (static)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/30/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "ECDSA KeyGen(FIPS186-5) | A4509 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4509 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4509 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4509 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4509 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4509 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4509 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF Sp800-56Cr1 | A4509 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A4509 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4509 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4509 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4509 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4509 | Modulo -2048,3072,4096 Signature Type -pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4509 | Signature Type-PKCS1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4509 | Modulo-2048,3072,4096 Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4509 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A4510 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A4510 | Key Length-128 | SP 800-38C", "AES-CMAC | A4510 | Direction-Generation,VerificationKey Length-128,256 | SP 800-38B", "AES-CTR | A4510 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A4510 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-KW | A4510 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-KWP | A4510 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-XTS TestingRevision2.0 | A4510 | Direction-Decrypt,EncryptKey Length-256 | SP 800-38E", "Counter DRBG | A4510 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-No | SP 800-90ARev.1", "AES-ECB | A4511 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A4511 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-GMAC | A4511 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-ECB | A4512 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4512 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4512 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-CBC | A4513 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4513 | Key Length - 128 | SP 800-38C", "AES-CMAC | A4513 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B", "AES-CTR | A4513 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4513 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-KW | A4513 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4513 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A4513 | Direction - Decrypt, Encrypt Key Length - 256 | SP 800-38E", "Counter DRBG | A4513 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev.1", "AES-ECB | A4514 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4514 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4514 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-CBC | A4515 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4515 | Key Length - 128 | SP 800-38C", "AES-CMAC | A4515 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B", "AES-CTR | A4515 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4515 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-KW | A4515 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4515 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A4515 | Direction - Decrypt, Encrypt Key Length - 256 | SP 800-38E", "Counter DRBG | A4515 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev.1", "AES-ECB | A4516 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4516 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4516 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "ECDSA KeyGen(FIPS186-5) | A4517 | Curve - P-224,P-256,P-384,P-521 Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4517 | Curve - P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4517 | Curve - P-224,P-256,P-384,P-521 Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512 Component - No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4517 | Component - No Curve - P-224,P-256,P-384,P-521 Hash Algorithm - SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4517 | Curve - P-224,P-256,P-384,P-521 Hash Algorithm - SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4517 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4517 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521 Scheme ephemeralUnified-KAS Role initiator, responder | SP 800-56A Rev.3", "KDA HKDF Sp800-56Cr1 | A4517 | Derived Key Length-2048 Shared Secret Length-Shared Secret Length:224-2048 Increment8 HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56C Rev.2", "KDF SSH(CVL) | A4517 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4517 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4517 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4517 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4517 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4517 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4517 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4517 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "ECDSA KeyGen(FIPS186-5) | A4518 | Curve-P-224,P-256,P-384,P-521Secret GenerationMode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4518 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4518 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4518 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4518 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4518 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4518 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4518 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4518 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4518 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4518 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4518 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role initiator, responder | SP 800-56ARev.3", "KDA HKDF Sp800-56Cr1 | A4518 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A4518 | Cipher-AE5-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4518 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4518 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4518 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4518 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4518 | Signature Type-PKCS1.5,PKCPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4518 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4518 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4518 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4518 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4518 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4518 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4518 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A4519 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A4519 | KeyLength-128 | SP 800-38C", "AES-CMAC | A4519 | Direction-Generation,VerificationKeyLength-128,256 | SP 800-38B", "AES-CTR | A4519 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4519 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-KW | A4519 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4519 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A4519 | Direction-Decrypt,EncryptKeyLength-256 | SP 800-38E", "Counter DRBG | A4519 | Prediction Resistance-NoMode-AES-256Derivation Function Enabled-No | SP 800-90ARev.1", "AES-ECB | A4520 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4520 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-GMAC | A4520 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-ECB | A4521 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4521 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-GMAC | A4521 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-ECB | A4522 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4522 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1,8.2.2Key Length-128,256 | SP 800-38D", "AES-GMAC | A4522 | Direction-Decrypt,EncryptIV Generation-External,Internal | SP 800-38D", "AES-CBC | A4523 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4523 | Key Length - 128 | SP 800-38C", "AES-CMAC | A4523 | Direction - Generation, VerificationKey Length - 128, 256 | SP 800-38B", "AES-CTR | A4523 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4523 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-KW | A4523 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4523 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38F", "AES-XTS TestingRevision 2.0 | A4523 | Direction - Decrypt, EncryptKey Length - 256 | SP 800-38E", "Counter DRBG | A4523 | Prediction Resistance - NoMode - AES-256Derivation Function Enabled - No | SP 800-90ARev.1", "AES-ECB | A4524 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4524 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4524 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-ECB | A4525 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4525 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4525 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-ECB | A4526 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4526 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4526 | Direction - Decrypt, EncryptIV Generation - External, InternalIV Generation Mode - 8.2.1, 8.2.2Key Length - 128, 256 | SP 800-38D", "AES-CBC | A4527 | Direction - Decrypt, EncryptKey Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4527 | Key Length - 128 | SP 800-38C", "AES-CMAC | A4527 | Direction - Generation, Verification Key Length - 128, 256 | SP 800-38B", "AES-CTR | A4527 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4527 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-KW | A4527 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-KWP | A4527 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-XTS Testing Revision 2.0 | A4527 | Direction - Decrypt, Encrypt Key Length - 256 | SP 800-38E", "Counter DRBG | A4527 | Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - No | SP 800-90A Rev.1", "AES-ECB | A4528 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4528 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4528 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-ECB | A4529 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4529 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4529 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-ECB | A4530 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38D", "AES-GCM | A4530 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "AES-GMAC | A4530 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 Key Length - 128, 256 | SP 800-38D", "ECDSA KeyGen(FIPS186-5) | A4531 | Curve - P-224,P-256,P-384,P-521 Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4531 | Curve - P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4531 | Curve - P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2- | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4531 | Component - NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4531 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4531 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4531 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF Sp800-56Cr1 | A4531 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A4531 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4531 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4531 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4531 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4531 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4531 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4531 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4531 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4531 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4531 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4531 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4531 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4531 | Message Length - Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "ECDSA KeyGen(FIPS186-5) | A4532 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4532 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4532 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4532 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4532 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4532 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4532 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF Sp800-56Cr1 | A4532 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048 Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A4532 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4532 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4532 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4532 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4532 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4532 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4532 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4532 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "ECDSA KeyGen(FIPS186-5) | A4533 | Curve-P-224,P-256,P-384,P-521Secret GenerationMode-testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4533 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4533 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Component-No | FIPS 186-5", "ECDSA SigVer(FIPS186-4) | A4533 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA-1 | FIPS 186-4", "ECDSA SigVer(FIPS186-5) | A4533 | Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4533 | KeyLength-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4533 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4533 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4533 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4533 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4533 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4533 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme ephemeralUnifiedKAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF Sp800-56Cr1 | A4533 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048 Increment8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-56CRev.2", "KDF SSH(CVL) | A4533 | Cipher-AE5-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "KDF TLS(CVL) | A4533 | TLS Version-v1.0/1.1,v1.2Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4533 | Iteration Count-Iteration Count:1000-10000Increment1Password Length-Password Length:14-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4533 | Key Generation Mode-probableModulo-2048,3072,4096Primality Tests-2powSecStrPrivate Key Format-standard | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4533 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4533 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4533 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4533 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4533 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4533 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4533 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4533 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A4533 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "ECDSA KeyGen (FIPS186-5) | A4534 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5", "ECDSA KeyVer (FIPS186-5) | A4534 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen (FIPS186-5) | A4534 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 Component - No | FIPS 186-5", "ECDSA SigVer (FIPS186-4) | A4534 | Component - No Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA-1 | FIPS 186-4", "ECDSA SigVer (FIPS186-5) | A4534 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5", "HMAC-SHA-1 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4534 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4534 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDA HKDF Sp800-56Cr1 | A4534 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-56C Rev. 2", "KDF SSH (CVL) | A4534 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "KDF TLS (CVL) | A4534 | TLS Version - v1.0/1.1, v1.2 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1", "PBKDF | A4534 | Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 14-128 Increment 1 | SP 800-132", "RSA KeyGen (FIPS186-5) | A4534 | Key Generation Mode - probable Modulo - 2048, 3072, 4096 | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4534 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "RSA SigVer(FIPS186-4) | A4534 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS186-4", "RSA SigVer(FIPS186-5) | A4534 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS186-5", "SHA-1 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A4534 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "Cryptographic Key Generation(CKG) | RSA(FIPS 186-5):2048,3072,4096 bits with 112,128,149 bits of key strengthEC(FIPS 186-5):P-224,P-256,P384,P-521 elliptic curves with112-256 bits of key strength | AWS-LC CryptographicModule(static build)(SHA\\_ASM) | SP 800-133Rev2section 5.1 and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS 186-5):2048,3072,4096 bits with 112,128,149 bits of key strengthEC(FIPS 186-5):P-224,P-256,P384,P-521 elliptic curves with112-256 bits of key strength. | AWS-LC CryptographicModule(static build)(SHA\\_CE) | SP 800-133Rev2section 5.1 and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS 186-5):2048,3072,4096 bits with 112,128,149 bits of key strengthEC(FIPS 186-5):P-224,P-256,P384,P-521 elliptic curves with112-256 bits of key strength. | AWS-LC CryptographicModule(static build)(NEON) | SP 800-133Rev2section 5.1 and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS 186-5):2048,3072,4096 bits with 112,128,149 bits of key strength. | AWS-LC CryptographicModule(static build)(SHA\\_SHANI) | SP 800-133Rev2section 5.1 and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS186-5):2048,3072,4096bitswith112,128,149bitsofkeystrength.EC(FIPS186-5):P-224,P-256,P384,P-521 elliptic curves with112-256bitsofkeystrength. | AWS-LC CryptographicModule(static build)(SHA\\_AVX2) | SP800-133Rev2section5.1and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS186-5):2048,3072,4096bitswith112,128,149bitsofkeystrength.EC(FIPS186-5):P-224,P-256,P384,P-521 elliptic curves with112-256bitsofkeystrength. | AWS-LC CryptographicModule(static build)(SHA\\_AVX) | SP800-133Rev2section5.1and5.2", "Cryptographic Key Generation(CKG) | RSA(FIPS186-5):2048,3072,4096bitswith112,128,149bitsofkeystrength.EC(FIPS186-5):P-224,P-256,P384,P-521 elliptic curves with112-256bitsofkeystrength. | AWS-LC CryptographicModule(static build)(SHA\\_SSSE3) | SP800-133Rev2section5.1和5.2", "MD5 | Allowed per IG 2.4.A | Message Digest used in TLS 1.0/1.1 KDF only", "AES with OFB or CFB1, CFB8 modes | Encryption,Decryption", "AES GCM,GCM,GMAC,XTS with keys not listed in Table 5 | Encryption,Decryption", "AES using aes\\_\\*\\_generic function | Encryption,Decryption", "AES GMAC using aes\\_\\*\\_generic | Message Authentication Generation", "Diffie Hellman | Shared Secret Computation", "HMAC-MD4,HMAC-MD5,HMAC-SHA1,HMAC-SHA-3,HMAC-RIPEMD-160 | Message Authentication Generation", "MD5(outside of TLS) | Message Digest", "RSA using RSA\\_generate\\_key\\_ex | Key Generation", "ECDSA using EC\\_KEY\\_generate\\_key | Key Generation", "RSA using keys less than 2048 bits | Signature Generation", "RSA using keys less than 1024 bits | Signature Verification", "RSA without hashing | Sign/Verify primitive operations", "RSA encryption primitive with PKCS#1 v1.5 and OAEP padding | Encryption", "SHA-1,SHA-3 | Signature Generation", "SHAKE,RIPEMD-160,SHA-3 | Message Digest", "TLS KDF using any SHA algorithms other than SHA2-256, SHA2-384, SHA2-512; or TLS KDF using non-extended master secret | Key Derivation", "RSA | Key Encapsulation/Un-encapsulation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4815", "Certificate Number": "4815", "Vendor Name": "VMware, Inc.", "Module Name": "VMware VMkernel Cryptographic Module 2.0", "Module Type": "Software", "Validation Date": "09/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4815.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4815", "module_name": "VMware VMkernel Cryptographic Module 2.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/25/2029", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The VMware VMkernel Cryptographic Module is a firmware cryptographic library that provides FIPS 140-3 Approved cryptographic services for VMware products and platforms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4814", "Certificate Number": "4814", "Vendor Name": "HP Inc.", "Module Name": "HP Endpoint Security Controller Cryptographic Library", "Module Type": "Hardware", "Validation Date": "09/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4814.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4814", "module_name": "HP Endpoint Security Controller Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/20/2028", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The HP Endpoint Security Controller is a platform root of trust embedded into many HP commercial PC’s, which implements the necessary cryptographic security services to enable HP firmware to provide hardware-enforced security and resilience capabilities to the broader computing platform, including but not limited to those described in NIST SP 800-193.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4813", "Certificate Number": "4813", "Vendor Name": "Toshiba Electronic Devices & Storage Corporation", "Module Name": "Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series MG09SCP18TA and MG09SCP16TA", "Module Type": "Hardware", "Validation Date": "09/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4813.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4813", "module_name": "Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series MG09SCP18TA and MG09SCP16TA", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/23/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series (MG09SCP18TA and MG09SCP16TA) is used for hard disk drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4812", "Certificate Number": "4812", "Vendor Name": "Outset Medical, Inc.", "Module Name": "Tablo Medical Informatics System", "Module Type": "Hardware", "Validation Date": "09/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4812.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4812", "module_name": "Tablo Medical Informatics System", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/23/2026", "overall_level": 1, "caveat": "Interim validation", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Outset Tablo Medical Informatics System is an internal component of the Outset Tablo and provides secure storage and transmission of patient data.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4811", "Certificate Number": "4811", "Vendor Name": "The OpenSSL Project", "Module Name": "OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "09/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4811.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4811", "module_name": "OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4810", "Certificate Number": "4810", "Vendor Name": "Google, LLC", "Module Name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "Module Type": "Hardware", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4810.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4810", "module_name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The DPSC is a HW block within the NVMe Protocol Engine that contains AES-XTS engines which support data rate encrypt and decrypt functions. The module is a sub-chip cryptographic subsystem intended for use within the Google IN762 SoC.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4809", "Certificate Number": "4809", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "Module Type": "Software-hybrid", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4809.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4809", "module_name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2026", "overall_level": 1, "caveat": "Interim validation. When operated in the approved mode and installed, initialized and configured as specified in Section 11.5 of the Security Policy with bound module Qualcomm® Pseudo Random Number Generator validated to FIPS 140-3 under Cert. #4778", "module_type": "Software-hybrid", "embodiment": "Single Chip", "description": "Qualcomm Trusted Execution Environment (TEE) Software Cryptographic Library provides various software cryptographic functionalities to the 64bit Qualcomm Trusted Execution Environment Trusted Applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4808", "Certificate Number": "4808", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "Amazon Linux 2023 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4808.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4808", "module_name": "Amazon Linux 2023 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon Linux 2023 Kernel Cryptographic API provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.", "detail_available": true, "algorithms": [ "AES", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A4551,A4554,A4557,A4558,A4561,A4563,A4566 | Key size:128,192,256 bits | Amazon Linux 2023 on EC2 c7g.metal Amazon Linux 2023 on EC2 c6i.metal SnowOS 1.0 on AWS Snowball SnowOS 1.0 on AWS Snowblade SnowOS 1.0 on AWS Snowcone | FIPS 197SP 800-38A", "AES-CBC-CS3 | A4551,A4554,A4557,A4558,A4561,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38AAddendum", "AES-CCM | A4551,A4554,A4557,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38C", "AES-CFB128 | A4551,A4554,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38A", "AES-CMAC | A4551,A4554,A4557,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38B", "AES-CTR | A4551,A4554,A4557,A4558,A4561,A4563,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38A", "AES-ECB | A4551,A4552,A4553,A4554,A4555,A4556,A4557,A4558,A4559,A4560,A4561,A4563,A4564,A4565,A4566,A4567,A4568 | Key size:128,192,256 bits | FIPS 197SP 800-38A", "AES-GCM | A4551,A4552,A4553,A4554,A4555,A4556,A4558,A4559,A4560,A4563,A4564,A4565,A4566,A4567,A4568 | Key size:128,192,256 bitsIV Generation:Internal(encryption)&External decryption)IV Generation Mode:8.2.2 | FIPS 197SP 800-38D", "AES-GMAC | A4551,A4554,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38D", "AES-KW | A4551,A4554,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38F", "AES-OFB | A4551,A4554,A4558,A4566 | Key size:128,192,256 bits | FIPS 197SP 800-38A", "AES-XTS | A4551,A4554,A4557,A4558,A4561,A4563,A4566 | Key size:128,256 bits | FIPS 197SP 800-38E", "CTR\\_DRBG | A4551,A4552,A4553,A4554,A4555,A4556,A4558,A4559,A4560,A4563,A4564,A4565,A4566,A4567,A4568 | Size:AES-128,AES-192,AES-256Without derivation functionWith/without prediction resistance | SP 800-90Ar1", "ECDSA | A4551 | Key Pair GenerationMode:Testing Candidates(Appendix B.4.2)Curves:P-256,P-384 | FIPS 186-4", "Hash\\_DRBG | A4551,A4569,A4570,A4571 | Hashes:SHA-1,SHA-256,SHA-512With/without prediction resistance | SP 800-90Ar1", "HMAC\\_DRBG | A4551,A4569,A4570,A4571 | Hashes:SHA-1,SHA-256,SHA-512With/without prediction resistance | SP 800-90Ar1", "HMAC | A4551,A4557,A4569,A4570,A4571 | SHA-1Key size:112-524288bits | FIPS 198-1FIPS 180-4", "A4551,A4557,A4561,A4562,A4569,A4570,A4571 | SHA-224,SHA-256Key size:112-524288bits | FIPS 198-1FIPS 180-4", "A4551,A4557,A4562,A4569,A4570,A4571 | SHA-384,SHA-512Key size:112-524288bits | FIPS 198-1FIPS 180-4", "A4551,A4557 | SHA3-224,SHA3-256,SHA3-384,SHA3-512Key size:112-524288bits | FIPS 198-1FIPS 202", "KAS-ECC-SSC | A4551 | Scheme:Ephemeral Unified ModelRoles;initiator,responderCurves:P-256,P-384 | SP 800-56Ar3", "KAS-FFC-SSC | A4551 | Scheme:dhEphemRoles;initiator,responderGroups:ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192 | FIPS 186-4", "RSA | A4551,A4569,A4570,A4571 | Signature VerificationPadding:PKCS#1v1.5Hashes:SHA-1,SHA-224,SHA-256,SHA-384,SHA-512Modulus:4096 bits | FIPS 186-4", "SHA-1 | A4551,A4557,A4569,A4570,A4571 | N/A | FIPS 180-4", "SHA-224 | A4551,A4557,A4561,A4562,A4569,A4570,A4571 | N/A", "SHA-256 | A4551,A4557,A4562,A4569,A4570,A4571 | N/A", "SHA-384 | A4551,A4557,A4562,A4569,A4570,A4571 | N/A", "SHA-512 | FIPS 202", "SHA3-224 | A4551,A4557 | N/A", "SHA3-256", "SHA3-384", "SHA3-512" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4807", "Certificate Number": "4807", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "WildFire 10.1 WF-500", "Module Type": "Hardware", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4807.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4807", "module_name": "WildFire 10.1 WF-500", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Wildfire 10.1 WF-500 from Palo Alto Networks Inc. cryptographic module designed to identify unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4806", "Certificate Number": "4806", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama 10.1 on Hardware Appliances", "Module Type": "Hardware", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4806.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4806", "module_name": "Panorama 10.1 on Hardware Appliances", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama M-Series management appliances provide centralized management and visibility of Palo Alto Networks next generation firewalls. From a central location, you can gain insight into applications, users, and content traversing the firewalls. The knowledge of what is on the network, in conjunction with safe application enablement policies, maximizes protection and control while minimizing administrative effort. Your security team can centrally perform analysis, reporting, and forensics with the aggregated data over time, or on data stored on the local firewall.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4805", "Certificate Number": "4805", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama Virtual Appliance 10.1", "Module Type": "Software", "Validation Date": "09/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4805.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4805", "module_name": "Panorama Virtual Appliance 10.1", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/22/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama offers easy-to-implement, centralized management features that provide insight into network-wide traffic and simplify configurations.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4804", "Certificate Number": "4804", "Vendor Name": "Red Hat(R), Inc.", "Module Name": "Red Hat Enterprise Linux 8 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "09/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4804.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4804", "module_name": "Red Hat Enterprise Linux 8 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/18/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 8 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3648 | - | SP 800-38A", "AES-CCM | A3648 | - | SP 800-38C", "AES-CMAC | A3648 | - | SP 800-38B", "AES-CTR | A3648 | - | SP 800-38A", "AES-ECB | A3648 | - | SP 800-38A", "AES-GCM | A3648 | - | SP 800-38D", "AES-GMAC | A3648 | - | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3648 | - | SP 800-38E", "Counter DRBG | A3648 | - | SP 800-90A Rev.1", "Hash DRBG | A3648 | - | SP 800-90A Rev.1", "HMAC DRBG | A3648 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3648 | - | FIPS 198-1", "HMAC-SHA2-224 | A3648 | - | FIPS 198-1", "HMAC-SHA2-256 | A3648 | - | FIPS 198-1", "HMAC-SHA2-384 | A3648 | - | FIPS 198-1", "HMAC-SHA2-512 | A3648 | - | FIPS 198-1", "RSA SigVer (FIPS186-4) | A3648 | - | FIPS 186-4", "SHA-1 | A3648 | - | FIPS 180-4", "SHA2-224 | A3648 | - | FIPS 180-4", "SHA2-256 | A3648 | - | FIPS 180-4", "SHA2-384 | A3648 | - | FIPS 180-4", "SHA2-512 | A3648 | - | FIPS 180-4", "HMAC-SHA3-224 | A3649 | - | FIPS 198-1", "HMAC-SHA3-256 | A3649 | - | FIPS 198-1", "HMAC-SHA3-384 | A3649 | - | FIPS 198-1", "HMAC-SHA3-512 | A3649 | - | FIPS 198-1", "SHA3-224 | A3649 | - | FIPS 202", "SHA3-256 | A3649 | - | FIPS 202", "SHA3-384 | A3649 | - | FIPS 202", "SHA3-512 | A3649 | - | FIPS 202", "AES-CFB128 | A3650 | - | SP 800-38A", "AES-CBC-CS3 | A3651 | - | SP 800-38A", "AES-ECB | A3652 | - | SP 800-38A", "AES-GCM | A3652 | - | SP 800-38D", "Counter DRBG | A3652 | - | SP 800-90A Rev.1", "Hash DRBG | A3652 | - | SP 800-90A Rev.1", "HMAC DRBG | A3652 | - | SP 800-90A Rev.1", "AES-ECB | A3653 | - | SP 800-38A", "AES-GCM | A3653 | - | SP 800-38D", "Counter DRBG | A3653 | - | SP 800-90A Rev.1", "Hash DRBG | A3653 | - | SP 800-90A Rev.1", "HMAC DRBG | A3653 | - | SP 800-90A Rev.1", "AES-CBC | A3654 | - | SP 800-38A", "AES-CTR | A3654 | - | SP 800-38A", "AES-ECB | A3654 | - | SP 800-38A", "AES-GCM | A3654 | - | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3654 | - | SP 800-38E", "Counter DRBG | A3654 | - | SP 800-90A Rev.1", "Hash DRBG | A3654 | - | SP 800-90A Rev.1", "HMAC DRBG | A3654 | - | SP 800-90A Rev.1", "AES-ECB | A3655 | - | SP 800-38A", "AES-GCM | A3655 | - | SP 800-38D", "Counter DRBG | A3655 | - | SP 800-90A Rev.1", "Hash DRBG | A3655 | - | SP 800-90A Rev.1", "HMAC DRBG | A3655 | - | SP 800-90A Rev.1", "AES-ECB | A3656 | - | SP 800-38A", "AES-GCM | A3656 | - | SP 800-38D", "Counter DRBG | A3656 | - | SP 800-90A Rev.1", "Hash DRBG | A3656 | - | SP 800-90A Rev.1", "HMAC DRBG | A3656 | - | SP 800-90A Rev.1", "AES-CBC | A3657 | - | SP 800-38A", "AES-CCM | A3657 | - | SP 800-38C", "AES-CMAC | A3657 | - | SP 800-38B", "AES-CTR | A3657 | - | SP 800-38A", "AES-ECB | A3657 | - | SP 800-38A", "AES-GCM | A3657 | - | SP 800-38D", "AES-GMAC | A3657 | - | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3657 | - | SP 800-38E", "Counter DRBG | A3657 | - | SP 800-90A Rev.1", "Hash DRBG | A3657 | - | SP 800-90A Rev.1", "HMAC DRBG | A3657 | - | SP 800-90A Rev.1", "AES-ECB | A3658 | - | SP 800-38A", "AES-GCM | A3658 | - | SP 800-38D", "Counter DRBG | A3658 | - | SP 800-90A Rev.1", "Hash DRBG | A3658 | - | SP 800-90A Rev.1", "HMAC DRBG | A3658 | - | SP 800-90A Rev.1", "AES-CFB128 | A3660 | - | SP 800-38A", "AES-CBC-CS3 | A3661 | - | SP 800-38A", "Hash DRBG | A3662 | - | SP 800-90A Rev.1", "HMAC DRBG | A3662 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3662 | - | FIPS 198-1", "HMAC-SHA2-224 | A3662 | - | FIPS 198-1", "HMAC-SHA2-256 | A3662 | - | FIPS 198-1", "HMAC-SHA2-384 | A3662 | - | FIPS 198-1", "HMAC-SHA2-512 | A3662 | - | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3662 | - | FIPS 186-4", "SHA-1 | A3662 | - | FIPS 180-4", "SHA2-224 | A3662 | - | FIPS 180-4", "SHA2-256 | A3662 | - | FIPS 180-4", "SHA2-384 | A3662 | - | FIPS 180-4", "SHA2-512 | A3662 | - | FIPS 180-4", "Hash DRBG | A3663 | - | SP 800-90A Rev.1", "HMAC DRBG | A3663 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3663 | - | FIPS 198-1", "HMAC-SHA2-224 | A3663 | - | FIPS 198-1", "HMAC-SHA2-256 | A3663 | - | FIPS 198-1", "HMAC-SHA2-384 | A3663 | - | FIPS 198-1", "HMAC-SHA2-512 | A3663 | - | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3663 | - | FIPS 186-4", "SHA-1 | A3663 | - | FIPS 180-4", "SHA2-224 | A3663 | - | FIPS 180-4", "SHA2-256 | A3663 | - | FIPS 180-4", "SHA2-384 | A3663 | - | FIPS 180-4", "SHA2-512 | A3663 | - | FIPS 180-4", "Hash DRBG | A3664 | - | SP 800-90A Rev.1", "HMAC DRBG | A3664 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3664 | - | FIPS 198-1", "HMAC-SHA2-224 | A3664 | - | FIPS 198-1", "HMAC-SHA2-256 | A3664 | - | FIPS 198-1", "HMAC-SHA2-384 | A3664 | - | FIPS 198-1", "HMAC-SHA2-512 | A3664 | - | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3664 | - | FIPS 186-4", "SHA-1 | A3664 | - | FIPS 180-4", "SHA2-224 | A3664 | - | FIPS 180-4", "SHA2-256 | A3664 | - | FIPS 180-4", "SHA2-384 | A3664 | - | FIPS 180-4", "SHA2-512 | A3664 | - | FIPS 180-4", "AES-GCM with external IV | Encryption", "KBKDF(libkcapi) | Key derivation", "HKDF(libkcapi) | Key derivation", "RSA | Encryption primitive; Decryption primitive", "RSA with PKCS#1 v1.5 padding | Signature generation (pre-hashed message); Signature verification (pre-hashed message);" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4802", "Certificate Number": "4802", "Vendor Name": "Western Digital Technologies, Inc.", "Module Name": "Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED", "Module Type": "Hardware", "Validation Date": "09/16/202401/30/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4802.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4802", "module_name": "Ultrastar DC HC560 TCG Enterprise HDD SED, Ultrastar DC HC570 TCG Enterprise HDD SED", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/15/2029", "overall_level": 2, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Western Digital Ultrastar DC HC560 TCG Enterprise HDD, hereafter referred to as Ultrastar DC HC560, Cryptographic Module, cryptographic module, or CM, and the Western Digital Ultrastar DC HC570 TCG Enterprise HDD, hereafter referred to as Ultrastar DC HC570, Cryptographic Module, cryptographic module, or CM are self-encryption drives (SED) that comply in general with the specifications listed in 13.2 Trusted Computing Group Specifications and specifically with the TCG Storage Architecture Core Specification [TCG Core] with the Trusted Computing Group (TCG) Security Subsystem Class (SSC): Enterprise Specification [TCG Enterprise]. The TCG SSC Enterprise Specification defines a management interface for host application software to activate, provision, and manage encryption of user data. The specification includes data structures and their required content, and mechanisms for managing and configuring Authentication Credentials and access controls. The security architecture provides a locking mechanism by which an Authentication Credential (i.e., a password) can be set by an operator to enable control of access to user data. After an operator authenticates to the appropriate role and locks access to user data access user data is inaccessible. This implementation complies with the lock-based authentication model specified in IG 4.1.A.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA", "SHS" ], "algorithms_detailed": [ "Avago Technologies | AES 35805 | AES \\[FIPS 197\\] | CBC \\[SP 800 38A\\] | Key Size:128,256 Key Strength:128 bits,256 bits | Encryption and Decryption of SSPs.", "ECB \\[SP 800 38A\\] | Key Size:128,256 Key Strength:128 bits,256 bits | Encryption and Decryption,AES KWP.", "Western Digital Corporation | A2098 | AES \\[FIPS 197\\] | KWP \\[SP 800 38F\\] ECB \\[SP 800 38A\\] | Forward Payload Length:96-1024,Increment 8 Key Size:256 Key Strength:256 | Authenticated Encryption, Authenticated Decryption of Root Signing Key.", "Western Digital Corporation | A2099 | AES \\[FIPS 197\\] | CBC \\[SP 800 38A\\] | Key Size:256 Key Strength:256 bits | Descrambles OptiNAND sFFU firmware image.", "Western Digital Corporation | A2101 | AES \\[FIPS 197\\] | ECB \\[SP 800 38A\\] | Key Size:128,256 Key Strength:128,256 bits | Encryption,Decryption,DEE self-tests.", "Western Digital Corporation | A2098 | DRBG \\[SP 800 90A\\] | CTR | Mode:AES-256 Derivation Function:True Prediction Resistance:False Key Size:256 Key Strength:256 bits | Deterministic Random Bit Generation Security Strength=256", "Avago Technologies | HMAC 2280 | HMAC \\[FIPS 198\\] | SHA-1 | Message Length:8-51200, Increment:8Key Size:160Key Strength:160 bits | Not used", "SHA2-224 | Message Length:8-51200, Increment:8Key Size:224Key Strength:224 bits | Not used", "SHA2-256 | Message Length:8-51200, Increment:8Key Size:256Key Strength:256 bits | Message Authentication of signed encrypted SSPs,PBKDF2 derived key generation", "Western Digital Corporation | A2100 | PBKDF2\\[SP 800132\\] | Option 2a | Master Key Generation Type:Option 2aIteration Count:2-1024 with Increment1HMAC Algorithm:SHA2-256Password Length:32Salt Length:128-512with Increment8Key Data Length:256-4096 withIncrement:256Key Strength:256 | Password based key derivation function usingHMAC-SHA2-256(Cert#HMAC 2280).The derived generated keys,Ksaand Ksaencrypt data protection keys used in a data storage application.", "Western Digital Corporation | A2098 | RSA SigVer\\[FIPS186\\] | PSS | Signature Type:PKCSPSSHash Algorithm:SHA2-256Modulo:3072Key Strength:128 bits | SigVer within the ACMRoT.", "Western Digital Corporation | A2099 | RSA SigVer\\[FIPS186\\] | PSS | Signature Type:PKCSPSSHash Algorithm:SHA2-256Modulo:3072Key Strength:128 bits | SigVer within theOptiNAND device.", "Avago Technologies | SHS 2942 | SHS\\[FIPS180\\] | SHA-1 | Message Length:8-51200, Increment:8Key Size:160Key Strength:160 bits | Not used", "SHA2-256 | Message Length:8-51200, Increment:8Key Size:256Key Strength:256 bits | Message digest generation.Digital signature verification within theACM RoT", "Western Digital Corporation | A2099 | SHS\\[FIPS 180\\] | SHA2-256 | Message Length:0-65536,Increment:8Key Size:256Key Strength:256 bits | Message digest generation.Digital signature verification within theOptiNAND device.", "CKG-Direct | AES 256: Symmetric Key Generation | N/A | SP 800-133rev2 Section 4 example #1,Section 6.1 and IG D.H", "CKG-Combined | AES 256: Symmetric Key Generation | N/A | SP 800-133rev2 Section 6.3 example #2 and IG D.H", "Authority\\_Digest\\_Generation | MAC | Generates an HMAC message digest of an Authentication Credential PIN | Publications:\\[IG 10.3.A\\] | HMAC-SHA2-256(Cert #HMAC2280) | Message Length:8-51200,Increment:8,Key Size:256,Key Strength:256 bits", "Authority\\_Digest\\_Verification | MAC | Verifies the HMAC digest of an Authentication Credential PIN. | Publications:\\[IG 10.3.A\\] | HMAC-SHA2-256(Cert #HMAC2280) | Message Length:8-51200,Increment:8,Key Size:256,Key Strength:256 bits" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4801", "Certificate Number": "4801", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 9 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "09/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4801.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4801", "module_name": "Oracle Linux 9 NSS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/15/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/.", "algorithms": [ "AES", "CVL", "DES", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "SHA2-224 | A4760 | N/A | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC7J13: Generic C", "SHA2-256 | A4760 | N/A | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC7J13: Generic C", "SHA2-384 | A4760 | N/A | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC7J13: Generic C", "SHA2-512 | A4760 | N/A | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC7J13: Generic C", "AES-ECB | A4760,A4767,A4769 | Encryption,Decryption using128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC7J13: Generic C,CE,AESNI", "AES-CBC | #A4760,#A4767,#A4769 | Encryption,Decryption using128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux8 on AMD EPYC™7001 Series AMD EPYC7113:GenericC,CE,AESNIOracle Linux 9 on KVM on Oracle Linux8 on Ampere®Altra®Q80-30:GenericC,CE,AESNIOracle Linux 9 on KVM on Oracle Linux8 on Intel®Xeon®Platinum8358:GenericC,CE,AESNI | FIPS197SP800-38ASP800-38AAddendum", "AES-CBC-CS1 | #A4765 | Encryption,Decryption using128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux8 on AMD EPYC™7001 Series AMD EPYC7113:GenericC,CTSOracle Linux 9 on KVM on Oracle Linux8 on Ampere®Altra®Q80-30:GenericC,CTSOracle Linux 9 on KVM on Oracle Linux8 on Intel®Xeon®Platinum8358:GenericC,CTS | FIPS197SP800-38AAddendum", "AES-CTR | #A4760,#A4769 | Encryption,Decryption using128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux8 on AMD EPYC™7001 Series AMD EPYC7113:GenericC,CTSOracle Linux 9 on KVM on Oracle Linux8 on Ampere®Altra®Q80-30:GenericC,CTSOracle Linux 9 on KVM on Oracle Linux8 on Intel®Xeon®Platinum8358:GenericC,CTS | FIPS197SP800-38AAddendum", "AES-CMAC | #A4762 | MessageAuthenticationusing128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux8 on AMD EPYC™7001 Series AMD EPYC7113:GenericC,CMACOracle Linux 9 on KVM on Oracle Linux8 on Ampere®Altra®Q80-30:GenericC,CMACOracle Linux 9 on KVM on Oracle Linux8 on Intel®Xeon®Platinum8358:GenericC,CMAC | FIPS197SP800-38B", "AES-GCM | #A4760,#A4767,#A4769 | AuthenticatedEncryption(internalIV),AuthenticatedDecryption(externalIV)using128,192,256-bitkeys | Oracle Linux 9 on KVM on Oracle Linux8 on AMD EPYC™7001 Series AMD EPYC7113:GenericC,CE,AESNIOracle Linux 9 on KVM on Oracle Linux8 on Ampere®Altra®Q80-30:GenericC,CE,AESNIOracle Linux 9 on KVM on Oracle Linux8 on Intel®Xeon®Platinum8358:GenericC,CE,AESNI | FIPS197SP800-38D", "AES-KW | #A4761, #A4766, #A4768 | Key Wrapping, Key Unwrapping using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™ 7001 Series AMD EPYC 7113: Generic C KW, AESNI KWOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic C KW, AESNI KWOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C KW, AESNI KW | FIPS 197 SP 800-38F", "AES-KWP | #A4761, #A4766, #A4768 | Key Wrapping, Key Unwrapping using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™ 7001 Series AMD EPYC 7113: Generic C KW, AESNI KWOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic C KW, AESNI KWOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C KW, AESNI KW | FIPS 197 SP 800-38F", "HMAC | #A4760 | SHA-224, SHA-256, SHA-384, SHA-512 112-524288-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™ 7001 Series AMD EPYC 7113: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | FIPS 198-1 FIPS 180-4", "KBKDF | #A4763 | Modes: counter, feedback, double pipeline CMAC and HMAC SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™ 7001 Series AMD EPYC 7113: Generic C KBKDFOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic C KBKDFOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C KBKDF | SP 800-108r1", "HKDF | #A4759 | Key Derivation with HMAC SHA-224, SHA-256, SHA-384, SHA-512 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™ 7001 Series AMD EPYC 7113: TLS v1.3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: TLS v1.3Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: TLS v1.3 | SP 800-56Cr1", "TLS 1.0/1.1 KDF (CVL) | #A4760 | Key Derivation with SHA1 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | SP 800-135r1", "TLS 1.2 KDF (CVL RFC 7627) | #A4760 | Hashes: SHA-256, SHA-384, SHA-512 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | SP 800-135r1", "IKEv2 KDF (CVL) | #A4764 | Hashes: SHA-1, SHA-256, SHA-384, SHA-512 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: IKE KDFOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: IKE KDFOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: IKE KDF | SP 800-135r1", "PBKDF2 | #A4760 | Option 1a Password length: 7-128 characters Salt length: 128-4096 bytes Iteration count: 1000-10000 Hashes: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | SP 800-132", "Hash\\_DRBG | #A4760 | Hashes: SHA-256 With without prediction resistance | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | SP 800-90Ar1", "KAS-FFC-SSC | #A4760 | Scheme: dhEphem Roles: initiator, responder Groups: MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 71J3: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: Generic COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: Generic C | SP 800-56Ar3", "KAS-ECC-SSC | #A4760 | Scheme: Ephemeral Unified Model Roles: initiator, responder Curves: P-256,P-384,P-521 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC7001 Series AMD EPYC7113: Generic C", "DSA1 | #A4760 | Signature Verification Hashes: SHA-224,SHA-256,SHA-384,SHA-512Keys:(L=1024,N=160);(L=2048,N=224);(L=2048,N=256);(L=3072,N=256) | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC7001 Series AMD EPYC7113: Generic C", "RSA | #A4760 | Signature Generation & Verification Padding: PKCS#1v1.5 and PSSHashes: SHA-224,SHA-256,SHA-384,SHA-512Modulus:2048-4096 bits | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC7001 Series AMD EPYC7113: Generic C", "RSA | #A4760 | Signature Verification Padding: PKCS#1v1.5 and PSSHashes: SHA-224,SHA-256,SHA-384,SHA-512Modulus:1024,1280,1536,1792bits | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC7001 Series AMD EPYC7113: Generic C", "ECDSA | #A4760 | Signature Generation & Verification Hashes: SHA-224,SHA-256,SHA-384,SHA-512Curves:P-256,P-384,P-521 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC7001 Series AMD EPYC7113: Generic C", "RSA | A4760 | Key Pair Generation Mode: Probable Primes (Appendix B.3.3) Modulus: 2048-4096 bits | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7J13: Generic C", "ECDSA | A4760 | Key Pair Generation Mode: Extra Random Bits (Appendix B.4.1) Curves: P-256, P-384, P-521 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7J13: Generic C", "RSA:", "ECDSA:", "MD5 | Only allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.A | Message digest used in TLS 1.0/1.1 KDF only", "MD2, MD5, SHA-1 | Message Digest", "RC2, RC4, DES, Triple-DES, CDMF, Camellia, SEED, ChaCha20(-Poly1305) | EncryptionDecryption", "AES GCM(external IV) | Encryption", "CBC-MAC,AES XCBC-MAC,AES XCBC-MAC-96 | Message Authentication", "HMAC-SHA-1,HMAC(MD2,MD5;<112-bit keys)", "HMAC/SSLv3 MAC(constant-time implementation)", "RSA OAEP | Key Encapsulation/Decapsulation", "KBKDF,HKDF,TLS1.0/1.1KDF,TLS1.2KDF,IKEv2PRF(<112-bit keys)", "KBKDF(MD2,MD5)", "J-PAKE | Shared Secret Computation", "KAS-FFC-SSC(FIPS186-type groups)", "KAS-ECC-SSC(P-192)", "DSA | Parameter GenerationParameter VerificationKey Pair GenerationSignature Generation", "RSA with SHA-1,RSA(primitive;PKCS#1v1.5或PSSwithMD2,MD5)ECDSA(P-192) | Signature GenerationSignature Verification", "RSA | Asymmetric EncryptionAsymmetric Decryption", "RSA(<2048bits)", "ECDSA(P-192)", "KAS-ECC-SSC\\[SP800-56ARev3\\] | KAS | Shared Secret Computation | Ephemeral Unified scheme", "Compliant with IG D.F scenario2(1) | KAS-ECC-SSC:#A4760", "KAS-FFC-SSC\\[SP800-56ARev3\\] | Ephemeral Unified scheme", "Keys:2048,3072,4096,6144,8192-bit keys with 112-200bits of key strength | KAS-FFC-SSC:#A4760" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4800", "Certificate Number": "4800", "Vendor Name": "PQShield LTD", "Module Name": "PQCryptoLib", "Module Type": "Software", "Validation Date": "09/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4800.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4800", "module_name": "PQCryptoLib", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/15/2026", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The PQCryptoLib is a library of cryptographic primitives with a C interface offering security against quantum adversaries.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4799", "Certificate Number": "4799", "Vendor Name": "Google, LLC", "Module Name": "Look-aside Cryptography and Compression Engine (LCE)", "Module Type": "Hardware", "Validation Date": "09/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4799.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4799", "module_name": "Look-aside Cryptography and Compression Engine (LCE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module [Google Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module] validated to FIPS 140-2 under Cert. #4400 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Look-aside Cryptography and Compression Engine (LCE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides lookaside cryptography services including bulk encryption, cryptographic hashing, Integrity Checksum Value (ICV) verification, and compression services. The module also supports operation chaining including cryptographic and pipeline compressing/decompressing and verification as well as standalone or combined DMA data (payload) transfers between nodes.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4798", "Certificate Number": "4798", "Vendor Name": "Google, LLC", "Module Name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module", "Module Type": "Firmware-Hybrid", "Validation Date": "09/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4798.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4798", "module_name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4797", "Certificate Number": "4797", "Vendor Name": "Google, LLC", "Module Name": "Inline Crypto Engine (ICE)", "Module Type": "Hardware", "Validation Date": "09/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4797.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4797", "module_name": "Inline Crypto Engine (ICE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Inline Crypto Engine (ICE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides a cryptographic engine supporting cryptographic offload for IPsec and PSP protocols. The ICE module processes network infrastructure packets in both the Ingress and Egress directions. In addition to providing the cryptographic primitives for the security protocols it also provides packet integrity authentication and anti-replay protection.", "detail_available": true, "algorithms": [ "AES", "KDF" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4796", "Certificate Number": "4796", "Vendor Name": "Red Hat(R), Inc.", "Module Name": "Red Hat Enterprise Linux 9 Kernel Cryptographic API", "Module Type": "Software", "Validation Date": "09/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4796.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4796", "module_name": "Red Hat Enterprise Linux 9 Kernel Cryptographic API", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/10/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 9 Kernel Cryptographic API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3629 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A3629 | Key Length-128,192,256 | SP 800-38C", "AES-CMAC | A3629 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3629 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3629 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-GCM | A3629 | Direction- Decrypt, Encrypt IV Generation- External IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3629 | Direction- Decrypt, Encrypt IV Generation- External IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3629 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3629 | Prediction Resistance-No, Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "Hash DRBG | A3629 | Prediction Resistance - No, Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A3629 | Prediction Resistance - No, Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA-1 | A3629 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3629 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3629 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3629 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3629 | Key Length - Key Length:112-524288 Increment8 | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3629 | Signature Type-PKCS1.5 Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3629 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A3629 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A3629 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A3629 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A3629 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 180-4", "HMAC-SHA3-224 | A3630 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3630 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3630 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3630 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "SHA3-224 | A3630 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-256 | A3630 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-384 | A3630 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2 | FIPS 202", "SHA3-512 | A3630 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes - 1,2 | FIPS 202", "AES-CFB128 | A3631 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-OFB | A3632 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3633 | Direction - decrypt, encryptKey Length - 128,192,256 | SP 800-38A", "AES-ECB | A3634 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-GCM | A3634 | Direction - EncryptIV Generation - InternalIV Generation Mode - 8.2.1Key Length - 128,192,256 | SP 800-38D", "Counter DRBG | A3634 | Prediction Resistance - No, YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "Hash DRBG | A3634 | Prediction Resistance - No, YesMode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3634 | Prediction Resistance - No, YesMode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "AES-ECB | A3635 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-GCM | A3635 | Direction - Decrypt, EncryptIV Generation - ExternalIV Generation Mode - 8.2.1Key Length - 128,192,256 | SP 800-38D", "Counter DRBG | A3635 | Prediction Resistance - No, YesMode - AES-128,AES-192,AES-256Derivation Function Enabled - Yes | SP 800-90ARev.1", "Hash DRBG | A3635 | Prediction Resistance - No, YesMode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3635 | Prediction Resistance - No, YesMode - SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "AES-CBC | A3636 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CTR | A3636 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-ECB | A3636 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-GCM | A3636 | Direction - Decrypt, EncryptIV Generation - ExternalIV Generation Mode - 8.2.1Key Length - 128,192,256 | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3636 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3636 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "Hash DRBG | A3636 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A3636 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "AES-ECB | A3637 | Direction- Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3637 | Direction- Encrypt IV Generation-Internal IV GenerationMode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "Counter DRBG | A3637 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "Hash DRBG | A3637 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A3637 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "AES-ECB | A3638 | Direction- Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3638 | Direction- Decrypt,Encrypt IV Generation-External IV GenerationMode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "Counter DRBG | A3638 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "Hash DRBG | A3638 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "HMAC DRBG | A3638 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90A Rev.1", "AES-CBC | A3639 | Direction- Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3639 | Key Length-128,192,256 | SP 800-38C", "AES-CMAC | A3639 | Direction- Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3639 | Direction- Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3639 | Direction- Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A3639 | Direction- Decrypt, EncryptIV Generation- ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3639 | Direction- Decrypt, EncryptIV Generation- ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-XTS Testing Revision 2.0 | A3639 | Direction- Decrypt, EncryptKey Length-128,256 | SP 800-38E", "Counter DRBG | A3639 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Hash DRBG | A3639 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3639 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "AES-ECB | A3640 | Direction- Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A3640 | Direction- EncryptIV Generation- InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "Counter DRBG | A3640 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Hash DRBG | A3640 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3640 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "AES-ECB | A3641 | Direction- Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-GCM | A3641 | Direction- Decrypt,EncryptIV Generation- ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "Counter DRBG | A3641 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-Yes | SP 800-90ARev.1", "Hash DRBG | A3641 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3641 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-90ARev.1", "AES-CFB128 | A3642 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-OFB | A3643 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CBC-CS3 | A3644 | Direction-decrypt,encryptKeyLength-128,192,256 | SP800-38A", "Hash DRBG | A3645 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3645 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3645 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3645 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3645 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3645 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A3645 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "RSA SigVer(FIPS186-4) | A3645 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS186-4", "SHA-1 | A3645 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-224 | A3645 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-256 | A3645 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-384 | A3645 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "SHA2-512 | A3645 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS180-4", "Hash DRBG | A3646 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3646 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3646 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3646 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3646 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3646 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3646 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3646 | Signature Type-PKCS1.5 Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3646 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A3646 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A3646 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-384 | A3646 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-512 | A3646 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "Hash DRBG | A3647 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3647 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3647 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3647 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3647 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3647 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3647 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "RSA SigVer(FIPS186-4) | A3647 | Signature Type-PKCS1.5Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3647 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-224 | A3647 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4", "SHA2-256 | A3647 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4795", "Certificate Number": "4795", "Vendor Name": "Communication Devices Inc.", "Module Name": "Port Authority Series", "Module Type": "Hardware", "Validation Date": "09/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4795.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4795", "module_name": "Port Authority Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/10/2029", "overall_level": 2, "caveat": "Interim validation", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Secure Out of Band Management appliance providing the means to securely manage and power cycle remote equipment via cellular network, analog modem and network access.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "SHA", "SHS" ], "algorithms_detailed": [ "A3214 | SHA-3\\[FIPS 202\\] | SHA3-256 | Conditioning", "A4440 | AES\\[SP800-38A\\] | ECB1 | 128and256-bit keys with128and256-bitkey strengths | Encrypt/Decrypt", "A4440 | AES\\[SP800-38D\\] | GCM | 128and256-bitkeyswith128and256-bitkey strengths | Encrypt/Decrypt", "A4440 | DRBG\\[SP800-90A\\] | HMAC DRBG | SHA2-256with128-bitkey strength | DeterministicRandomBitGeneration", "A4440 | ECDSA\\[FIPS186-4\\] | KeyGen | P-256with128-bitkey strength | AsymmetricKeyGeneration", "A4440 | ECDSA\\[FIPS186-4\\] | KeyVer | P-256with128-bitkey strength | AsymmetricKeyVerification", "A4440 | ECDSA\\[FIPS186-4\\] | SigGen | P-256/SHA2-256with128-bitkey strength | SignatureGeneration", "A4440 | ECDSA\\[FIPS186-4\\] | SigVer | P-256/SHA2-256with128-bitkey strength | SignatureVerification", "A4440 | HMAC\\[FIPS198-1\\] | HMAC2 | SHA-1/128-1024-bitkeyswith112-bitkeystrength,SHA2-256/256-512-bitkeyswith128-bitkeystrength,SHA2-384/256-512-bitkeyswith192-bitkeystrength | MessageAuthentication", "A4440 | KAS\\[SP800-56Arev3\\] | KAS-ECC-SSC\\[SP800-56Arev3\\]/A4440TLS1.3KDF/A4440 | P-256with128-bitkeystrength | TLSkeyagreement", "A4440 | KAS-ECC-SSC\\[SP800-56Arev3\\] | EphemeralUnified | P-256with128-bitkeystrength | SharedSecretComputationforKeyAgreement", "A4440 | SHS\\[FIPS180-4\\] | SHA-13,SHA2-256,SHA2-384 | MessageDigest", "A4440 | TLS1.3KDF\\[RFC8446\\]CVL | HMAC-SHA2-256,HMAC-SHA2-384 | KeyDerivationFunctionNo parts ofthese", "AES-CFB8 | Network metrics output over SNMPv3 protocol is obfuscated and considered plaintext | SNMPv3 privacy protocol", "SNMP KDF | Key localization function uses a SHA2-256 hash function not | SNMPv3 key derivation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4794", "Certificate Number": "4794", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "09/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4794.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4794", "module_name": "Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/10/2029", "overall_level": 1, "caveat": "Interim validation; When operated in approved mode; When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Canonical Ltd. Ubuntu 22.04 OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | A3958 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3958 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3958 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3958 | Direction-decrypt, encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3958 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3958 | Direction-Generation,Verification KeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-KW | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3958 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3958 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "AES-CBC | A3959 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3959 | Direction-Decrypt,encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3959 | Direction-decrypt,encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3959 | Direction-decrypt,encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3959 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3959 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3959 | Direction-Generation,Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-KW | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3959 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3959 | Direction-Decrypt,Encrypt Key Length-128,256 | SP 800-38E", "AES-CBC | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3960 | Direction-decrypt,encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3960 | Direction-decrypt,encrypt Key Length-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3960 | Direction-decrypt,encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A3960 | Key Length-128,192,256 | SP 800-38C", "AES-CFB1 | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB128 | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3960 | Direction-Generation,Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-KW | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38F", "AES-KWP | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3960 | Direction-Decrypt,Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3960 | Direction - Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "AES-GCM | A3961 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3961 | Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode-8.2.1 Key Length-128,192,256 | SP 800-38D", "ECDSA KeyGen(FIPS186-4) | A3962 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3962 | Curve-P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3962 | Component-No Curve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3962 | Component-No Curve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "HMAC-SHA-1 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A3962 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "KAS-ECC-SSCSp800-56Ar3 | A3962 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDF ANS 9.42(CVL) | A3962 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A3962 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096 Increment8 | SP 800-135Rev.1", "PBKDF | A3962 | Iteration Count - Iteration Count: 1000-10000 Increment 1Password Length - Password Length:8-128 Increment 1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3962 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3962 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3962 | Signature Type-PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3962 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A3962 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "HMAC-SHA2-256 | A3963 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "SHA2-256 | A3963 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "ECDSA SigGen(FIPS186-4) | A3964 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3964 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "HMAC-SHA3-224 | A3964 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3964 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3964 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3964 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KDF ANS 9.42(CVL) | A3964 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:112-4096 Increment8 | SP800-135Rev.1", "PBKDF | A3964 | Iteration Count-Iteration Count:1000-10000 Increment1Password Length-Password Length:8-128 Increment1 | SP800-132", "SHA3-224 | A3964 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-256 | A3964 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-384 | A3964 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-512 | A3964 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHAKE-128 | A3964 | Output Length-Output Length:16-65536 Increment8 | FIPS202", "SHAKE-256 | A3964 | Output Length-Output Length:16-65536 Increment8 | FIPS202", "KDA OneStepSP800-56Cr2 | A3965 | Derived Key Length-2048Shared Secret Length-Shared Secret Length:224-2048Increment8 | SP800-56CRev.2", "ECDSA KeyGen(FIPS186-4) | A3966 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3966 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3966 | Component-NoCurve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3966 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571Hash Algorithm-SHA1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3967 | Component-NoCurve-B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3967 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "KAS-ECC-SSCSp800-56Ar3 | A3968 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571Scheme ephemeralUnified-KAS Role-initiator,responder | SP800-56ARev.3", "KDA HKDFSp800-56Cr1 | A3969 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length: 224-2048Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384 | SP 800-56CRev.2", "TLS v1.3 KDF(CVL) | A3969 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "Counter DRBG | A3970 | Prediction Resistance-No,YesMode-AES-128,AES-192,AES-256Derivation Function Enabled-No,Yes | SP 800-90ARev.1", "Hash DRBG | A3970 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3970 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "AES-ECB | A3971 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "KDF SSH(CVL) | A3971 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "ECDSA SigGen(FIPS186-4) | A3972 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3972 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "HMAC-SHA3-224 | A3972 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-256 | A3972 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-384 | A3972 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-512 | A3972 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "KDF ANS 9.42(CVL) | A3972 | KDF Type-DERHash Algorithm-SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-135Rev.1", "PBKDF | A3972 | Iteration Count-Iteration Count:1000-10000 Increment1Password Length-Password Length:8-128 Increment1 | SP 800-132", "SHA3-224 | A3972 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-256 | A3972 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS202", "SHA3-384 | A3972 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3972 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3972 | Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A3972 | Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "AES-CBC | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS1 | A3973 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS2 | A3973 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CBC-CS3 | A3973 | Direction-decrypt,encryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3973 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB1 | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3973 | Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-KW | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-KWP | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3973 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3973 | Direction-Decrypt,EncryptKeyLength-128,256 | SP 800-38E", "AES-GCM | A3974 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3974 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A3975 | Direction-Decrypt,EncryptIV Generation-External,Internal | SP 800-38D", "RSA SigGen(FIPS186-4) | A3993 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3993 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3993 | Message Length-Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A3993 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "AES-GCM | A3994 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3994 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A3995 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3995 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A3996 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GMAC | A3996 | Direction-Decrypt,EncryptIV Generation-ExternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "AES-GCM | A3997 | Direction-Decrypt,EncryptIV Generation-External,Internal | SP 800-38D", "AES-GMAC | A3997 | Direction-Decrypt,EncryptIV Generation-ExternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GCM | A3998 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3998 | Direction-Decrypt,EncryptIV Generation-ExternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GCM | A3999 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A3999 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GCM | A4000 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A4000 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GCM | A4001 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GCM | A4002 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "AES-GMAC | A4002 | Direction-Decrypt,EncryptIV Generation-External,InternalIV GenerationMode-8.2.1KeyLength-128,192,256 | SP 800-38D", "ECDSA KeyGen(FIPS186-4) | A4003 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4003 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4003 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4003 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "HMAC-SHA-1 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4003 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4003 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDF ANS 9.42(CVL) | A4003 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:112-4096 Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4003 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096 Increment8 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4003 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4003 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4003 | Signature Type-PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4003 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-256 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-384 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4003 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4003 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "ECDSA KeyGen(FIPS186-4) | A4004 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4004 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4004 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4004 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "HMAC-SHA-1 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4004 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "KAS-ECC-SSCSp800-56Ar3 | A4004 | Domain Parameter Generation Methods-P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56ARev.3", "KDF ANS 9.42(CVL) | A4004 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384, | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4004 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Key Data Length-Key Data Length:128-4096 Increment8 | SP 800-135Rev.1", "RSA KeyGen(FIPS186-4) | A4004 | Key Generation Mode-B.3.6Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A4004 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4004 | Signature Type-PKCS 1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "SHA-1 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4004 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4004 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "ECDSA KeyGen(FIPS186-4) | A4005 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4005 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4005 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4005 | Component-NoCurve-P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "HMAC-SHA-1 | A4005 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4005 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4005 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4005 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4005 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4005 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4005 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4005 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3", "KDF ANS 9.42 (CVL) | A4005 | KDF Type - DERHash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A4005 | Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1", "PBKDF | A4005 | Iteration Count - Iteration Count: 1000-10000 Increment 1Password Length - Password Length: 8-128 Increment 1 | SP 800-132", "RSA KeyGen (FIPS186-4) | A4005 | Key Generation Mode - B.3.6Modulo - 2048, 3072, 4096Primality Tests - Table C.2Private Key Format - Standard | FIPS 186-4", "RSA SigGen (FIPS186-4) | A4005 | Signature Type - PKCS 1.5, PKCSPSSModulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigVer (FIPS186-4) | A4005 | Signature Type - PKCS 1.5, PKCSPSSModulo - 1024, 2048, 3072, 4096 | FIPS 186-4", "SHA-1 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-224 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-256 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-384 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/224 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "SHA2-512/256 | A4005 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4005 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "AES GCM(external IV) | Encryption", "DSA | Signature generation", "DSA | Signature verification", "DSA | Key pair generation", "DSA | Key pair verification", "ECDSA with curve P-192 | Key pair generation", "RSA and ECDSA(pre-hashed message) | Signature generation(pre-hashed message)", "RSA and ECDSA(pre-hashed message) | Signature verification(pre-hashed message)", "RSA X9.31 | Signature generation", "RSA X9.31 | Signature verification", "RSA primitive | Asymmetric encryption", "RSA primitive | Asymmetric decryption", "RSA-OAEP | Asymmetric encryption", "RSA-OAEP | Asymmetric decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4793", "Certificate Number": "4793", "Vendor Name": "Canonical Ltd.", "Module Name": "Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "09/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4793.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4793", "module_name": "Canonical Ltd. Ubuntu 22.04 Libgcrypt Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/9/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified Section 11 in the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Canonical Ltd. Ubuntu 22.04 libgcrypt is a software library implementing general purpose cryptographic algorithms", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "HMAC-SHA-1 | A3699 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "SHA-1 | A3699 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3700 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB128 | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CFB8 | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-CMAC | A3700 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-KW | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A3700 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-XTSTestingRevision2.0 | A3700 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "CounterDRBG | A3700 | PredictionResistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A3700 | SecretGenerationMode:TestingCandidateCurves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3700 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3700 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3700 | Curves:P-224,P-256,P-384,P-521 | FIPS 186-4", "Hash DRBG | A3700 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3700 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A3700 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A3700 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "PBKDF | A3700 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132", "RSA KeyGen(FIPS186-4) | A3700 | Key Generation Mode: B.3.3 Modulo - 2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3700 | Signature Type-PKCS 1.5 Modulo - 2048,3072,4096 Signature Type-PKCSPSS Modulo - 2048,3072,4096 | FIPS 186-4", "RSA Signature Primitive(CVL) | A3700 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3700 | Signature Type-PKCS 1.5 Modulo - 2048,3072,4096 Signature Type-PKCSPSS Modulo - 2048,3072,4096 | FIPS 186-4", "SHA-1 | A3700 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3700 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3700 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3700 | -Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3700 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3700 | Message Length - Message Length: 16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A3700 | Message Length - Message Length: 16-65536 Increment 8 | FIPS 202", "AES-CBC | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A3701 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CFB128 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CFB8 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CMAC | A3701 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-KW | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F", "AES-OFB | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3701 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E", "Counter DRBG | A3701 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1", "ECDSA KeyGen(FIPS186-4) | A3701 | Secret Generation Mode:Testing CandidateCurves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3701 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3701 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3701 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "Hash DRBG | A3701 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3701 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A3701 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3701 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "PBKDF | A3701 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132", "RSA KeyGen(FIPS186-4) | A3701 | Key Generation Mode: B.3.3 Modulo - 2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3701 | Signature Type-PKCS 1.5 Modulo-2048,3072,4096 Signature Type-PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA Signature Primitive(CVL) | A3701 | Private Key Format: standard Public Exponent Mode: random | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3701 | Signature Type-PKCS 1.5 Modulo-2048,3072,4096 Signature Type-PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-224 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-256 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-384 | A3701 | -Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA3-224 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-256 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-384 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-512 | A3701 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHAKE-128 | A3701 | Message Length - Message Length: 16-65536 Increment8 | FIPS 202", "SHAKE-256 | A3701 | Message Length - Message Length: 16-65536 Increment8 | FIPS 202", "HMAC-SHA-1 | A3702 | Key Length - Key Length: 112-524288Increment8 | FIPS 198-1", "SHA-1 | A3702 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "AES-CBC | A3703 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CCM | A3703 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB128 | A3703 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CFB8 | A3703 | Direction - Decrypt, EncryptKey Length - 128,192,256 | SP 800-38A", "AES-CMAC | A3703 | Direction-Generation,VerificationKeyLength-128,192,256 | SP800-38B", "AES-CTR | A3703 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-ECB | A3703 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-KW | A3703 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38F", "AES-OFB | A3703 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP800-38A", "AES-XTSTestingRevision2.0 | A3703 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38E", "CounterDRBG | A3703 | PredictionResistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A3703 | SecretGenerationMode:TestingCandidateCurves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3703 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3703 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3703 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "HashDRBG | A3703 | PredictionResistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3703 | Prediction Resistance - No, Yes Mode-SHA-1,SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA-1 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3703 | Key Length-Key Length:112-524288 Increment8 | FIPS 198-1", "PBKDF | A3703 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132", "RSA KeyGen(FIPS186-4) | A3703 | Key Generation Mode:B.3.3 Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3703 | Signature Type-PKCS1.5 Modulo-2048,3072,4096 Signature Type-PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA Signature Primitive(CVL) | A3703 | Private Key Format:standard | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3703 | Signature Type-PKCS 1.5Modulo-2048,3072,4096Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "SHA-1 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/256 | A3703 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "AES-CBC | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A3704 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3704 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-KW | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3704 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3704 | Direction- Decrypt, Encrypt Key Length-128,256 | SP 800-38E", "Counter DRBG | A3704 | Prediction Resistance-No, Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP 800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A3704 | Secret Generation Mode:Testing Candidate Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3704 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3704 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3704 | Curves:P-224,P-256,P-384,P-521 | FIPS186-4", "Hash DRBG | A3704 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A3704 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC-SHA-1 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A3704 | Key Length-Key Length:112-524288Increment8 | FIPS198-1", "PBKDF | A3704 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132", "RSA KeyGen(FIPS186-4) | A3704 | Key Generation Mode:B.3.3Modulo-2048,3072,4096 | FIPS186-4", "RSA SigGen(FIPS186-4) | A3704 | Signature Type-PKCS1.5Modulo-2048,3072,4096Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3704 | Private Key Format:standardPublic Exponent Mode:random | FIPS186-4", "RSA SigVer(FIPS186-4) | A3704 | Signature Type-PKCS1.5Modulo-2048,3072,4096Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "SHA-1 | A3704 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3704 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3704 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3704 | Message Length-Message Length:0-65536 Increment8 | FIPS180-4", "SHA2-512 | A3704 | Message Length - Message Length:0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3704 | Message Length - Message Length:0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3704 | Message Length - Message Length:0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "ECDSA KeyGen(FIPS186-4) | A3705 | Secret Generation Mode:TestingCandidateCurves:P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3705 | Curves:P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3705 | Curves:P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3705 | Curves:P-224,P-256,P-384,P-521 | FIPS 186-4", "Hash DRBG | A3705 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3705 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3705 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-224 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3705 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "PBKDF | A3705 | Password; derived key with 112-512 bits key size and 112-256 bits key strength | SP 800-132", "RSA KeyGen(FIPS186-4) | A3705 | Key Generation Mode: B.3.3 Modulo - 2048, 3072, 4096 | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3705 | Signature Type-PKCS1.5Modulo-2048,3072,4096Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "RSA Signature Primitive(CVL) | A3705 | Private Key Format:standardPublic Exponent Mode:random | FIPS186-4", "RSA SigVer(FIPS186-4) | A3705 | Signature Type-PKCS1.5Modulo-2048,3072,4096Signature Type-PKCSPSSModulo-2048,3072,4096 | FIPS186-4", "SHA-1 | A3705 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-224 | A3705 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-256 | A3705 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-384 | A3705 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512 | A3705 | Message Length-Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS180-4", "SHA2-512/224 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA3-224 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-256 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-384 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHA3-512 | A3705 | Message Length - Message Length: 0-65536 Increment8Large Message Sizes - 1,2,4,8 | FIPS 202", "SHAKE-128 | A3705 | Message Length - Message Length: 16-65536 Increment8 | FIPS 202", "SHAKE-256 | A3705 | Message Length - Message Length: 16-65536 Increment8 | FIPS 202", "Cooperative Key Generation(CKG) | Key Type:AsymmetricRSA:2048,3072,4096 bits(112,128,149bits)ECDSA:P-224,P-256,P-384,P-521(112,128,192,256bits) | N/A | FIPS 186-4,SP800-133r2Section4example1", "ECDH | Shared secret computation", "RSA | Encryption primitives; Decryption primitives; Signature verification primitives", "RSA with non-approved public key flags | Key generation; Signature generation; Signature verification", "ECDSA | Signature generation primitives", "ECDSA with non-approved public key flags | Key generation; Signature generation; Signature verification", "AES-GCM | Authenticated symmetric encryption; Authenticated symmetric decryption", "AES-OCB | Authenticated symmetric encryption; Authenticated symmetric decryption", "AES-EAX | Authenticated symmetric encryption; Authenticated symmetric decryption", "AES-SIV | Authenticated symmetric encryption; Authenticated symmetric decryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4792", "Certificate Number": "4792", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung SCrypto Cryptographic Module", "Module Type": "Software", "Validation Date": "09/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4792.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4792", "module_name": "Samsung SCrypto Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/9/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "SCrypto is secure library which is used to provide a standardized common cryptographic API to trusted applications for the secure world/TEE environment." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4791", "Certificate Number": "4791", "Vendor Name": "Arista Networks, Inc.", "Module Name": "Arista Crypto Module v3.0 [Software, Software IPsec, Web Portal]", "Module Type": "Software", "Validation Date": "09/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4791.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4791", "module_name": "Arista Crypto Module v3.0 [Software, Software IPsec, Web Portal]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/5/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "This validation is for the library contained within the CloudVision Portal (CVP) products and all its related SKUs, which includes SS-CV-SWITCH-1M, SS-CV-SWITCH-1M-P, SS-CV-MOD-G-SWITCH-1M, SS-CV-G-SWITCH-1M, SS-CV-LT-SWITCH-1M, SS-CV-LT-MOD-G-SWITCH-1M, SS-CV-LT-G-SWITCH-1M, SS-CV-SWITCH-LAB-1M, SS-CV-ENT-1M, SS-CV-ENT-1M-P, SS-CV-T1-1M, SS-CV-T2-1M, SS-CV-LT-T1-1M, SS-CV-LT-T2-1M, SS-CV-G-T1-1M, SS-CV-G-T2-1M, SS-CV-LT-G-T1-1M, SS-CV-LT-G-T2-1M, SS-CV-MOD-G-T1-1M, SS-CV-MOD-G-T2-1M, SS-CV-LT-MOD-G-T1-1M, SS-CV-LT-MOD-G-T2-1M, SS-CV-ENT-1M-P, SS-CV-CG-SWITCH-1M, SS-CV-CG-T1-1M, SS-CV-CG-T2-1M, SS-CV-LT-CG-SWITCH-1M, SS-CV-LT-CG-T1-1M, SS-CV-LT-CG-T2-1M and any other future SKUs which use the validated library for the CloudVision Portal (CVP) product.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4790", "Certificate Number": "4790", "Vendor Name": "Arista Networks, Inc.", "Module Name": "Arista Crypto Module v3.0 [Software, Software IPsec]", "Module Type": "Software", "Validation Date": "09/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4790.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4790", "module_name": "Arista Crypto Module v3.0 [Software, Software IPsec]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/5/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Arista's crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency. This validation is for the library contained within the CloudEOS Router products and all its related SKUs, which includes SS-CLOUDEOS-VR-CV-100M-B-1M, SS-CLOUDEOS-VR-CVS-100M-B-1M, SS-CLOUDEOS-VR-CV-1G-B-1M, SS-CLOUDEOS-VR-CVS-1G-B-1M, SS-CLOUDEOS-VR-CV-10G-B-1M, SS-CLOUDEOS-VR-CVS-10G-B-1M, SS-CVPATH-CloudEOS-100M-E-CVS-B-1M, SS-CVPATH-CloudEOS-1G-E-CVS-B-1M, SS-CVPATH-CloudEOS-10G-E-CVS-B-1M and any other future SKUs which use the validated library for the CloudEOS Router product.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4789", "Certificate Number": "4789", "Vendor Name": "IBM", "Module Name": "IBM DataPower FIPS Provider", "Module Type": "Software", "Validation Date": "09/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4789.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4789", "module_name": "IBM DataPower FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/5/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The IBM DataPower FIPS Provider provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "KDA HKDF Sp800-56Cr1 | A4355 | Derived Key Length:2048Shared Secret Length:224-2048Increment 8HMAC Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384 | SP800-56CRev.2", "TLS v1.3 KDF(CVL) | A4355 | HMAC Algorithm:SHA2-256,SHA2-384KDF Running Modes:DHE,PSK,PSK-DHE | SP800-135 Rev.1", "Counter DRBG | A4356 | Prediction Resistance:Yes,NoSupports ReseedMode:AES-128,AES-192,AES-256Derivation Function Enabled:Yes,No | SP800-90ARev.1", "Hash DRBG | A4356 | Prediction Resistance:Yes,NoSupports ReseedMode:SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "HMAC DRBG | A4356 | Prediction Resistance:Yes,NoSupports ReseedMode:SHA-1,SHA2-256,SHA2-512 | SP800-90ARev.1", "AES-CBC | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CBC-CS1 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CBC-CS2 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CBC-CS3 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CCM | A4357 | KeyLength:128,192,256TagLength:32,48,64,80,96,112,128IVLength:56,64,72,80,88,96,104 | SP800-38C", "AES-CFB1 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CFB128 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CFB8 | A4357 | Direction:Decrypt,EncryptKeyLength:128,192,256 | SP800-38A", "AES-CMAC | A4357 | Direction:Generation,Verification | SP800-38B", "AES-CTR | A4357 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-ECB | A4357 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-KW | A4357 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38F", "AES-KWP | A4357 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38F", "AES-OFB | A4357 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4357 | Direction:Decrypt,EncryptKey Length:128,256Tweak Mode:HexData Unit Length Matches Payload | SP 800-38E", "AES-CBC | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CBC-CS1 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CCM | A4358 | Key Length:128,192,256Tag Length:32,48,64,80,96,112,128IV Length:56,64,72,80,88,96,104 | SP 800-38C", "AES-CFB1 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CFB128 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CFB8 | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-CMAC | A4358 | Direction:Generation,VerificationKey Length:128,192,256MAC Length:128 | SP 800-38B", "AES-CTR | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-ECB | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-KW | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38F", "AES-KWP | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38F", "AES-OFB | A4358 | Direction:Decrypt,EncryptKey Length:128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4358 | Direction:Decrypt,EncryptKey Length:128,256Tweak Mode:HexData Unit Length Matches Payload | SP 800-38E", "AES-CBC | A4359 | Direction:Decrypt,Encrypt | SP 800-38A", "AES-CBC-CS1 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CBC-CS2 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CBC-CS3 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CCM | A4359 | Key Length: 128,192,256 Tag Length: 32,48,64,80,96,112,128IV Length: 56,64,72,80,88,96,104 | SP 800-38C", "AES-CFB1 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CFB128 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CFB8 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-CMAC | A4359 | Direction: Generation, Verification Key Length: 128,192,256MAC Length: 128 | SP 800-38B", "AES-CTR | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-ECB | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-KW | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38F", "AES-KWP | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38F", "AES-OFB | A4359 | Direction: Decrypt, Encrypt Key Length: 128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4359 | Direction: Decrypt, Encrypt Key Length: 128,256Tweak Mode: HexData Unit Length Matches Payload | SP 800-38E", "AES-GCM | A4360 | Direction: Decrypt, EncryptIV Generation: External, InternalIV Generation Mode: 8.2.2Key Length: 128,192,256Tag Length: 32,64,96,104,112,120,128IV Length: 96,128 | SP 800-38D", "AES-GMAC | A4360 | Direction: Decrypt, EncryptIV Generation: ExternalKey Length: 128,192,256Tag Length: 32,64,96,104,112,120,128IV Length: 96 | SP 800-38D", "ECDSA KeyGen(FIPS186-5) | A4361 | Curve:P-224,P-256,P-384,P-521Secret Generation Mode: testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4361 | Curve:P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4361 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A4361 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "HMAC-SHA-1 | A4361 | MAC:160Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4361 | MAC:224Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4361 | MAC:256Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4361 | MAC:384Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4361 | MAC:512Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4361 | MAC:224Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4361 | MAC:256Key Length:112-524288Increment8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4361 | P-224,P-256,P-384,P-521Scheme:ephemeralUnifiedKAS Role:initiator,responder | SP800-56ARev.3", "KDF ANS 9.42(CVL) | A4361 | Hash Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256zzLength:8-4096 Increment8Key Data Length:8-4096Increment8 | SP800-135 Rev.1", "KDF ANS 9.63(CVL) | A4361 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Shared Info Length:0-1024Increment8Key Data Length:128-4096Increment8 | SP800-135 Rev.1", "PBKDF | A4361 | Iteration Count:1000-10000Increment1HMAC Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length:8-128 Increment1Salt Length:128-4096 Increment8 | SP800-132", "RSA KeyGen (FIPS186-5) | A4361 | Key Generation Mode: probableWithProbableAux Modulo: 2048, 3072, 4096 Private Key Format: standard Public Exponent Mode: random | FIPS 186-5", "RSA SigGen (FIPS186-5) | A4361 | Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Modulo: 2048, 3072, 4096 Signature Type: pkcs1v1.5, pss | FIPS 186-5", "RSA SigVer (FIPS186-4) | A4361 | Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Modulo: 1024 Signature Type: pkcs1v1.5, pss | FIPS 186-4", "RSA SigVer (FIPS186-5) | A4361 | Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 Modulo: 2048, 3072, 4096 Signature Type: pkcs1v1.5, pss | FIPS 186-5", "SHA-1 | A4361 | - | FIPS 180-4", "SHA2-224 | A4361 | - | FIPS 180-4", "SHA2-256 | A4361 | - | FIPS 180-4", "SHA2-384 | A4361 | - | FIPS 180-4", "SHA2-512 | A4361 | - | FIPS 180-4", "SHA2-512/224 | A4361 | - | FIPS 180-4", "SHA2-512/256 | A4361 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627 (CVL) | A4361 | Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 Key Block Length: 1024 | SP 800-135 Rev. 1", "ECDSA SigGen (FIPS186-5) | A4362 | Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5", "ECDSA SigVer (FIPS186-5) | A4362 | Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA3-224, SHA3-256, SHA3-384, SHA3-512 | FIPS 186-5", "HMAC-SHA3-224 | A4362 | MAC: 224 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-256 | A4362 | MAC: 256 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-384 | A4362 | MAC: 384 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A4362 | MAC: 512 Key Length: 112-524288 Increment 8 | FIPS 198-1", "KDF ANS 9.42 (CVL) | A4362 | Hash Algorithm: SHA3-224, SHA3-256, SHA3-384, SHA3-512 zz Length: 8-4096 Increment 8 | SP 800-135 Rev. 1", "KDF ANS 9.63(CVL) | A4362 | Hash Algorithm: SHA3-224,SHA3-256,SHA3-384,SHA3-512Shared Info Length:0-1024Increment8Key Data Length:128-4096Increment8 | SP 800-135 Rev.1", "PBKDF | A4362 | Iteration Count:1000-10000Increment1HMAC Algorithm: SHA3-224,SHA3-256,SHA3-384,SHA3-512Password Length:8-128 Increment1Salt Length:128-4096 Increment8Key Data Length:128-4096Increment8 | SP 800-132", "RSA SigGen(FIPS186-5) | A4362 | Hash Algorithm: SHA3-224,SHA3-256,SHA3-384,SHA3-512Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-5) | A4362 | Hash Algorithm: SHA3-224,SHA3-256,SHA3-384,SHA3-512Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "SHA3-224 | A4362 | - | FIPS 202", "SHA3-256 | A4362 | - | FIPS 202", "SHA3-384 | A4362 | - | FIPS 202", "SHA3-512 | A4362 | - | FIPS 202", "SHAKE-128 | A4362 | - | FIPS 202", "SHAKE-256 | A4362 | - | FIPS 202", "AES-GCM | A4363 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96,128 | SP 800-38D", "AES-GMAC | A4363 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4364 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96,128 | SP 800-38D", "AES-GMAC | A4364 | Direction:Decrypt,EncryptIV Generation:External | SP 800-38D", "ECDSA KeyGen(FIPS186-5) | A4365 | Curve:P-224,P-256,P-384,P-521Secret Generation Mode:testing candidates | FIPS186-5", "ECDSA KeyVer(FIPS186-5) | A4365 | Curve:P-224,P-256,P-384,P-521 | FIPS186-5", "ECDSA SigGen(FIPS186-5) | A4365 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-5", "ECDSA SigVer(FIPS186-5) | A4365 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-5", "HMAC-SHA-1 | A4365 | MAC:160KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-224 | A4365 | MAC:224KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-256 | A4365 | MAC:256KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-384 | A4365 | MAC:384KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512 | A4365 | MAC:512KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A4365 | MAC:224KeyLength:112-524288Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A4365 | MAC:256KeyLength:112-524288Increment8 | FIPS198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4365 | P-224,P-256,P-384,P-521Scheme:ephemeralUnifiedKAS Role:initiator,responder | SP800-56ARev.3", "KDF ANS 9.42(CVL) | A4365 | Hash Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256zzLength:8-4096Increment8KeyDataLength:8-4096Increment8 | SP800-135Rev.1", "KDF ANS 9.63(CVL) | A4365 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256SharedInfoLength:0-1024Increment8KeyDataLength:128-4096 | SP800-135Rev.1", "PBKDF | A4365 | Iteration Count:1000-10000Increment1HMAC Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length:8-128 Increment1Salt Length:128-4096 Increment8Key Data Length:128-4096Increment8 | SP 800-132", "RSA(FIPS186-5) | A4365 | Key GenerationMode:probableWithProbableAuxModulo:2048,3072,4096Private Key Format:standardPublic Exponent Mode:random | FIPS 186-5", "RSA(FIPS186-5) | A4365 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "RSA(FIPS186-4) | A4365 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:1024Signature Type:pkcs1v1.5,pss | FIPS 186-4", "SHA-1 | A4365 | - | FIPS 180-4", "SHA2-224 | A4365 | - | FIPS 180-4", "SHA2-256 | A4365 | - | FIPS 180-4", "SHA2-384 | A4365 | - | FIPS 180-4", "SHA2-512 | A4365 | - | FIPS 180-4", "SHA2-512/224 | A4365 | - | FIPS 180-4", "SHA2-512/256 | A4365 | - | FIPS 180-4", "TLS v1.2KDFRFC7627(CVL) | A4365 | Hash Algorithm:SHA2-256,SHA2-384,SHA2-512Key Block Length:1024 | SP 800-135 Rev.1", "ECDSA(FIPS186-5) | A4366 | Curve:P-224,P-256,P-384,P-521Secret GenerationMode:testingcandidates | FIPS 186-5", "ECDSA(FIPS186-5) | A4366 | Curve:P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA(FIPS186-5) | A4366 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA(FIPS186-5) | A4366 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2- | FIPS 186-5", "HMAC-SHA-1 | A4366 | MAC: 160Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4366 | MAC: 224Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4366 | MAC: 256Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4366 | MAC: 384Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4366 | MAC: 512Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4366 | MAC: 224Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4366 | MAC: 256Key Length: 112-524288Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4366 | P-224,P-256,P-384,P-521Scheme: ephemeralUnifiedKAS Role: initiator, responder | SP 800-56ARev.3", "KDF ANS 9.42(CVL) | A4366 | Hash Algorithm: SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256zz Length: 8-4096 Increment 8Key Data Length: 8-4096Increment 8 | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A4366 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Shared Info Length: 0-1024Increment 8Key Data Length: 128-4096Increment 8 | SP 800-135 Rev.1", "PBKDF | A4366 | Iteration Count: 1000-10000Increment 1HMAC Algorithm: SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length: 8-128 Increment1Salt Length: 128-4096 Increment 8Key Data Length: 128-4096Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4366 | Key Generation Mode:probableWithProbableAuxModulo:2048,3072,4096Private Key Format:standardPublic Exponent Mode:random | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4366 | Hash Algorithm: SHA2-224, SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4366 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:1024Signature Type:pkcs1v1.5,pss | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4366 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4366 | - | FIPS 180-4", "SHA2-224 | A4366 | - | FIPS 180-4", "SHA2-256 | A4366 | - | FIPS 180-4", "SHA2-384 | A4366 | - | FIPS 180-4", "SHA2-512 | A4366 | - | FIPS 180-4", "SHA2-512/224 | A4366 | - | FIPS 180-4", "SHA2-512/256 | A4366 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627(CVL) | A4366 | Hash Algorithm: SHA2-256,SHA2-384,SHA2-512Key Block Length:1024 | SP 800-135 Rev.1", "ECDSA KeyGen(FIPS186-5) | A4367 | Curve:P-224,P-256,P-384,P-521Secret Generation Mode:testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4367 | Curve:P-224,P-256,P-384,P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4367 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A4367 | Curve:P-224,P-256,P-384,P-521Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 198-1", "HMAC-SHA-1 | A4367 | MAC:160KeyLength:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4367 | MAC:224KeyLength:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4367 | MAC:256KeyLength:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4367 | MAC:384KeyLength:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4367 | MAC:512KeyLength:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4367 | MAC: 224Key Length: 112-524288Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4367 | MAC: 256Key Length: 112-524288Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4367 | P-224,P-256,P-384,P-521Scheme: ephemeralUnifiedKAS Role: initiator, responder | SP 800-56ARev.3", "KDF ANS 9.42(CVL) | A4367 | Hash Algorithm: SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256zz Length: 8-4096 Increment 8Key Data Length: 8-4096Increment 8 | SP 800-135 Rev.1", "KDF ANS 9.63(CVL) | A4367 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Shared Info Length: 0-1024Increment 8Key Data Length: 128-4096Increment 8 | SP 800-135 Rev.1", "PBKDF | A4367 | Iteration Count: 1000-10000Increment 1HMAC Algorithm: SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length: 8-128 Increment1Salt Length: 128-4096 Increment 8Key Data Length: 128-4096Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4367 | Key Generation Mode:probableWithProbableAuxModulo:2048,3072,4096Private Key Format:standardPublic Exponent Mode:random | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4367 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4367 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:1024Signature Type:pkcs1v1.5,pss | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4367 | Hash Algorithm: SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4367 | - | FIPS 180-4", "SHA2-224 | A4367 | - | FIPS 180-4", "SHA2-256 | A4367 | - | FIPS 180-4", "SHA2-384 | A4367 | - | FIPS 180-4", "SHA2-512 | A4367 | - | FIPS 180-4", "SHA2-512/224 | A4367 | - | FIPS 180-4", "SHA2-512/256 | A4367 | - | FIPS 180-4", "TLS v1.2 KDF RFC7627 (CVL) | A4367 | Hash Algorithm: SHA2-256, SHA2-384, SHA2-512 Key Block Length: 1024 | SP 800-135 Rev. 1", "ECDSA KeyGen(FIPS186-5) | A4368 | Curve: P-224, P-256, P-384, P-521 Secret Generation Mode: testing candidates | FIPS 186-5", "ECDSA KeyVer(FIPS186-5) | A4368 | Curve: P-224, P-256, P-384, P-521 | FIPS 186-5", "ECDSA SigGen(FIPS186-5) | A4368 | Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5", "ECDSA SigVer(FIPS186-5) | A4368 | Curve: P-224, P-256, P-384, P-521 Hash Algorithm: SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5", "HMAC-SHA-1 | A4368 | MAC: 160 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-224 | A4368 | MAC: 224 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-256 | A4368 | MAC: 256 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-384 | A4368 | MAC: 384 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512 | A4368 | MAC: 512 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4368 | MAC: 224 Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4368 | MAC: 256 Key Length: 112-524288 Increment 8 | FIPS 198-1", "KAS-ECC-SSC Sp800-56Ar3 | A4368 | P-224, P-256, P-384, P-521 Scheme: ephemeralUnified KAS Role: initiator, responder | SP 800-56A Rev. 3", "KDF ANS 9.42 (CVL) | A4368 | Hash Algorithm: SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 zz Length: 8-4096 Increment 8 Key Data Length: 8-4096 Increment 8 | SP 800-135 Rev. 1", "KDF ANS 9.63 (CVL) | A4368 | Hash Algorithm: SHA2-224, SHA2- | SP 800-135 Rev.", "PBKDF | A4368 | Iteration Count:1000-10000Increment 1HMAC Algorithm:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Password Length:8-128 Increment1Salt Length:128-4096 Increment 8Key Data Length:128-4096Increment 8 | SP 800-132", "RSA KeyGen(FIPS186-5) | A4368 | Key Generation Mode:probableWithProbableAuxModulo:2048,3072,4096Private Key Format:standardPublic Exponent Mode:random | FIPS 186-5", "RSA SigGen(FIPS186-5) | A4368 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "RSA SigVer(FIPS186-4) | A4368 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:1024Signature Type:pkcs1v1.5,pss | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4368 | Hash Algorithm:SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256Modulo:2048,3072,4096Signature Type:pkcs1v1.5,pss | FIPS 186-5", "SHA-1 | A4368 | - | FIPS 180-4", "SHA2-224 | A4368 | - | FIPS 180-4", "SHA2-256 | A4368 | - | FIPS 180-4", "SHA2-384 | A4368 | - | FIPS 180-4", "SHA2-512 | A4368 | - | FIPS 180-4", "SHA2-512/224 | A4368 | - | FIPS 180-4", "SHA2-512/256 | A4368 | - | FIPS 180-4", "TLS v1.2 KDFRFC7627(CVL) | A4368 | Hash Algorithm:SHA2-256,SHA2-384,SHA2-512Key Block Length:1024 | SP 800-135 Rev.1", "KDF SSH(CVL) | A4370 | Hash Algorithm:SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "AES-GCM | A4371 | Direction:Decrypt,EncryptIV Generation:External,InternalIV GenerationMode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112, | SP 800-38D", "AES-GMAC | A4371 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4372 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96,128 | SP 800-38D", "AES-GMAC | A4372 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4373 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96,128 | SP 800-38D", "AES-GMAC | A4373 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4374 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GMAC | A4374 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4375 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128 | SP 800-38D", "AES-GMAC | A4375 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "AES-GCM | A4376 | Direction:Decrypt,EncryptIV Generation:External,InternalIV Generation Mode:8.2.2Key Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96,128 | SP 800-38D", "AES-GMAC | A4376 | Direction:Decrypt,EncryptIV Generation:ExternalKey Length:128,192,256Tag Length:32,64,96,104,112,120,128IV Length:96 | SP 800-38D", "KDF SSH(CVL) | A4377 | Hash Algorithm:SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "KDF SSH(CVL) | A4378 | Hash Algorithm:SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "KDF SSH(CVL) | A4379 | Hash Algorithm:SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "KDF SSH(CVL) | A4380 | Hash Algorithm:SHA-1,SHA2-256,SHA2-384,SHA2-512 | SP 800-135 Rev.1", "KDF SP800-108 | A4381 | KDF Mode:Counter,FeedbackMAC Mode:HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512,CMAC-AE128,CMAC-AE192,CMAC-AES256Supported Lengths:8,72,128,776,3456,4096Fixed Data Order:Before FixedDataCounter Length:32 | SP 800-108 Rev.1", "KDA OneStep SP800-56Cr2 | A4382 | Auxiliary Function:SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512,HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384,HMAC-SHA3-512 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4382 | KDF Mode:feedbackMAC Modes:HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256,HMAC-SHA3-224,HMAC-SHA3-256,HMAC-SHA3-384Derived Key Length:2048Shared Secret Length:224-2048Increment 8 | SP800-56CRev.2", "KAS-FFC-SSC Sp800-56Ar3 | A4383 | ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192,MODP-2048,MODP-3072,MODP-4096,MODP-6144,MODP-8192Scheme:dhEphemKAS Role:initiator,responder | SP800-56ARev.3", "AES GCM (external IV) | Encryption", "HMAC (<112-bit keys) | Message authentication", "KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF(<112-bit input or output keys) | Key derivation", "KDA OneStep, KDA TwoStep(SHAKE128,SHAKE256) | Key derivation", "ANSX9.42KDF(SHAKE128,SHAKE256) | Key derivation", "ANSX9.63KDF(SHA-1,SHAKE128,SHAKE256) | Key derivation", "SSHKDF(SHA-512/224,SHA-512/256,SHA-3,SHAKE128,SHAKE256) | Key derivation", "TLS1.2KDF(SHA-1,SHA-224,SHA-512/224,SHA-512/256,SHA-3) | Key derivation", "TLS1.3KDF(SHA-1,SHA-224,SHA-512,SHA-512/224,SHA-512/256,SHA-3) | Key derivation", "KAS-IFC-SSC(KAS1和KAS2schemes) | Shared secret computation", "RSA-PSS(invalidsaltlength) | Signature generation;Signature verification", "RSA-OAEP | Asymmetricencryption;Asymmetricdecryption" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4788", "Certificate Number": "4788", "Vendor Name": "Masimo Corporation", "Module Name": "Masimo Cryptographic Module", "Module Type": "Software", "Validation Date": "09/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4788.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4788", "module_name": "Masimo Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/3/2026", "overall_level": 1, "caveat": "Interim validation. When operating in the approved mode. No assurance of the minimum strength of generated SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Masimo Cryptographic Module provides FIPS-Approved symmetric encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation to Masimo solutions in support of general data protection functionality and secure communications protocols, including TLS.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4787", "Certificate Number": "4787", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung CryptoCore Cryptographic Module", "Module Type": "Software", "Validation Date": "09/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4787.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4787", "module_name": "Samsung CryptoCore Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/2/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys) and random strings.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Samsung CryptoCore Cryptographic Module is a software library implementing general-purpose cryptographic algorithms.", "detail_available": true, "algorithms": [ "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ], "algorithms_detailed": [ "ECDSA KeyGen(FIPS186-4) | A4968 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A4968 | Curve-P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A4968 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A4968 | Curve-P-192,P-224,P-256,P-384,P-521 | FIPS 186-4", "HMAC DRBG | A4968 | Prediction Resistance-No Mode-SHA2-256,SHA2-512 | SP 800-90A Rev.1", "HMAC-SHA2-224 | A4968 | Key Length-Key Length:112,504,512,520,2048 | FIPS 198-1", "HMAC-SHA2-256 | A4968 | Key Length-Key Length:112,504,512,520,2048 | FIPS 198-1", "HMAC-SHA2-384 | A4968 | Key Length-Key Length:112,504,1024,1032,2048 | FIPS 198-1", "HMAC-SHA2-512 | A4968 | Key Length-Key Length:112,504,1024,1032,2048 | FIPS 198-1", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4968 | - | SP 800-56A Rev.3", "RSA SigGen(FIPS186-4) | A4968 | Signature Type-PKCS1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4968 | Signature Type-PKCS1.5,PKCSPSS Modulo-1024,2048,3072,4096 | FIPS 186-4", "SHA2-224 | A4968 | - | FIPS 180-4", "SHA2-256 | A4968 | - | FIPS 180-4", "SHA2-384 | A4968 | - | FIPS 180-4", "SHA2-512 | A4968 | - | FIPS 180-4", "RSA KeyGen(FIPS186-4) | A4968 | Key Generation Mode-B.3.3 Modulo-2048,3072,4096 Primality Tests-Table C.2 Private Key Format-Standard | FIPS 186-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4786", "Certificate Number": "4786", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC", "Module Type": "Hardware", "Validation Date": "09/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4786.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4786", "module_name": "KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/2/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No operator authentication is enforced for executing security services that were unlocked by an authenticated service", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The KIOXIA TCG OPAL SSC Crypto Sub-Chip is used for solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4785", "Certificate Number": "4785", "Vendor Name": "Canon Inc.", "Module Name": "Canon MFP Security Chip", "Module Type": "Hardware", "Validation Date": "09/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4785.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4785", "module_name": "Canon MFP Security Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/2/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. When entropy is externally loaded, no assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Canon MFP Security Chip handles cryptography for the storage device of the Canon MFP/printer. The Canon MFP Security Chip realizes high-speed data encryption/decryption through a serial ATA interface, using AES XTS mode. This allows the Canon MFP/printer's storage device to be protected against the risk of information leakage, without compromising objectives such as extensibility, flexibility, usability, and high performance.", "detail_available": true, "algorithms": [ "AES", "DRBG", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4784", "Certificate Number": "4784", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Wildfire 10.2 WF-500 and WF-500-B", "Module Type": "Hardware", "Validation Date": "08/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4784.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4784", "module_name": "Wildfire 10.2 WF-500 and WF-500-B", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/28/2029", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Wildfire 10.2 WF-500 and WF-500-B from Palo Alto Networks Inc. cryptographic modules designed to identify unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4783", "Certificate Number": "4783", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama Virtual Appliance 10.2", "Module Type": "Software", "Validation Date": "08/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4783.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4783", "module_name": "Panorama Virtual Appliance 10.2", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/28/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama offers easy-to-implement, centralized management features that provide insight into network-wide traffic and simplify configurations.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4782", "Certificate Number": "4782", "Vendor Name": "DocuSign, Inc.", "Module Name": "DocuSign QSCD Appliance", "Module Type": "Hardware", "Validation Date": "08/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4782.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4782", "module_name": "DocuSign QSCD Appliance", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/27/2026", "overall_level": 3, "caveat": "Interim validation. When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The DocuSign QSCD Appliance is a digital signature product intended to be used as a Qualified Signature Creation Device (QSCD) in a secure operational environment. It is a highly secure, high capacity network attached HSM. The device consists of COTS hardware, tamper resistance hardware, a hardened operating system, an internal database and server software.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4780", "Certificate Number": "4780", "Vendor Name": "Red Hat, Inc.", "Module Name": "Red Hat Enterprise Linux 9 gnutls", "Module Type": "Software", "Validation Date": "08/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4780.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4780", "module_name": "Red Hat Enterprise Linux 9 gnutls", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/25/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with Red Hat Enterprise Linux 9.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4779", "Certificate Number": "4779", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 9 OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "08/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4779.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4779", "module_name": "Oracle Linux 9 OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/24/2029", "overall_level": 1, "caveat": "Interim validation; When operated in approved mode; When installed, initialized and configured as specified in Section 11.1 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Linux 9 OpenSSL FIPS Provider provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CBC | #A4313, #A4314, #A4315, #A4327, #A4328, #A4329 | Encryption, Decryption using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13: AESNI, BAES\\_CTASM, AESASM | FIPS 197, SP 800-38A, SP 800-38A Addendum", "AES-CBC-CTS-CS1", "AES-CBC-CTS-CS2", "AES-CBC-CTS-CS3", "AES-CCM | Authenticated Encryption, Authenticated Decryption, Key Wrapping, Key Unwrapping (compliant to IG D.G) using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on Intel®Xeon®Platinum8358:AESNI, BAES\\_CTASM,AESASM", "AES-CFB1 | Encryption, Decryption using 128, 192, 256-bit keys | Oracle Linux 9 on Marvell OCTEON III: AESASM", "AES-CFB8", "AES-CFB128 | Message Authentication Code Generation, Message Authentication Code Verification using 128, 192, 256-bit keys | FIPS 197, SP 800-38B", "AES-CMAC | Encryption, Decryption using 128, 192, 256-bit keys | FIPS 197, SP 800-38B", "AES-CTR | Encryption, Decryption using 128, 192, 256-bit keys | FIPS 197, SP 800-38A, SP 800-38A Addendum", "AES-ECB | #A4320, #A4327, #A4328, #A4329, #A4331, #A4332, #A4333, #A4334 | Encryption, Decryption using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13: SSH\\_ASM, AESNI, BAES\\_CTASM, AESASM, SSH\\_SHANI, SSH\\_AVX2, SSH\\_AVX, SSH\\_SSSE3", "AES-GCM (internal IV) | #A4316, #A4321, #A4322, #A4323, #A4337, #A4338, #A4339, #A4340, #A4341, #A4342, #A4343 | Authenticated Encryption, Key Wrapping using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: AESNI AVX, AESNI\\_CLMULNI, AESNI\\_ASM, BAES\\_CTASM\\_AVX, BAES\\_CTASM\\_CLMULNI, BAES\\_CTASM\\_ASM, AESASM\\_AVX, AESASM\\_CLMULNI, AESASM\\_ASM | FIPS 197 SP 800-38D FIPS 140-3 IG D.G Additional comment 8", "AES-GCM (external IV) | Authenticated Decryption, Key Unwrapping using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: CE\\_GCM\\_UNROLL\\_EOR3, CE\\_GCM, VPAES\\_GCM, AES\\_C\\_GCM", "AES-GMAC | Message Authentication Code Generation, Message Authentication Code Verification using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: AESNI AVX, AESNI\\_CLMULNI, AESNI\\_ASM, BAES\\_CTASM\\_AVX, BAES\\_CTASM\\_CLMULNI, BAES\\_CTASM\\_ASM, AESASM\\_AVX, AESASM\\_CLMULNI, AESASM\\_ASM", "AES-OFB | #A4313, #A4314, #A4315, #A4327, #A4328, #A4329 | Encryption, Decryption using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: AESNI, BAES\\_CTASM, AESASM | FIPS 197, SP 800-38A, SP 800-38A Addendum", "AES-KW | Key Wrapping, Key Unwrapping (compliant to IG D.G) using 128, 192, 256-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: CE, VPAES, AES\\_COracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: AESNI, BAES\\_CTASM, AESASM | FIPS 197, SP 800-38F", "AES-KWP | Encryption, Decryption using 128 and 256-bit keys | Oracle Linux 9 on Marvell OCTEON III: AESASM", "AES-XTS | FIPS 197, SP 800-38E", "ANS X9.42 KDF (CVL) with AES KW-128, AES KW-192, AES KW-256 and SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, | #A4326, #A4330, #A4344, #A4345, #A4346 | Key Derivation | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_CEOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3 | SP 800-135r1", "ANS X9.42 KDF (CVL) with AES KW-128, AES KW-192, AES KW-256 with SHA3-224, SHA3-256, SHA3-384, SHA3-512 | #A4312, #A4319, | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA3\\_ASMOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA3\\_CEOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA3\\_ASMOracle Linux 9 on Marvell OCTEON III: SHA3\\_ASM", "ANS X9.63 KDF (CVL) with SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256, | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA3\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "ANS X9.63 KDF (CVL) with SHA3-224, SHA3-256, SHA3-384, SHA3-512 | #A4312, #A4319 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA3\\_ASMOracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA3\\_CEOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASMOracle Linux 9 on Marvell OCTEON III: SHA3\\_ASM", "CTR\\_DRBG | #A4311 | Random Number Generation using 128, 192, 256-bit keys, with/wwithout PR, with/wwithout DF | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: DRBG\\_3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: DRBG\\_3Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: DRBG\\_3Oracle Linux 9 on Marvell OCTEON III: DRBG\\_3 | SP 800-90Ar1", "ECDSA with SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Signature Generation, Signature Verification using P-224, P-256, P-384, P-521 elliptic curves | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3,Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_ASM, SHA\\_ASMOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, | FIPS 186-4", "ECDSA with SHA3-224,SHA3-256,SHA3-384,SHA3-512 | #A4312,#A4319 | Signature Generation, Signature Verification P-224,P-256,P-384,P-521 elliptic curves | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_CE Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "ECDSA | #A4317,#A4326,#A4330,#A4344,#A4345,#A4346 | Key Pair Generation using P-224,P-256,P-384,P-521 elliptic curves | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM,SHA\\_SHANI,SHA\\_VX2,SHA\\_AVX,SHA\\_SSSE3, Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM,SHA\\_CE", "Key Pair Verification using P-224,P-256,P-384,P-521 elliptic curves | Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM,SHA\\_SHANI,SHA\\_VX2,SHA\\_AVX,SHA\\_SSSE3, Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 186-4 Appendix B.4.2 Testing Candidates", "HKDF with SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | #A4310 | Key Derivation | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: TLS v1.3 Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: TLS v1.3 Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: TLS v1.3 Oracle Linux 9 on Marvell OCTEON III: TLS v1.3 | SP800-56Cr1", "HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/224,HMAC-SHA2-512/256 | #A4317,#A4326,#A4330,#A4344,#A4345,#A4346 | Message Authentication Code Generation, Message Authentication Code Verification using 112-524288-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM,SHA\\_SHANI,SHA\\_VX2,SHA\\_AVX,SHA\\_SSSE3, Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM,SHA\\_CE Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM,SHA\\_SHANI,SHA\\_VX2,SHA\\_AVX,SHA\\_SSSE3 Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 198-1", "HMAC-SHA2-256 | #A4317, #A4318, #A4326, #A4330, #A4344, #A4345, #A4346 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3, Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_CE, NEON Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3 Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 | #A4312, #A4319 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™7001 Series AMD EPYC 7113: SHA\\_ASM Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_CE Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 202", "HMAC\\_DRBG | #A4311 | Random Number Generation using 112-524288-bit keys, with/without PR | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™7001 Series AMD EPYC 7113: DRBG\\_3 Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: DRBG\\_3 | SP 800-90Ar1", "Hash\\_DRBG | Random Number Generation, with/without PR | Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: DRBG\\_3 Oracle Linux 9 on Marvell OCTEON III: DRBG\\_3", "KAS-ECC-SSC | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Shared Secret Computation with P-256, P-384, P-521 elliptic curves | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3, Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_AVX, SHA\\_SSSE3, Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | SP 800-56Ar3 FIPS 140-31G D.F scenario 2 path(1)", "KAS-FFC-SSC | #A4325 | Shared Secret Computation with MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192, ffdhe2048, | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYCT™7001 Series AMD EPYC 7113: FFC\\_DH Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: FFC\\_DH Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: FFC\\_DH", "KBKDF with CMAC-AES128,CMAC-AES192,CMAC-AES256 and HMAC SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | #A4324 | Key Derivation | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13:KBKDF", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra®Q80-30:KBKDF", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel®Xeon® Platinum 8358:KBKDF", "Oracle Linux 9 on Marvell OCTEON III:KBKDF | SP 800-108r1", "KDA OneStep1with HMAC-SHA-1,HMAC-SHA-224,HMAC-SHA-224,HMAC-SHA-256,HMAC-SHA-284,HMAC-SHA-252,HMAC-SHA-252/224,HMAC-SHA-252/256,HMAC-SHA-3224,HMAC-SHA-3256,HMAC-SHA-384,HMAC-SHA-3512 | #A4309 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13:KDA", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra®Q80-30:KDA", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel®Xeon® Platinum 8358:KDA", "Oracle Linux 9 on Marvell OCTEON III:KDA | SP 800-56Cr2", "PBKDF2 with SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256, | #A4317,#A4326,#A4330,#A4344,#A4345,#A4346 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13:SHA\\_ASM,SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra®Q80-30:SHA\\_ASM,SHA\\_CE", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel®Xeon® Platinum 8358:SHA\\_ASM,SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3", "Oracle Linux 9 on Marvell OCTEON III:SHA\\_ASM | Option 1a SP 800-132", "PBKDF2 with SHA3-224,SHA3-256,SHA3-384,SHA3-512 | #A4312,#A4319 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7J13:SHA3\\_ASM", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra®Q80-30:SHA3\\_CE", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel®Xeon® Platinum 8358:SHA3\\_ASM", "Oracle Linux 9 on Marvell OCTEON III:SHA3\\_ASM", "RSA PKCSH1 v1.5 and PSS with SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Signature Generation using 2048, 3072, 4096-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_CE", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3", "Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 186-4", "Signature Verification using 1024, 2048, 3072, 4096-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI", "Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM", "Oracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI", "Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "RSA | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Key Pair Generation using 2048-15360-bit keys | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3", "Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 186-4 Appendix B.3.6 Probable Primes with Conditions Based on Auxiliary Probable Primes", "SHA-1, SHA2-224, SHA2-384, SHA2-512, SHA2-512/224, SHA2-512/256 | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Hashing | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_CEOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM | FIPS 180-4", "SHA2-256 | #A4317, #A4318, #A4326, #A4330, #A4344, #A4345, #A4346 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASM, SHA\\_CE, NEONOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SHA\\_SSSE3Oracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "SHA3-224, SHA3-256, SHA3-384, SHA3-512 | #A4312, #A4319 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA3\\_ASM", "SHAKE128, SHAKE256 | XOFs | Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SHA\\_ASMOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SHA\\_ASMOracle Linux 9 on Marvell OCTEON III: SHA\\_ASM", "SSH KDF (CVL) with AES-128, AES-192, AES-256 and SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | #A4320, #A4331, #A4332, #A4333, #A4334 | Key Derivation | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SSH\\_ASM, SSH\\_SHANI, SSH\\_AVX2, SSH\\_AVX, SSH\\_SSSE3Oracle Linux 9 on KVM on Oracle Linux 8 on Ampere® Altra® Q80-30: SSH\\_ASMOracle Linux 9 on KVM on Oracle Linux 8 on Intel® Xeon® Platinum 8358: SSH\\_ASM, SSH\\_SHANI, SSH\\_AVX2, SSH\\_AVX, SSH\\_SSSE3Oracle Linux 9 on Marvell OCTEON III: SSH\\_ASM | SP 800-135r1", "TLS 1.2 KDF (RFC 7627) (CVL) with SHA2-256, SHA2-384, SHA2-512 using RFC | #A4317, #A4326, #A4330, #A4344, #A4345, #A4346 | Oracle Linux 9 on KVM on Oracle Linux 8 on AMD EPYC™ 7001 Series AMD EPYC 7113: SHA\\_ASM, SHA\\_SHANI, SHA\\_AVX2, SSH\\_SSSE3" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4778", "Certificate Number": "4778", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Pseudo Random Number Generator", "Module Type": "Firmware-hybrid", "Validation Date": "08/25/202401/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4778.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4778", "module_name": "Qualcomm® Pseudo Random Number Generator", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/24/2026", "overall_level": 1, "caveat": "Interim validation.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "Qualcomm Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4777", "Certificate Number": "4777", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Panorama 10.2 M-200, M-300, M-600 and M-700", "Module Type": "Hardware", "Validation Date": "08/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4777.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4777", "module_name": "Panorama 10.2 M-200, M-300, M-600 and M-700", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/22/2029", "overall_level": 2, "caveat": "Interim Validation. When operated in approved mode and when installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and physical kit installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Panorama M-Series management appliances provide centralized management and visibility of Palo Alto Networks next generation firewalls. From a central location, you can gain insight into applications, users, and content traversing the firewalls. The knowledge of what is on the network, in conjunction with safe application enablement policies, maximizes protection and control while minimizing administrative effort. Your security team can centrally perform analysis, reporting, and forensics with the aggregated data over time, or on data stored on the local firewall.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4776", "Certificate Number": "4776", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Junos® OS Evolved Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "09/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4776.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4776", "module_name": "Junos® OS Evolved Kernel Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/2/2029", "overall_level": 1, "caveat": "Interim validation. When operated in the approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 operating in the approved mode. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Kernel Cryptographic Module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3599 | - | SP 800-38A", "AES-CMAC | A3599 | - | SP 800-38B", "AES-CTR | A3599 | - | SP 800-38A", "AES-ECB | A3599 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3599 | - | SP 800-38E", "Counter DRBG | A3599 | - | SP 800-90A Rev.1", "Hash DRBG | A3599 | - | SP 800-90A Rev.1", "HMAC DRBG | A3599 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3599 | - | FIPS 198-1", "HMAC-SHA2-224 | A3599 | - | FIPS 198-1", "HMAC-SHA2-256 | A3599 | - | FIPS 198-1", "HMAC-SHA2-384 | A3599 | - | FIPS 198-1", "HMAC-SHA2-512 | A3599 | - | FIPS 198-1", "SHA-1 | A3599 | - | FIPS 180-4", "SHA2-224 | A3599 | - | FIPS 180-4", "SHA2-256 | A3599 | - | FIPS 180-4", "SHA2-384 | A3599 | - | FIPS 180-4", "SHA2-512 | A3599 | - | FIPS 180-4", "AES-CBC | A3600 | - | SP 800-38A", "AES-CTR | A3600 | - | SP 800-38A", "AES-ECB | A3600 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3600 | - | SP 800-38E", "Counter DRBG | A3600 | - | SP 800-90A Rev.1", "Hash DRBG | A3600 | - | SP 800-90A Rev.1", "HMAC DRBG | A3600 | - | SP 800-90A Rev.1", "AES-CBC | A3601 | - | SP 800-38A", "AES-CMAC | A3601 | - | SP 800-38B", "AES-CTR | A3601 | - | SP 800-38A", "AES-ECB | A3601 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3601 | - | SP 800-38E", "Counter DRBG | A3601 | - | SP 800-90A Rev.1", "Hash DRBG | A3601 | - | SP 800-90A Rev.1", "HMAC DRBG | A3601 | - | SP 800-90A Rev.1", "AES-CBC | A3602 | - | SP 800-38A", "AES-CMAC | A3602 | - | SP 800-38B", "AES-CTR | A3602 | - | SP 800-38A", "AES-ECB | A3602 | - | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3602 | - | SP 800-38E", "Counter DRBG | A3602 | - | SP 800-90A Rev.1", "Hash DRBG | A3603 | - | SP 800-90A Rev.1", "HMAC DRBG | A3603 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3603 | - | FIPS 198-1", "HMAC-SHA2-224 | A3603 | - | FIPS 198-1", "HMAC-SHA2-256 | A3603 | - | FIPS 198-1", "HMAC-SHA2-384 | A3603 | - | FIPS 198-1", "HMAC-SHA2-512 | A3603 | - | FIPS 198-1", "SHA-1 | A3603 | - | FIPS 180-4", "SHA2-224 | A3603 | - | FIPS 180-4", "SHA2-256 | A3603 | - | FIPS 180-4", "SHA2-384 | A3603 | - | FIPS 180-4", "SHA2-512 | A3603 | - | FIPS 180-4", "Hash DRBG | A3604 | - | SP 800-90A Rev.1", "HMAC DRBG | A3604 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3604 | - | FIPS 198-1", "HMAC-SHA2-224 | A3604 | - | FIPS 198-1", "HMAC-SHA2-256 | A3604 | - | FIPS 198-1", "HMAC-SHA2-384 | A3604 | - | FIPS 198-1", "HMAC-SHA2-512 | A3604 | - | FIPS 198-1", "SHA-1 | A3604 | - | FIPS 180-4", "SHA2-224 | A3604 | - | FIPS 180-4", "SHA2-256 | A3604 | - | FIPS 180-4", "SHA2-384 | A3604 | - | FIPS 180-4", "SHA2-512 | A3604 | - | FIPS 180-4", "Hash DRBG | A3605 | - | SP 800-90A Rev.1", "HMAC DRBG | A3605 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A3605 | - | FIPS 198-1", "HMAC-SHA2-224 | A3605 | - | FIPS 198-1", "HMAC-SHA2-512 | A3605 | - | FIPS 198-1", "SHA-1 | A3605 | - | FIPS 180-4", "SHA2-224 | A3605 | - | FIPS 180-4", "SHA2-256 | A3605 | - | FIPS 180-4", "SHA2-384 | A3605 | - | FIPS 180-4", "SHA2-512 | A3605 | - | FIPS 180-4", "HMAC-SHA2-256 | A4249 | - | FIPS 198-1", "HMAC-SHA2-256 | A4246 | - | FIPS 198-1", "HMAC-SHA2-256 | A4247 | - | FIPS 198-1", "HMAC-SHA2-256 | A4248 | - | FIPS 198-1", "AES-GCM | Authenticated Encryption and Decryption", "RSA | RSA Encryption and Decryption primitives", "RSA | RSA Signature Verification", "RSA | Signature Generation and Signature Verification primitives with PKCS#1 v1.5 padding", "Symmetric encryption | BC-UnAuth | Symmetric encryption | AES-CBC:128,192,256-bitkeys with 128-256 bits keystrengthAES-CTR:128,192,256-bitkeys with 128-256 bits keystrengthAES-ECB:128, | AES-CBCAES-CBCAES-CBCAES-CBCAES-CTRAES-CTRAES-CTRAES-ECBAES-ECBAES-ECB" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4775", "Certificate Number": "4775", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Junos® OS Evolved OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "09/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4775.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4775", "module_name": "Junos® OS Evolved OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/2/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode with module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776 operating in the Approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Junos® OS Evolved OpenSSL Cryptographic Module provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4774", "Certificate Number": "4774", "Vendor Name": "Red Hat(R), Inc.", "Module Name": "Red Hat Enterprise Linux 9 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "08/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4774.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4774", "module_name": "Red Hat Enterprise Linux 9 NSS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/20/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode and installed, initialized and configured as specified in section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4773", "Certificate Number": "4773", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 11.0 VM-Series", "Module Type": "Software", "Validation Date": "08/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4773.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4773", "module_name": "PAN-OS 11.0 VM-Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/20/2026", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The PAN-OS 11.0 VM-Series is a software cryptographic module and requires an underlying general purpose computer (GPC) environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4772", "Certificate Number": "4772", "Vendor Name": "Thales", "Module Name": "IDCore 3230 / 230 Platform", "Module Type": "Hardware", "Validation Date": "08/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4772.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4772", "module_name": "IDCore 3230 / 230 Platform", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/20/2026", "overall_level": 3, "caveat": "Interim validation", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The Thales IDCore 3230 / 230 Platform cryptographic module, validated to FIPS 140-3 overall Level 3, is a single-chip “contact” or “contact and contactless” module implementing the Global Platform operational environment, with Card Manager and Demonstration Applet. The Demonstration Applet is available only to demonstrate the complete cryptographic capabilities of the Module for FIPS 140-3 validation and is not intended for general use." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4771", "Certificate Number": "4771", "Vendor Name": "Toshiba Electronic Devices & Storage Corporation", "Module Name": "Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series MG09ACP18TA and MG09ACP16TA", "Module Type": "Hardware", "Validation Date": "08/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4771.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4771", "module_name": "Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series MG09ACP18TA and MG09ACP16TA", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/19/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Toshiba Secure TCG Opal SSC Self-Encrypting Drive Series (MG09ACP18TA and MG09ACP16TA) is used for hard disk drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4770", "Certificate Number": "4770", "Vendor Name": "Ericsson Enterprise Wireless Solutions, Inc.", "Module Name": "Cradlepoint Cryptographic Module", "Module Type": "Software", "Validation Date": "08/20/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4770.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4770", "module_name": "Cradlepoint Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/19/2026", "overall_level": 1, "caveat": "Interim Validation, No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ericsson Cryptographic Module is a cryptographic library embedded in Ericsson’s Cradlepoint endpoints. The Ericsson Cryptographic Module offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including TLS 1.2).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4768", "Certificate Number": "4768", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Palo Alto Networks SD-WAN Virtual Instant-On Network (vION)", "Module Type": "Software", "Validation Date": "08/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4768.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4768", "module_name": "Palo Alto Networks SD-WAN Virtual Instant-On Network (vION)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/18/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Palo Alto Networks SD-WAN Virtual Instant-On Network (vION) enables the integration of a diverse set of wide area network (WAN) connection types, improves application performance and visibility, enhances security and compliance, and reduces the overall cost and complexity of your WAN.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766", "Certificate Number": "4766", "Vendor Name": "Microsoft Corporation", "Module Name": "Kernel Mode Cryptographic Primitives Library", "Module Type": "Software", "Validation Date": "08/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766", "module_name": "Kernel Mode Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode, Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode, or TCB Launcher under Cert. #4457 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4765", "Certificate Number": "4765", "Vendor Name": "Entrust", "Module Name": "nShield 5s Hardware Security Module", "Module Type": "Hardware", "Validation Date": "08/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4765.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4765", "module_name": "nShield 5s Hardware Security Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/18/2029", "overall_level": 3, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11.3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield 5s Hardware Security Module is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4764", "Certificate Number": "4764", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "08/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4764.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4764", "module_name": "Samsung Kernel Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/15/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4763", "Certificate Number": "4763", "Vendor Name": "Peplink Pepwave Limited", "Module Name": "Peplink FIPS Module", "Module Type": "Software", "Validation Date": "08/16/202401/23/202512/16/202502/12/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4763.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4763", "module_name": "Peplink FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Peplink FIPS Module is a security module that provides FIPS-approved cryptographic functions and services to a wide range of Peplink products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4762", "Certificate Number": "4762", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 10.2 VM-Series", "Module Type": "Software", "Validation Date": "08/15/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4762.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4762", "module_name": "PAN-OS 10.2 VM-Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/14/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The PAN-OS 10.2.8-h4 VM-Series is a software cryptographic module and requires an underlying general purpose computer (GPC) environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4761", "Certificate Number": "4761", "Vendor Name": "DigiCert, Inc.", "Module Name": "Mocana Cryptographic Suite B Module", "Module Type": "Software", "Validation Date": "08/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4761.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4761", "module_name": "Mocana Cryptographic Suite B Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/13/2029", "overall_level": 1, "caveat": "Interim validation. No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4760", "Certificate Number": "4760", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs", "Module Type": "Hardware", "Validation Date": "08/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4760.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4760", "module_name": "PAN-OS 10.2 running on PA-220, PA-220R, PA-400 Series, PA-800 Series, PA-3200 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, PA-5450, and PA-7000 Series NGFWs", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/13/2029", "overall_level": 2, "caveat": "Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals and Physical Kit installed as indicated in the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Palo Alto Networks offers a full line of next-generation security appliances that range from the PA-220, designed for enterprise remote offices, to the PA-7080, which is a modular chassis designed for high-speed datacenters. The platform architecture is based on our single-pass engine, PAN-OS, for networking, security, threat prevention, and management functionality that is consistent across all platforms. The devices differ only in capacities, performance, and physical configuration.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4759", "Certificate Number": "4759", "Vendor Name": "Amazon Web Services Inc.", "Module Name": "AWS-LC Cryptographic Module (dynamic)", "Module Type": "Software", "Validation Date": "08/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4759.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4759", "module_name": "AWS-LC Cryptographic Module (dynamic)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/13/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.", "detail_available": true, "algorithms": [ "AES", "CVL", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ], "algorithms_detailed": [ "AES-CBC | A4489,A4493,A4501,A4484,A4487,A4497 | Encryption,Decryption using 128,192,256 bits key | Amazon Linux 2023 on EC2 bare metal on Amazon Graviton3:AES\\_C,CE,VPAESUbuntu on EC2 bare metal on Amazon Graviton3AWS Graviton:AES\\_C,CE,VPAESAmazon Linux 2 on EC2 bare metal on Amazon Graviton3:AES\\_C,CE,VPAESAmazon Linux 2 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASMAmazon Linux 2023 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASMUbuntu on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASM | FIPS 197,SP800-38A", "AES-CCM | A4489,A4493,A4501,A4484,A4487,A4497 | Authenticated Encryption, Authenticated Decryption, Key Wrapping, Key Unwrapping using 128 bit key | Amazon Linux 2023 on EC2 bare metal on Amazon Graviton3:AES\\_C,BAES\\_CTASM,CE,VPAESUbuntu on EC2 bare metal on Amazon Graviton3AWS Graviton:AES\\_C,BAES\\_CTASM,CE,VPAESAmazon Linux 2 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASMAmazon Linux 2023 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASMUbuntu on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM,BAES\\_CTASM | FIPS 197,SP800-38C,IG.D.G", "AES-CMAC | A4489,A4493,A4501,A4487,A4497 | Message Authentication Generation 128-or 256-bits key | Amazon Linux 2023 on EC2 bare metal on Amazon Graviton3:AES\\_C,BAES\\_CTASM,CE,VPAESUbuntu on EC2 bare metal on Amazon Graviton3AWS Graviton:AES\\_C,BAES\\_CTASM,CE,VPAESAmazon Linux 2 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASMAmazon Linux 2023 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASMUbuntu on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL:AESNI,AESASM | FIPS 197,SP800-38B", "AES-CTR | A4489,A4493,A4501,A4484,A4487,A4497 | Encryption,Decryption128,192,256 bits key | Amazon Linux 2023 on EC2 bare metal on AmazonGraviton3 AES,C BAES CTASM,CE VPAESUbuntu on EC2 bare metal on AmazonGraviton3AWS Graviton:AES,C BAES CTASM,CE VPAESAmazon Linux 2 on EC2 bare metal on AmazonGraviton3:AES,C BAES CTASM,CE VPAESAmazon Linux 2 on EC2 bare metal on Intel CascadeLake Xeon Platinum 8275CL:AESNI,AESASM,BAES CTASMAmazon Linux 2023 on EC2 bare metal on IntelCascadeLake Xeon Platinum 8275CL:AESNI,AESASM,BAES CTASMUbuntu on EC2 bare metal on Intel CascadeLakeXeon Platinum 8275CL:AESNI,AESASM,BAES CTASM | FIPS 197,SP800-38A", "AES-ECB | A4489,A4490,A4493,A4494,A4496,A4501,A4502,A4484,A4485,A4486,A4487,A4488,A4495,A4497,A4498,A4499,A4500 | Encryption,Decryption using 128,192,256 bits key | Amazon Linux 2023 on EC2 bare metal on AmazonGraviton3 AES,C AES,C GCM,CE,CE\\_GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMUbuntu on EC2 bare metal on AmazonGraviton3AWS Graviton:AES,C AES,C GCM,CE,CE\\_GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMAmazon Linux 2 on EC2 bare metal on AmazonGraviton3AES,C AES,C GCM,CE,CE\\_GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMAmazon Linux 2 on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI,AESNI AVX,AESNI\\_ASM,AESASM,AESASMAVX,AES\\_CLMULNI,AESASM ASM,AESASM CLMULNI,AESNI\\_CLMULNI,BASES CTASM AVX,BAES CTASM CLMULNI,BAES CTASM ASMUbuntu on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI,AESNI AVX,AESNI\\_ASM,AESASM,AESASMAVX,AES\\_CLMULNI,AESNI\\_CLMULNI,BASES CTASM AVX,BAES CTASM CLMULNI,BAES CTASM ASMUbuntu on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI,AESNI AVX,AESNI\\_ASM,AESASM,AESASMAVX,AES\\_CLMULNI,AESNI\\_CLMULNI,BASES CTASM AVX,BAES CTASM CLMULNI,BAES CTASM ASM | FIPS 197,SP800-38A", "AES-GCM | A4490,A4494,A4496,A4502,A4503,A4504,A4485,A4486,A4488,A4495,A4498,A4499,A4500 | AuthenticatedEncryption(withInternal IVMode8.2.2)andKeyWrapping using 128or 256 bits key | Amazon Linux 2023 on EC2 bare metal on AmazonGraviton3AES,C AES,C GCM,CE,GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMUbuntu on EC2 bare metal on AmazonGraviton3AWS Graviton:AES,C AES,C GCM,CE,GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMAmazon Linux 2 on EC2 bare metal on AmazonGraviton3AES,C AES,C GCM,CE,GCM\\_UNROLLB\\_EOR3,CE\\_GCM,VPAES,VPAES\\_GCMAmazon Linux 2 on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI,AESNI AVX,AESNI\\_ASM,AESASM,AESASMAVX,AES\\_CLMULNI,AESNI\\_CLMULNI,BASES CTASM AVX,BAES CTASM CLMULNI,BAES CTASM ASMUbuntu on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI,AESNI AVX,AESNI\\_ASM,AESASM,AESASMAVX,AES\\_CLMULNI,AESNI\\_CLMULNI,BASES CTASM AVX,BAES CTASM CLMULNI,BAES CTASM ASM | FIPS 197,SP800-38D,IG.D.G", "AES-GCM | AuthenticatedDecryption(withexternalIV)和KeyUnwrappingusing128-or256-bitskey | Amazon Linux 2023 on EC2 bare metal on IntelCascadeLakeXeon Platinum 8275CL:AESNI AVX,AESNI\\_ASM,AESASMAVX,AES\\_CLMULNI,AESASM ASM | FIPS 197,SP800-38D,IG.D.G", "AES-GMAC | Message Authentication Generation using 128 or 256-bits key | AESASM\\_CLMULNI,AESNI\\_CLMULNI,BAES\\_CTASM\\_AVX,BAES\\_CTASM\\_CLMULNI,BAES\\_CTASM\\_ASMAmazon Linux 2023 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI\\_AVX,AESNI\\_ASM,AESASM\\_AVX,AESNI\\_CLMULNI,BAES\\_CTASM\\_AVX,BAES\\_CTASM\\_CLMULNI,BAES\\_CTASM\\_ASMUbuntu on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI\\_AVX,AESNI\\_ASM,AESASM\\_AVX,AESNI\\_CLMULNI,BAES\\_CTASM\\_AVX,BAES\\_CTASM\\_CLMULNI,BAES\\_CTASM\\_ASM | FIPS 197,SP800-38D", "AES-KW | A4489,A4493,A4501,A4484,A4487,A4497 | Key Wrapping,Key Unwrapping using 128,192,256 bits key | Amazon Linux 2023 on E2C bare metal on Amazon Graviton3;AES,C,BASES\\_CTM,CE,VPAEsUbuntu on E2C bare metal on Amazon Graviton3AWS Graviton:AES,C,BASES\\_CTM,CE,VPAEs | FIPS 197,SP800-38F,IG D.G", "AES-KWP | Encryption,Decryption using 256 bits key | Amazon Linux 2 on E2C bare metal on Amazon Graviton3;AES,C,BASES\\_CTM,CE,VPAEs | FIPS 197,SP800-38E", "AES-XTS | Amazon Linux 2 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASMAmazon Linux 2023 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASMUbuntu on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASM", "CTR\\_DRBG | A4489,A4493,A4501,A4484,A4487,A4497 | Random Number Generation using AES 256 bits without derivation function or prediction resistance. | Amazon Linux 2023 on E2C bare metal on Amazon Graviton3;AES,C,CE,VPAEsUbuntu on E2C bare metal on Amazon Graviton3AWS Graviton:AES,C,CE,VPAEsAmazon Linux 2 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASMAmazon Linux 2023 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASMUbuntu on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;AESNI,AESASM,BAES\\_CTASM | SP800-90Arev1", "ECDSA | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Key Generation using P-224,P-256,P-384,P-521 | Amazon Linux 2023 on E2C bare metal on Amazon Graviton3;SHA\\_ASM,SHA\\_CE,NEONUbuntu on E2C bare metal on Amazon Graviton3AWS Graviton:SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on E2C bare metal on Amazon Graviton3;SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;SHA\\_SHANI,SHA AVX2,SHA AVX2,SHA\\_SSE3 | FIPS 186-5A.2.FIPS 186-5Rejection SamplingSP800-133rev2sections 4,5.1,5.2", "Key Verification using P-224,P-256,P-384,P-521 | Amazon Linux 2 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;SHA\\_SHANI,SHA AVX2,SHA AVX2,SHA\\_SSE3Ubuntu on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;SHA\\_SHANI,SHA AVX2,SHA AVX2,SHA\\_SSE3 | FIPS 186-5 for all except FIPS186-4 for signature verification with SHA-1", "ECDSA with SHA-224,SHA-256,SHA-284,SHA-512 | Signature Generation using P-224,P-256,P-384,P-521 | Amazon Linux 2023 on E2C bare metal on Intel Cascade Lake Xeon Platinum 8275CL;SHA\\_SHANI,SHA AVX2,SHA AVX2,SHA\\_SSE3", "ECDSA with SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | Signature Verification using P-224,P-256,P-384,P-521", "HMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512,HMAC-SHA2-512/256 | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Message Authentication Generation using 112-524288 bits key | Amazon Linux 2023 on EC2 bare metal on Amazon Graviton3: SHA\\_ASM,SHA\\_CE,NEONUbuntu on EC2 bare metal on Amazon Graviton3AW5 Graviton: SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on EC2 bare metal on Amazon Graviton3: SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL: SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3Amazon Linux 2023 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL: SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3Ubuntu on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL: SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3 | FIPS 198-1SP800-56ARev3IG D.F scenario2(1)", "KAS-ECC-SSCECC Ephemeral Unified scheme | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Shared Secret Computation using P-224,P-256,P-384,P-521", "KDA HKDF withHMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA-256,HMAC-SHA2-384,HMAC-SHA2-512 | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Key DerivationDerived Key Length:2048Shared Secret Length:224-2048 Increment8 | SP800-56Crev1;SP800-133rev2section6.2", "KDF TLS(CVL)TLS 1.0/1.1,TLS 1.2(RFC7627)withSHA2-256,SHA2-384,SHA2-512 | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Key Derivation | SP800-135rev1;SP800-133rev2section6.2", "PBKDF withHMAC-SHA-1,HMAC-SHA2-224,HMAC-SHA2-256,HMAC-SHA2-384,HMAC-SHA2-512 | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Password based key derivation:Iteration Count:1000-10000 Increment1Password Length:14-128 Increment1Salt Length:128-4096Increment8Key Data Length:128-4096 Increment8 | Amazon Linux 2023 on EC2 bare metal on Amazon Graviton3: SHA\\_ASM,SHA\\_CE,NEONUbuntu on EC2 bare metal on Amazon Graviton3AW5 Graviton: SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on EC2 bare metal on Amazon Graviton3: SHA\\_ASM,SHA\\_CE,NEONAmazon Linux 2 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL: SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3Amazon Linux 2023 on EC2 bare metal on Intel Cascade Lake Xeon Platinum 8275CL: SHA\\_SHANI,SHA\\_AVX2,SHA\\_AVX,SHA\\_SSSE3 | SP800-132Option 1a;SP800-133rev2section6.2", "RSA | A4483,A4491,A4492,A4505,A4506,A4507,A4508 | Key Generation using2048,3072,4096 bitskey | FIPS 186-5A.1.3 Random Probable Primes;SP800-133rev2sections4,5.1", "CKG(ECDSA KeyGen) | ECDSA KeyGen(FIPS186-5):P-224,P-256,P384,P-521elliptic curves with112-256bits of key strength | FIPS186-5,A.2.2Rejection Sampling;SP800-133Rev2section4andIGD.Hcomment2(without anyV,as described inAdditionalComments2ofIGD.H)", "MD5 | Allowed per IG 2.4.A | Message Digest used in TLS 1.0/1.1 KDF only", "AES with OFB or CFB1, CFB8 modes | Encryption, Decryption", "AES GCM,GCM,GMAC,XTS with keys not listed in Table 5 | Encryption, Decryption", "AES using aes\\_\\*\\_generic function | Encryption, Decryption", "AES GMAC using aes\\_\\*\\_generic | Message Authentication Generation", "Diffie Hellman | Shared Secret Computation", "HMAC-MD4,HMAC-MD5,HMAC-SHA1,HMAC-SHA-3,HMAC-RIPEMD-160 | Message Authentication Generation", "MD5 | Message Digest (outside of TLS)", "RSA using RSA\\_generate\\_key\\_ex | Key Generation", "ECDSA using EC\\_KEY\\_generate\\_key | Key Generation", "RSA using keys less than 2048 bits | Signature Generation", "RSA using keys less than 1024 bits | Signature Verification", "RSA | Key Encapsulation/Un-encapsulation, sign/verify primitive operations without hashing", "RSA with PKCS#1 v1.5 and OAEP padding | Encryption primitive", "SHA-1,SHA-3 | Signature Generation", "SHAKE,RIPEMD-160,SHA-3 | Message Digest", "TLS KDF using any SHA algorithms not listed in Table 5 or TLS KDF using non extended master secret | Key Derivation" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4758", "Certificate Number": "4758", "Vendor Name": "Rambus Inc.", "Module Name": "CryptoManager Root of Trust RT-660", "Module Type": "Hardware", "Validation Date": "08/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4758.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4758", "module_name": "CryptoManager Root of Trust RT-660", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/11/2029", "overall_level": 2, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The CryptoManager Root of Trust (CMRT) RT-660 is an independent Silicon IP Security Module for integration into semiconductor devices, offering secure execution of authenticated user applications, tamper detection and protection, DPA resistance and secure storage and handling of keys and security assets.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4757", "Certificate Number": "4757", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]", "Module Type": "Hardware", "Validation Date": "08/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4757.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4757", "module_name": "Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/8/2026", "overall_level": 2, "caveat": "Interim validation. When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware, SL2/PHY3] is a Hardware module implemented as a sub-chip running on a single-chip processor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4756", "Certificate Number": "4756", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware] (SL2)", "Module Type": "Hardware", "Validation Date": "08/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4756.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4756", "module_name": "Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware] (SL2)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/8/2026", "overall_level": 2, "caveat": "Interim validation. When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Apple corecrypto Module v11.1 [Apple silicon, Secure Key Store, Hardware] (SL2) is a Hardware module implemented as a sub-chip running on a single-chip processor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755", "Certificate Number": "4755", "Vendor Name": "IBM Corporation", "Module Name": "IBM® Crypto for C", "Module Type": "Software", "Validation Date": "08/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4755.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4755", "module_name": "IBM® Crypto for C", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/8/2029", "overall_level": 1, "caveat": "Interim validation. When operated in the approved mode. When installed, initialized and configured as specified in sections 11.1 and 11.2 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The IBM Crypto for C version 8.8.1.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4754", "Certificate Number": "4754", "Vendor Name": "Red Hat(R), Inc.", "Module Name": "Red Hat Enterprise Linux 9 libgcrypt", "Module Type": "Software", "Validation Date": "08/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4754.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4754", "module_name": "Red Hat Enterprise Linux 9 libgcrypt", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/8/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 9 libgcrypt is a software library implementing general purpose cryptographic algorithms", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CCM | A3757 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-CMAC | A3757 | Direction- Generation, Verification Key Length-128,192,256 | SP 800-38B", "AES-CTR | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-ECB | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-KW | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38F", "AES-OFB | A3757 | Direction- Decrypt, Encrypt Key Length-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A3757 | Direction-Decrypt,Encrypt Key Length-128,256 | SP800-38E", "Counter DRBG | A3757 | Prediction Resistance-No,Yes Mode-AES-128,AES-192,AES-256 Derivation Function Enabled-Yes | SP800-90A Rev.1", "ECDSA KeyGen(FIPS186-4) | A3757 | Curve-P-224,P-256,P-384,P-521 Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A3757 | Curve-P-224,P-256,P-384,P-521 | FIPS186-4", "ECDSA SigGen(FIPS186-4) | A3757 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A3757 | Component-No Curve-P-224,P-256,P-384,P-521 Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS186-4", "Hash DRBG | A3757 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-512 | SP800-90A Rev.1", "HMAC DRBG | A3757 | Prediction Resistance-No,Yes Mode-SHA-1,SHA2-256,SHA2-512 | SP800-90A Rev.1", "HMAC-SHA-1 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-224 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-256 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512/224 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA2-512/256 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-224 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-256 | A3757 | Key Length-Key Length:112-524288 Increment8 | FIPS198-1", "HMAC-SHA3-384 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "HMAC-SHA3-512 | A3757 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1", "PBKDF | A3757 | Iteration Count - Iteration Count: 1000-10000000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3757 | Key Generation Mode-B.3.3 Modulo-2048,3072,4096 Primality Tests-Table C.2 Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3757 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A3757 | Signature Type-PKCS 1.5,PKCSPSS Modulo-1024,1536 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3757 | Signature Type-PKCS 1.5,PKCSPSS Modulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A3757 | Message Length-Message Length:0-65536 Increment 8 Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A3757 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A3757 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A3757 | Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A3757 | Output Length - Output Length:16-65536 Increment 8 | FIPS 202", "HMAC-SHA-1 | A3758 | Key Length - Key Length:112-524288Increment 8 | FIPS 198-1", "SHA-1 | A3758 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CCM | A3759 | Key Length-128,192,256 | SP 800-38C", "AES-CFB128 | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CFB8 | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-CMAC | A3759 | Direction-Genation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-CTR | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-ECB | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-KW | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38F", "AES-OFB | A3759 | Direction-Decrypt,EncryptKey Length-128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A3759 | Direction-Decrypt,EncryptKey Length-128,256 | SP 800-38E", "CounterDRBG | A3759 | PredictionResistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP 800-90ARev.1", "ECDSASigGen(FIPS186-4) | A3759 | Component-NoCurve-P-224,P-256,P-384,P-521HashAlgorithm-SHA2-224,SHA2-256,SHA2- | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3759 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3759 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3759 | Prediction Resistance-No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3759 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "PBKDF | A3759 | Iteration Count-Iteration Count:1000-10000000 Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3759 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3759 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A3759 | Signature Type-PKCS1.5,PKCSPSSModulo-1024,1536 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3759 | Signature Type-PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3759 | Message Length-Message Length:0-65536Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3759 | Message Length - Message Length:0-65536 Increment8Large Message Sizes-1,2,4,8 | FIPS 180-4", "AES-CBC | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CCM | A3760 | KeyLength-128,192,256 | SP 800-38C", "AES-CFB128 | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-CMAC | A3760 | Direction-Generation,VerificationKeyLength-128,192,256 | SP 800-38B", "AES-CTR | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-ECB | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-KW | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38F", "AES-OFB | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38A", "AES-XTSTestingRevision2.0 | A3760 | Direction-Decrypt,EncryptKeyLength-128,192,256 | SP 800-38E", "CounterDRBG | A3760 | PredictionResistance-No,YesMode-AES-128,AES-192,AES-256DerivationFunctionEnabled-Yes | SP 800-90ARev.1", "ECDSA KeyGen(FIPS186-4) | A3760 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3760 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3760 | Component - NoCurve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3760 | Component - NoCurve-P224,P256,P384,P521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512/SHA2-512/SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3760 | Prediction Resistance - No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3760 | Prediction Resistance - No,YesMode-SHA-1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A3760 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "PBKDF | A3760 | Iteration Count-Iteration Count:1000-10000000Increment1Password Length-Password Length:8-128Increment1 | SP 800-132", "RSA KeyGen(FIPS186-4) | A3760 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS 186-4", "RSA SigGen(FIPS186-4) | A3760 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-2) | A3760 | Signature Type-PKCS 1.5,PKCSPSSModulo-1024,1536 | FIPS 186-4", "RSA SigVer(FIPS186-4) | A3760 | Signature Type-PKCS 1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "SHA-1 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-224 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-256 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-384 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A3760 | Message Length - Message Length: 0-65536 Increment 8Large Message Sizes - 1,2,4,8 | FIPS 180-4", "ECDSA KeyGen(FIPS186-4) | A3761 | Curve-P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS 186-4", "ECDSA KeyVer(FIPS186-4) | A3761 | Curve-P-224,P-256,P-384,P-521 | FIPS 186-4", "ECDSA SigGen(FIPS186-4) | A3761 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "ECDSA SigVer(FIPS186-4) | A3761 | Component-NoCurve-P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | FIPS 186-4", "Hash DRBG | A3761 | Prediction Resistance-No,YesMode-SHA1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC DRBG | A3761 | Prediction Resistance-No,YesMode-SHA1,SHA2-256,SHA2-512 | SP 800-90ARev.1", "HMAC-SHA-1 | A3761 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A3761 | Key Length-Key Length:112-524288Increment8 | FIPS 198-1" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4753", "Certificate Number": "4753", "Vendor Name": "Corsec Security, Inc.", "Module Name": "CorSSL FIPS Object Module", "Module Type": "Software", "Validation Date": "08/08/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4753.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4753", "module_name": "CorSSL FIPS Object Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/7/2029", "overall_level": 1, "caveat": "Interim Validation, No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The CorSSL FIPS Object Module provides FIPS-Approved symmetric encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation functionality to third-party solutions general data protection and in support of secure communications protocols.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4752", "Certificate Number": "4752", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "IOS Common Cryptographic Module (IC2M)", "Module Type": "Firmware", "Validation Date": "08/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4752.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4752", "module_name": "IOS Common Cryptographic Module (IC2M)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/6/2029", "overall_level": 1, "caveat": "Interim Validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly; Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4751", "Certificate Number": "4751", "Vendor Name": "Nokia of America Corporation (Nokia)", "Module Name": "Nokia 1830 Photonic Service Switch (PSS) R23.3 Nokia 1830 Photonic Service Interconnect – Modular (PSI-M) R23.3", "Module Type": "Hardware", "Validation Date": "08/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4751.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4751", "module_name": "Nokia 1830 Photonic Service Switch (PSS) R23.3 Nokia 1830 Photonic Service Interconnect – Modular (PSI-M) R23.3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/4/2026", "overall_level": 2, "caveat": "Interim Validation.The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "1830 Photonic Service Switch (PSS): Scalable optimized end-to-end optical transport solutions for metro, regional and long-haul networks. 1830 Photonic Service Switch - x( PSS -x): Scalable and efficient P-OTN switching for multi-protocol wholesale services. 1830 photonic service interconnect (PSI): Scalable disaggregated compact modular platforms for scalable DCI and optical transport applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4750", "Certificate Number": "4750", "Vendor Name": "Cloudlinux Inc., TuxCare division", "Module Name": "Kernel Cryptography Module for AlmaLinux 9", "Module Type": "Software", "Validation Date": "08/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4750.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4750", "module_name": "Kernel Cryptography Module for AlmaLinux 9", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/1/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4749", "Certificate Number": "4749", "Vendor Name": "Intel Corporation", "Module Name": "Crypto Module for Intel® Alder Point PCH Converged Security and Manageability Engine (CSME)", "Module Type": "Firmware-hybrid", "Validation Date": "08/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4749.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4749", "module_name": "Crypto Module for Intel® Alder Point PCH Converged Security and Manageability Engine (CSME)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "8/1/2029", "overall_level": 2, "caveat": "Interim Validation. When operated in approved mode. When initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The Cryptographic Module for Intel® Converged Security and Manageability Engine(CSME) is a firmware-hybrid module. The module consists of both hardware and firmware. The hardware portion is the Converged Security Engine (CSE) and the firmware portion is the crypto driver process of the Manageability Engine (ME). The two portions form the cryptographic boundary and they combine as Converged Security and Manageability Engine (CSME) to perform cryptographic functions within the Alder Point PCH applications executing on the CSME OS.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4748", "Certificate Number": "4748", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "08/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4748.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4748", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/31/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4747", "Certificate Number": "4747", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco FIPS Object Module", "Module Type": "Firmware-hybrid", "Validation Date": "08/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4747.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4747", "module_name": "Cisco FIPS Object Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/31/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco FIPS Object Module (FOM) is a firmware hybrid library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead, it provides the cryptographic primitives and functions to allow a developer to implement the various protocols.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4746", "Certificate Number": "4746", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 9 OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "07/31/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4746.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4746", "module_name": "Red Hat Enterprise Linux 9 OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/30/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Red Hat Enterprise Linux 9 OpenSSL FIPS Provider provides a C language application program interface (API) for use by other applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4745", "Certificate Number": "4745", "Vendor Name": "Entrust", "Module Name": "nShield 5s Hardware Security Module", "Module Type": "Hardware", "Validation Date": "07/31/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4745.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4745", "module_name": "nShield 5s Hardware Security Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/30/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11.3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield 5s PCIe Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4744", "Certificate Number": "4744", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Linux Kernel FIPS Object Module (KFOM) Cryptographic Module", "Module Type": "Firmware-hybrid", "Validation Date": "07/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4744.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4744", "module_name": "Linux Kernel FIPS Object Module (KFOM) Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.", "module_type": "Firmware-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco Linux Kernel FIPS Object Module (KFOM) is a firmware hybrid cryptographic library that serves the operating system kernel. It does not implement any security protocols, instead only allowing for Linux kernel applications access to using approved algorithms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4743", "Certificate Number": "4743", "Vendor Name": "Legion of the Bouncy Castle Inc.", "Module Name": "BC-FJA (Bouncy Castle FIPS Java API)", "Module Type": "Software", "Validation Date": "07/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4743.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4743", "module_name": "BC-FJA (Bouncy Castle FIPS Java API)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/28/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4742", "Certificate Number": "4742", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "07/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4742.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4742", "module_name": "SUSE Linux Enterprise GnuTLS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/25/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS protocol. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with SUSE Linux Enterprise.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4741", "Certificate Number": "4741", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Palo Alto Networks Core Crypto Module", "Module Type": "Software", "Validation Date": "07/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4741.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4741", "module_name": "Palo Alto Networks Core Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/25/2029", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs (e.g., keys) whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Palo Alto Networks Core Crypto Module is a software cryptographic module that can run on various environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4740", "Certificate Number": "4740", "Vendor Name": "Thales", "Module Name": "CipherTrust Transparent Encryption Cryptographic Module", "Module Type": "Software-hybrid", "Validation Date": "07/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4740.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4740", "module_name": "CipherTrust Transparent Encryption Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/25/2029", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The CipherTrust Transparent Encryption Cryptographic Module is a loadable kernel module for Windows, Linux and IBM AIX. It is also loadable in the user space for Linux. The module communicates with the SecFS, a secure layer that sits over the filesystem to secure files and directories and to enforce the access and encryption policy.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KDF", "RSA", "SHA" ], "algorithms_detailed": [ "AES-CBC | A3609 | Direction-Decrypt,EncryptKeyLength-128,256 | SP800-38A", "AES-CBC-CS1 | A3609 | Direction-decrypt,encryptKeyLength-128,256 | SP800-38A", "AES-XTSTestingRevision2.0 | A3609 | Direction-Decrypt,EncryptKeyLength-256 | SP800-38E", "HMAC-SHA2-256 | A3609 | KeyLength-KeyLength:256-448Increment8 | FIPS198-1", "HMAC-SHA2-384 | A3609 | KeyLength-KeyLength:256-448Increment8 | FIPS198-1", "PBKDF | A3609 | IterationCount-IterationCount:90000-120000Increment1000PasswordLength-PasswordLength:96-128Increment1 | SP800-132", "SHA2-256 | A3609 | - | FIPS180-4", "SHA2-384 | A3609 | - | FIPS180-4", "RSA | Used for key wrapping as part of the key exchange protocol between the key manager and the CipherTrust Transparent Encryption agent." ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4739", "Certificate Number": "4739", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module", "Module Type": "Software", "Validation Date": "07/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4739.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4739", "module_name": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/24/2026", "overall_level": 1, "caveat": "Interim validation. When operated in Approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK7) Cryptographic Module and Oracle Linux 9 Unbreakable Enterprise Kernel (UEK7) API provides a C language API for use by other (kernel space and user space) processes that require cryptographic functionality", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4738", "Certificate Number": "4738", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Inline Crypto Engine (UFS)", "Module Type": "Hardware", "Validation Date": "07/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4738.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4738", "module_name": "Qualcomm® Inline Crypto Engine (UFS)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/24/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm® Inline Crypto Engine (UFS) provides high throughput storage data encryption and decryption. Inline Crypto Engine (UFS) versions 3.2.0 [1], 3.2.1 [2], 4.0.1 [3] and 4.0.2 [4] are supported by various Qualcomm platforms including Qualcomm QCM6490 [1], Qualcomm QCM4490 [2], Qualcomm QCS6490 [1], Qualcomm QCS4490 [2], Snapdragon® 695 5G Mobile Platform [1], Snapdragon 8 Gen 2 Mobile Platform [3], Snapdragon 8+ Gen 1 Mobile Platform [2], Snapdragon 4 Gen 2 Mobile Platform [2], Snapdragon 6 Gen 1 Mobile Platform [2], Snapdragon 7 Gen 1 Mobile Platform [2], Snapdragon 8 Gen 1 Mobile Platform [2], Snapdragon 8 Gen 3 Mobile Platform [4].", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4737", "Certificate Number": "4737", "Vendor Name": "STMicroelectronics", "Module Name": "Trusted Platform Module ST33KTPM2XSPI / ST33KTPM2X / ST33KTPM2A / ST33KTPM2I", "Module Type": "Hardware", "Validation Date": "07/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4737.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4737", "module_name": "Trusted Platform Module ST33KTPM2XSPI / ST33KTPM2X / ST33KTPM2A / ST33KTPM2I", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/24/2026", "overall_level": 1, "caveat": "Interim validation, When operated in Approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The ST33KTPM2X, ST33KTPM2XSPI, ST33KTPM2X, ST33KTPM2A, ST33KTPM2I Trusted Platform Module (TPM) are hardware cryptographic modules which implement the TPM2.0 standard as defined by the Trusted Computing Group. TPMs are used primarily for the generation, storage, and management of cryptographic keys, as well was for secure storage of digital certificates." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4736", "Certificate Number": "4736", "Vendor Name": "cPacket Networks Inc.", "Module Name": "cPacket Crypto Module", "Module Type": "Software", "Validation Date": "07/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4736.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4736", "module_name": "cPacket Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "cPacket powers hybrid-cloud observability through its Intelligent Observability Platform. The module delivers core cryptographic functions for robust algorithm support, secure key management, data integrity, and secure communications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4735", "Certificate Number": "4735", "Vendor Name": "Google, LLC.", "Module Name": "BoringCrypto", "Module Type": "Software", "Validation Date": "07/23/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4735.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4735", "module_name": "BoringCrypto", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/22/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys). When operated in approved mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4734", "Certificate Number": "4734", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Firepower Next-Generation IPS Virtual VMware Cryptographic Module", "Module Type": "Software", "Validation Date": "07/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4734.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4734", "module_name": "Firepower Next-Generation IPS Virtual VMware Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/21/2029", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4733", "Certificate Number": "4733", "Vendor Name": "F5, Inc.", "Module Name": "Device Cryptographic Module", "Module Type": "Hardware", "Validation Date": "07/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4733.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4733", "module_name": "Device Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/21/2026", "overall_level": 2, "caveat": "Interim Validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals with F5-ADD-BIG-FIPS140 kit installed as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4732", "Certificate Number": "4732", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Pseudo Random Number Generator", "Module Type": "Firmware-hybrid", "Validation Date": "07/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4732.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4732", "module_name": "Qualcomm® Pseudo Random Number Generator", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/21/2029", "overall_level": 1, "caveat": "Interim validation. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "Qualcomm® Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG. Pseudo Random Number Generator version 3.0.0 is supported by various Qualcomm platforms including Snapdragon® 8 Gen 1 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Qualcomm QCM6490, Qualcomm QCS6490.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4731", "Certificate Number": "4731", "Vendor Name": "NetApp, Inc.", "Module Name": "NetApp CryptoMod", "Module Type": "Software", "Validation Date": "07/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4731.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4731", "module_name": "NetApp CryptoMod", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/18/2029", "overall_level": 1, "caveat": "Interim validation. When installed, initialized and configured as specified in section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "NetApp CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption services for NetApp’s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software-only cryptographic module.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "SHA" ], "algorithms_detailed": [ "AES-CBC | A6624 | - | SP 800-38A", "AES-CCM | A6624 | - | SP 800-38C", "AES-CMAC | A6624 | - | SP 800-38B", "AES-ECB | A6624 | - | SP 800-38A", "AES-GCM | A6624 | - | SP 800-38D", "AES-GMAC | A6624 | - | SP 800-38D", "AES-KWP | A6624 | - | SP 800-38F", "AES-XTS Testing Revision 2.0 | A6624 | - | SP 800-38E", "Counter DRBG | A6624 | - | SP 800-90A Rev.1", "HMAC-SHA-1 | A6624 | - | FIPS 198-1", "HMAC-SHA2-256 | A6624 | - | FIPS 198-1", "HMAC-SHA2-512 | A6624 | - | FIPS 198-1", "KDF SP800-108 | A6624 | - | SP 800-108 Rev.1", "PBKDF | A6624 | - | SP 800-132", "SHA-1 | A6624 | - | FIPS 180-4", "SHA2-256 | A6624 | - | FIPS 180-4", "SHA2-512 | A6624 | - | FIPS 180-4", "SHA3-256 | A6624 | - | FIPS 202" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4730", "Certificate Number": "4730", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Solutions Cryptographic Firmware Module", "Module Type": "Firmware", "Validation Date": "07/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4730.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4730", "module_name": "Motorola Solutions Cryptographic Firmware Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/17/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g. Keys).", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Motorola Solutions Cryptographic Firmware Module is a firmware library that provides cryptographic services to applications running on Motorola Solutions radio products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4729", "Certificate Number": "4729", "Vendor Name": "KAYTUS SYSTEM PTE. LTD.", "Module Name": "Linux OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "07/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4729.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4729", "module_name": "Linux OpenSSL FIPS Provider", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/17/2029", "overall_level": 1, "caveat": "Interim validation. No assurance of the minimum strength of generated SSPs.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Linux OpenSSL FIPS Provider is a cryptographic module integrated in KAYTUS products (e.g Server Baseboard Management Controller) to provide FIPS 140-3 validated cryptography for the protection of sensitive information", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4728", "Certificate Number": "4728", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Linux Enterprise NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "07/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4728.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4728", "module_name": "SUSE Linux Enterprise NSS Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/16/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3 certificates, and other security standards." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4727", "Certificate Number": "4727", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "07/15/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4727.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4727", "module_name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/14/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Linux Enterprise Kernel Crypto API Module provides cryptographic services to the Linux operating system kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4726", "Certificate Number": "4726", "Vendor Name": "Google, LLC.", "Module Name": "Android Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "07/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4726.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4726", "module_name": "Android Kernel Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/11/2029", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Provides general purpose cryptographic services to the Linux kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4725", "Certificate Number": "4725", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "07/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4725.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4725", "module_name": "SUSE Linux Enterprise OpenSSL Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/11/2029", "overall_level": 1, "caveat": "Interim validation. When operated in the approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4724", "Certificate Number": "4724", "Vendor Name": "KeyPair Consulting Inc.", "Module Name": "KeyPair FIPS Provider for OpenSSL 3", "Module Type": "Software", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4724.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4724", "module_name": "KeyPair FIPS Provider for OpenSSL 3", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The KeyPair FIPS Provider for OpenSSL 3 is available to technology vendors that require FIPS 140-3 validated cryptography for OpenSSL 3. Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-3 certificate branded in your company's name.", "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "algorithms_detailed": [ "AES-CCM | A4481 | Key Length - 128,192,256 | SP 800-38C", "AES-CFB1 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB128 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CFB8 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-CTR | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-ECB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-GCM | A4481 | Direction-Decrypt,Encrypt IV Generation-External,Internal IV Generation Mode-8.2.1 KeyLength-128,192,256 | SP 800-38D", "AES-KW | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-KWP | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38F", "AES-OFB | A4481 | Direction-Decrypt,Encrypt KeyLength-128,192,256 | SP 800-38A", "AES-XTS Testing Revision 2.0 | A4481 | Direction-Decrypt,Encrypt KeyLength-128,256 | SP 800-38E", "KAS-ECC CDH-Component SP800-56Ar3(CVL) | A4481 | Curve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521 | SP 800-56A Rev.3", "KAS-ECC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Scheme-ephemeralUnified-KAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-FFC-SSC Sp800-56Ar3 | A4481 | Domain Parameter Generation Methods-FB,FC,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192modp-2048,modp-3072,modp-4096,modp-6144,modp-8192Scheme-dhEphem-KAS Role-initiator,responder | SP 800-56A Rev.3", "KAS-IFC-SSC | A4481 | Modulo -2048,3072,4096,6144,8192Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KAS1-KAS Role-initiator,responderScheme-KAS2-KAS Role-initiator,responder | SP 800-56ARev.3", "KDA HKDF SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8HMAC Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512 | SP 800-56CRev.2", "KDA OneStep SP800-56Cr2 | A4481 | Derived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDA TwoStep SP800-56Cr2 | A4481 | MAC Salting Methods - default, randomKDF Mode - feedbackDerived Key Length - 2048Shared Secret Length - Shared Secret Length:224-8192 Increment 8 | SP 800-56CRev.2", "KDF ANS 9.42(CVL) | A4481 | KDF Type-DERHash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256,SHA3-224,SHA3-256,SHA3-384,SHA3-512Key Data Length-Key Data Length:8-4096Increment8 | SP 800-135Rev.1", "KDF ANS 9.63(CVL) | A4481 | Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512Key Data Length-Key Data Length:128,4096 | SP 800-135Rev.1", "KDF SP800-108 | A4481 | KDF Mode-Counter,FeedbackSupported Lengths-Supported Lengths:8,72,128,776,3456,4096 | SP 800-108Rev.1", "KDF SSH(CVL) | A4481 | Cipher-AES-128,AES-192,AES-256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "PBKDF | A4481 | Iteration Count-Iteration Count:1-10000 Increment1Password Length-Password Length:8-128 Increment8 | SP 800-132", "TLS v1.2 KDF RFC7627(CVL) | A4481 | Hash Algorithm-SHA2-256,SHA2-384,SHA2-512 | SP 800-135Rev.1", "TLS v1.3 KDF(CVL) | A4481 | HMAC Algorithm-SHA2-256,SHA2-384KDF Running Modes-DHE,PSK,PSK-DHE | SP 800-135Rev.1", "DSA KeyGen(FIPS186-4) | A4481 | L-2048,3072N-224,256 | FIPS186-4", "DSA PQGGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA PQGVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA KeyGen(FIPS186-4) | A4481 | Curve-B-233,B-283,B-409,B-571,k-233,k-283,k-409,k-571,P-224,P-256,P-384,P-521Secret Generation Mode-Testing Candidates | FIPS186-4", "ECDSA KeyVer(FIPS186-4) | A4481 | Curve-B-163,B-233,B-283,B-409,B-571,k-163,k-233,k-283,k-409,k-571,P-192,P-224,P-256,P-384,P-521 | FIPS186-4", "EDDSA KeyGen | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "EDDSA KeyVer | A4481 | Curve-ED-25519,ED-448 | FIPS186-5", "RSA KeyGen(FIPS186-4) | A4481 | Key Generation Mode-B.3.3Modulo-2048,3072,4096Primality Tests-Table C.2Private Key Format-Standard | FIPS186-4", "KTS-IFC | A4481 | Modulo -2048,3072,4096,6144Key Generation Methods-rsakpg1-basic,rsakpg1-crt,rsakpg1-prime-factor,rsakpg2-basic,rsakpg2-crt,rsakpg2-prime-factorScheme-KTS-OAEP-basic-KAS Role-initiator,responderKey Transport MethodKey Length-1024 | SP 800-56BRev.2", "AES-CMAC | A4481 | Direction-Generation,VerificationKey Length-128,192,256 | SP 800-38B", "AES-GMAC | A4481 | Direction-Decrypt,EncryptIV Generation-External,InternalIV Generation Mode-8.2.1Key Length-128,192,256 | SP 800-38D", "HMAC-SHA-1 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA2-512/256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-224 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-256 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-384 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "HMAC-SHA3-512 | A4481 | Key Length-Key Length:112-2048 Increment8 | FIPS 198-1", "SHA-1 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-384 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/224 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA2-512/256 | A4481 | Message Length - Message Length:0-65528 Increment 8Large Message Sizes-1,2,4,8 | FIPS 180-4", "SHA3-224 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-256 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-384 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHA3-512 | A4481 | Message Length - Message Length:0-65536 Increment 8Large Message Sizes-1,2,4,8 | FIPS 202", "SHAKE-128 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "SHAKE-256 | A4481 | Output Length-Output Length:16-65536 Increment 8 | FIPS 202", "ECDSA SigGen(FIPS186-4) | A4481 | Component-No,YesCurve-B-233,B-283,B-409,B-571,K-233,K-283,K-409,K-571,P-224,P-256,P-384,P-521Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "ECDSA SigVer(FIPS186-4) | A4481 | Component-NoCurve-B-163,B-233,B-283,B-409,B-571,K-163,K-233,K-283,K-409,K-571,P-192,P-224,P-256,P-384,P-521Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS186-4", "DSA SigGen(FIPS186-4) | A4481 | L-2048,3072N-224,256Hash Algorithm-SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "DSA SigVer(FIPS186-4) | A4481 | L-1024,2048,3072N-160,224,256Hash Algorithm-SHA-1,SHA2-224,SHA2-256,SHA2-384,SHA2-512,SHA2-512/224,SHA2-512/256 | FIPS 186-4", "EDDSA SigGen | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "EDDSA SigVer | A4481 | Curve-ED-25519,ED-448 | FIPS 186-5", "RSA SigGen(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS1.5,PKCSPSSModulo-2048,3072,4096 | FIPS 186-4", "RSA SigGen(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "RSA Signature Primitive(CVL) | A4481 | Private Key Format-crt | FIPS 186-4", "RSA SigVer(FIPS186-4) | A4481 | Signature Type-ANSI X9.31,PKCS1.5,PKCSPSSModulo-1024,2048,3072,4096 | FIPS 186-4", "RSA SigVer(FIPS186-5) | A4481 | Modulo-2048,3072,4096Signature Type-pkcs1v1.5,pss | FIPS 186-5", "Hash DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "HMAC DRBG with SHA3-256,SHA3-512 | KeyPair FIPS Provider for OpenSSL 3 | NIST,SP800-90A Rev.1", "Cipher(Unauth) | BC-UnAuth | AES ciphers | AES-CBCAES-CBC-CS1AES-CBC-CS2AES-CBC-CS3AES-CFB1AES-CFB128AES-CFB8AES-CTRAES-ECBAES-OFBAES-XTS Testing Revision 2.0", "Cipher(Auth) | BC-Auth | Authentication ciphers | AES-CCMAES-GCMAES-KWAES-KWP", "Key agreement | KAS-SSC | Key agreement | KAS:KAS-ECC-SSC provides between 112 and 256 bits of encryption strength; KAS-FFC-SSC provides between 112 and 200 bits of encryption strength; KAS-IFC-SSC provides between 112 and 200 bits of encryption strength | KAS-ECC CDH-ComponentSP800-56Ar3KAS-ECC-SSC Sp800-56Ar3KAS-FFC-SSC Sp800-56Ar3KAS-IFC-SSC", "Key derivation | KAS-135KDFKAS-56KDFKBKDFPBKDF | KAS-KDF HKDF SP800-56Cr2KAS-KDF OneStep SP800-56Cr2KAS-KDF TwoStep SP800-56Cr2KDF ANS 9.42KDF ANS 9.63KDF SP800-108KDF SSHPBKDFTLS v1.2 KDF RFC7627TLS v1.3 KDF", "Key management ECC | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | ECDSA KeyGen(FIPS186-4) ECDSA KeyVer(FIPS186-4)", "Key management Edwards | AsymKeyPair-KeyGen AsymKeyPair-KeyVer | EDDSA KeyGen EDDSA KeyVer", "Key management FFC | AsymKeyPair-KeyGen | DSA KeyGen(FIPS186-4) DSA PQGGen(FIPS186-4) DSA PQGVer(FIPS186-4) Safe Primes Key Generation Safe Primes Key Verification", "Key management IFC | AsymKeyPair-KeyGen | RSA KeyGen(FIPS186-4)", "Key transport | KTS-Encap | KTS:2048,3072,4096 or 6144-bit keys provide between 112 and 176 bits of encryption strength | KTS-IFC", "KTS(Cipher w/CMAC,GMAC,HMAC,KMAC) | BC-Auth BC-UnAuth MAC | SP 800-38F Section 3.1 Provisions | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-CBC AES-CBC-CS1 AES-CBC-CS2 AES-CBC-CS3 AES-CFB1 AES-CFB128 AES-CFB8 AES-CTR AES-ECB AES-OFB AES-CCM AES-GCM AES-GMAC AES-CMAC HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512", "KTS(AES KW,KWP) | BC-Auth | KTS:128,192 or 256-bit keys provide between 128 and 256 bits of encryption strength | AES-KW", "AES-KWP", "MAC AES(CMAC,GMAC) | MAC | AES-GMAC", "AES-CMAC", "MAC HMAC | MAC | HMAC-SHA-1", "HMAC-SHA2-224", "HMAC-SHA2-256", "HMAC-SHA2-384", "HMAC-SHA2-512", "HMAC-SHA2-512/224", "HMAC-SHA2-512/256", "HMAC-SHA3-224", "HMAC-SHA3-256", "HMAC-SHA3-384", "HMAC-SHA3-512", "Message Digest | SHA | SHA-1", "SHA2-224", "SHA2-256", "SHA2-384", "SHA2-512", "SHA2-512/224", "SHA2-512/256", "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "Message Digest(XOF SHAKE) | XOF | SHAKE-128", "SHAKE-256", "Random | DRBG | Counter DRBG", "Hash DRBG", "HMAC DRBG", "Signature DSA | DigSig-SigGen", "DigSig-SigVer | DSA SigGen(FIPS186-4)", "DSA SigVer(FIPS186-4)", "Signature ECDSA | DigSig-SigGen | ECDSA SigGen(FIPS186-4)", "ECDSA SigVer(FIPS186-4)", "Signature EDDSA | DigSig-SigGen | EDDSA SigGen", "EDDSA SigVer", "Signature RSA | DigSig-SigGen | RSA SigGen(FIPS186-4)", "RSA SigGen(FIPS186-5)", "RSA Signature Primitive", "RSA SigVer(FIPS186-4)", "RSA SigVer(FIPS186-5)" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4723", "Certificate Number": "4723", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD ASP Cryptographic CoProcessor (\"Phoenix\")", "Module Type": "Firmware-hybrid", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4723.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4723", "module_name": "AMD ASP Cryptographic CoProcessor (\"Phoenix\")", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "None", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The module is present in these Ryzen PRO 7000 series models (OPNs): 7840U(100-000000970, 100-000000961), 7940HS(100-000000967, 100-000000958), 7840HS(100-000000968, 100-000000959), 7640HS(100-000000969, 100-000000960), 7540U(100-000000971, 100-000000962), 7640U(100-000001111, 100-000001108), 8700G(100-000001238), 8600G(100-000001239), 8700GE(100-000001240), 8600GE(100-000001241), 8840U(100-000001317, 100-000001377), 8640U(100-000001318, 100-000001378), 8840HS(100-000001353, 100-000001381, 100-000001316, 100-000001387), 8940HS(100-000001314, 100-000001386), 8640HS(100-000001354, 100-000001382, 100-000001315, 100-000001388)", "detail_available": true, "algorithms": [ "RSA", "SHA" ], "algorithms_detailed": [ "RSA SigVer(FIPS186-4) | A4201 | Signature Type - PKCSPSSModulo - 4096 | FIPS 186-4", "SHA2-384 | A4201 | MessageLength - MessageLength:0-65536 Increment 8 | FIPS 180-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4722", "Certificate Number": "4722", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4722.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4722", "module_name": "SUSE Linux Enterprise Libgcrypt Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Linux Enterprise Libgcrypt Cryptographic Module is a general purpose cryptographic library based on the code from GnuPG.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4721", "Certificate Number": "4721", "Vendor Name": "Safran Trusted 4D Inc.", "Module Name": "SecureSyncGuard", "Module Type": "Software", "Validation Date": "07/11/202408/08/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4721.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4721", "module_name": "SecureSyncGuard", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "SecureSyncGuard is a standards-based cryptographic engine, enabling secured and trusted network time distribution, within Safran's assured Timing portfolio. SecureSyncGuard provides core cryptographic functions for authentication, encryption, secure communication and key management.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4720", "Certificate Number": "4720", "Vendor Name": "Google, LLC", "Module Name": "Tensor G2 UFS Inline Storage Encryption Cryptographic Module", "Module Type": "Software-hybrid", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4720.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4720", "module_name": "Tensor G2 UFS Inline Storage Encryption Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "Interim Validation", "module_type": "Software-hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Inline storage encryption engine for UFS as part of the Tensor mobile SoC to protect user data at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4719", "Certificate Number": "4719", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200", "Module Type": "Hardware", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4719.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4719", "module_name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200, ION 1200-S, ION 3200, ION 5200, and ION 9200", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 2, "caveat": "Interim Validation. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Palo Alto Networks SD-WAN Instant-On Network (ION) Devices (ION 1200, ION 1200-S, ION 3200, ION 5200 and ION 9200) enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4718", "Certificate Number": "4718", "Vendor Name": "wolfSSL Inc.", "Module Name": "wolfCrypt", "Module Type": "Software", "Validation Date": "07/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4718.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4718", "module_name": "wolfCrypt", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/10/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "wolfCrypt module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency.", "detail_available": true, "algorithms": [ "AES", "DSA" ], "algorithms_detailed": [ "AES-CBC | A4308 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-CCM | A4308 | Key Length - 128, 192, 256 | SP 800-38C", "AES-CMAC | A4308 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B", "AES-CTR | A4308 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-ECB | A4308 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "AES-GCM | A4308 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 KeyLength - 128, 192, 256 | SP 800-38D", "AES-GMAC | A4308 | Direction - Decrypt, Encrypt IV Generation - External, Internal IV Generation Mode - 8.2.1, 8.2.2 KeyLength - 128, 192, 256 | SP 800-38D", "AES-OFB | A4308 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A", "DSA KeyGen (FIPS186-4) | A4308 | L - 2048 N - 256 | FIPS 186-4" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4716", "Certificate Number": "4716", "Vendor Name": "F5, Inc.", "Module Name": "Cryptographic Module for BIG-IP ®", "Module Type": "Software", "Validation Date": "07/09/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4716.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4716", "module_name": "Cryptographic Module for BIG-IP ®", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/8/2026", "overall_level": 1, "caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic library offering various cryptographic mechanisms to BIG-IP Virtual Edition.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4715", "Certificate Number": "4715", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Palo Alto Networks SD-WAN ION Core Crypto Module", "Module Type": "Software", "Validation Date": "07/08/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4715.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4715", "module_name": "Palo Alto Networks SD-WAN ION Core Crypto Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/7/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Palo Alto Networks SD-WAN ION Core Crypto Module is utilized in hardware and software ION form factors. These enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4713", "Certificate Number": "4713", "Vendor Name": "Utility Associates, Inc", "Module Name": "Utility Associates Cryptographic Module", "Module Type": "Software", "Validation Date": "06/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4713.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4713", "module_name": "Utility Associates Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Utility Associates Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to server platforms and features robust algorithm support. Utility Associates Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4712", "Certificate Number": "4712", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Adaptive Security Appliance Virtual Cryptographic Module", "Module Type": "Software", "Validation Date": "06/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4712.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4712", "module_name": "Adaptive Security Appliance Virtual Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/27/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Virtual Adaptive Security Appliances offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. Delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4711", "Certificate Number": "4711", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Firepower Threat Defense Virtual Cryptographic Module", "Module Type": "Software", "Validation Date": "06/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4711.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4711", "module_name": "Firepower Threat Defense Virtual Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/16/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Firepower Threat Defense (FTD) solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, intrusion prevention system (IPS), content security and secure unified communications. All running in a virtual environment.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4710", "Certificate Number": "4710", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Firepower Management Center Virtual VMware Cryptographic Module", "Module Type": "Software", "Validation Date": "06/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4710.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4710", "module_name": "Firepower Management Center Virtual VMware Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/16/2029", "overall_level": 1, "caveat": "Interim Validation. When installed, initialized and configured as specified in section \"Secure Operation\" of the Security Policy and operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco FMCv Module provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. Delivering in-depth analysis, streamlined security management across the network and cloud, and accelerated incident investigation and response, working across Cisco and third-party technologies.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4709", "Certificate Number": "4709", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM1733a/PM1735a Series", "Module Type": "Hardware", "Validation Date": "06/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4709.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4709", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM1733a/PM1735a Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/12/2029", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung NVMe TCG Opal SSC SEDs PM1733a/PM1735a Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS 3072 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4708", "Certificate Number": "4708", "Vendor Name": "Zetetic, LLC", "Module Name": "SQLCipher Cryptographic Module", "Module Type": "Software", "Validation Date": "06/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4708.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4708", "module_name": "SQLCipher Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SQLCipher Cryptographic Module is a cryptographic engine that integrates with SQLCipher, enhancing encrypted database operations with a trusted security layer. SQLCipher provides full database encryption and data integrity protection for local storage at rest. This module guarantees that all data stored and retrieved through SQLCipher is encrypted, decrypted, and verified using a reliable implementation for applications demanding high levels of data security.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4707", "Certificate Number": "4707", "Vendor Name": "Zetetic, LLC", "Module Name": "SQLCipher Cryptographic Module (Mobile)", "Module Type": "Software", "Validation Date": "06/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4707.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4707", "module_name": "SQLCipher Cryptographic Module (Mobile)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SQLCipher Cryptographic Module is a cryptographic engine that integrates with SQLCipher, enhancing encrypted database operations with a trusted security layer. SQLCipher provides full database encryption and data integrity protection for local storage at rest. This module guarantees that all data stored and retrieved through SQLCipher is encrypted, decrypted, and verified using a reliable implementation for applications demanding high levels of data security.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4706", "Certificate Number": "4706", "Vendor Name": "Think Freely Consulting Incorporated", "Module Name": "OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "06/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4706.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4706", "module_name": "OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4705", "Certificate Number": "4705", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "PAN-OS 10.1 VM-Series", "Module Type": "Software", "Validation Date": "06/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4705.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4705", "module_name": "PAN-OS 10.1 VM-Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/6/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The PAN-OS 10.1.5 VM-Series is a software cryptographic module and requires an underlying general purpose computer (GPC) environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4704", "Certificate Number": "4704", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200 and ION 9000", "Module Type": "Hardware", "Validation Date": "06/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4704.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4704", "module_name": "Palo Alto Networks SD-WAN Instant-On Network (ION) Devices ION 1200 and ION 9000", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/6/2029", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Palo Alto Networks Prisma SD-WAN ION 1200, ION 1200-C-NA, ION 1200-C-ROW, ION 1200-C-5G-WW devices are multi-chip standalone modules that enable integration of heterogeneous WAN links, provide confident integration of the cloud, improve application performance/visibility, and reduce overall cost and complexity of customers WAN. Prisma SD-WAN ION 9000 is a multi-chip standalone module designed for the data center to create a secure SD-WAN fabric across branches and data centers. It is designed to install seamlessly in the data center by peering with adjacent data center devices using traditional, standards-based routing protocols." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4703", "Certificate Number": "4703", "Vendor Name": "Marvell Semiconductor, Inc.", "Module Name": "Marvell LS2 HSM Family", "Module Type": "Hardware", "Validation Date": "06/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4703.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4703", "module_name": "Marvell LS2 HSM Family", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/5/2029", "overall_level": 3, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple firmware components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4702", "Certificate Number": "4702", "Vendor Name": "STMicroelectronics", "Module Name": "Trusted Platform Module ST33KTPM2XSPI / ST33KTPM2XI2C", "Module Type": "Hardware", "Validation Date": "06/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4702.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4702", "module_name": "Trusted Platform Module ST33KTPM2XSPI / ST33KTPM2XI2C", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/3/2029", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The ST33KTPM2XSPI and ST33KTPM2XI2C Trusted Platform Module are fully integrated security modules designed to be integrated into personal computers or any other embedded electronic systems. The security module is used primarily for cryptographic keys generation, keys storage, keys management and secure storage for digital certificates.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4701", "Certificate Number": "4701", "Vendor Name": "Micron Technology, Inc.", "Module Name": "Micron 7400 SSD Controller Sub Chip Security Subsystem", "Module Type": "Hardware", "Validation Date": "06/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4701.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4701", "module_name": "Micron 7400 SSD Controller Sub Chip Security Subsystem", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "6/3/2029", "overall_level": 2, "caveat": "No assurance of the minimum strength of generated SSPs", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Micron 7400 SSD Controller Security Subsystem provides cryptographic functionality to SSD controllers.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4700", "Certificate Number": "4700", "Vendor Name": "Marvell Semiconductor, Inc.", "Module Name": "NITROXIII CNN35XX-NFBE HSM Family", "Module Type": "Hardware", "Validation Date": "05/30/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4700.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4700", "module_name": "NITROXIII CNN35XX-NFBE HSM Family", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/29/2029", "overall_level": 3, "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "The NITROXIII CNN35XX-NFBE HSM Family module by Marvell (formerly Cavium Inc.) is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload. The module’s functions are accessed over the PCIe interface via an API defined by the module." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4699", "Certificate Number": "4699", "Vendor Name": "EF Johnson Technologies", "Module Name": "Kenwood Cryptographic Library", "Module Type": "Software", "Validation Date": "05/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4699.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4699", "module_name": "Kenwood Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/23/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "EF Johnson Kenwood Cryptographic Library (KCL) supports AES, DRBG, HMAC and SHA algorithms for encryption key management and transfer.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4698", "Certificate Number": "4698", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series", "Module Type": "Hardware", "Validation Date": "05/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4698.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4698", "module_name": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "5/20/2029", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS 3072 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4695", "Certificate Number": "4695", "Vendor Name": "A10 Networks, Inc.", "Module Name": "Thunder", "Module Type": "Hardware", "Validation Date": "04/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4695.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4695", "module_name": "Thunder", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Thunder Series is designed to meet the growing demands of Web sites, carriers and enterprises. The Thunder offers intelligent Layer 4-7 application processing capabilities with performance and scalability to meet critical business requirements.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4694", "Certificate Number": "4694", "Vendor Name": "Broadcom Inc.", "Module Name": "VMware's BoringCrypto Module", "Module Type": "Software", "Validation Date": "04/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4694.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4694", "module_name": "VMware's BoringCrypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware’s BoringCrypto Module is a versatile software library that implements and provides FIPS 140-2 Approved cryptographic functionalities to various VMware products and services.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4691", "Certificate Number": "4691", "Vendor Name": "SUSE LLC", "Module Name": "SUSE Rancher Kubernetes Cryptographic Library", "Module Type": "Software", "Validation Date": "04/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4691.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4691", "module_name": "SUSE Rancher Kubernetes Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptography to serve SUSE’s Rancher Kubernetes Engine and its ecosystem of supported cloud-native tools written in the Go programming language.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4690", "Certificate Number": "4690", "Vendor Name": "Eclypses, Inc.", "Module Name": "Eclypses Cryptographic Library", "Module Type": "Software", "Validation Date": "04/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4690.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4690", "module_name": "Eclypses Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/4/2029", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys); No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Eclypses Cryptographic Library is a proprietary, general purpose cryptographic library with an API targeted toward high performance and minimal footprint. It was designed to have no dependencies or interactions with the operating system or any other libraries; the only interactions are to perform cryptographic algorithms when requested by application code. It was designed to support a wide range of operating environments with as much common code as possible.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4689", "Certificate Number": "4689", "Vendor Name": "Pensando Systems, Inc", "Module Name": "Pensando TLS Library", "Module Type": "Software", "Validation Date": "04/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4689.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4689", "module_name": "Pensando TLS Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Pensando TLS Library is a set of standard Transport Layer Security (TLS) functions that are written in the GO programming language. It supports TLS protocol version 1.2 (client and server) and standard cryptographic functions, such as SHA, AES, etc.", "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4688", "Certificate Number": "4688", "Vendor Name": "Microsoft Corporation", "Module Name": "BitLocker Dump Filter", "Module Type": "Software-Hybrid", "Validation Date": "04/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4688.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4688", "module_name": "BitLocker Dump Filter", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with the module Code Integrity under Cert. #4602 operating in FIPS mode or Secure Kernel Code Integrity under Cert. #4640 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash), this filter ensures that all data is encrypted before it gets written to the disk as a dump file.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4687", "Certificate Number": "4687", "Vendor Name": "Microsoft Corporation", "Module Name": "Cryptographic Primitives Library", "Module Type": "Software-Hybrid", "Validation Date": "04/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4687.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4687", "module_name": "Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4670 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4602 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4640 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4686", "Certificate Number": "4686", "Vendor Name": "Microsoft Corporation", "Module Name": "Virtual TPM", "Module Type": "Software-Hybrid", "Validation Date": "04/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4686.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4686", "module_name": "Virtual TPM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with the modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4670 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4602 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4640 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Virtual Trusted Platform Module (Virtual TPM or VTPM) is a dynamically linked library, TPMEngUM.dll, that provides TPM 2.0 cryptographic services to virtual machines that are running in guest partitions on the host Windows operating system.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4685", "Certificate Number": "4685", "Vendor Name": "Honeywell International, Inc.", "Module Name": "Honeywell Mobility EdgeTM BoringCrypto", "Module Type": "Software", "Validation Date": "04/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4685.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4685", "module_name": "Honeywell Mobility EdgeTM BoringCrypto", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Honeywell Mobility Edge BoringSSL cryptographic module is a library that provides FIPS 140-2 approved cryptographic algorithms for the BoringSSL and other user-space Android applications which require cryptographic functionality. The physical cryptographic boundary is Honeywell Android mobile computer on which this module is installed.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4684", "Certificate Number": "4684", "Vendor Name": "Thales", "Module Name": "Thales Luna K7 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "04/02/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4684.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4684", "module_name": "Thales Luna K7 Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "4/1/2029", "overall_level": 3, "caveat": "When operated in approved mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Thales Luna K7 Cryptographic Module is a multi-chip embedded hardware cryptographic module in the form of a PCIe card which typically resides within a custom computing or secure communications appliance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4683", "Certificate Number": "4683", "Vendor Name": "Zebra Technologies Corporation", "Module Name": "Zebra DCS Cryptographic Library", "Module Type": "Firmware", "Validation Date": "03/27/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4683.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4683", "module_name": "Zebra DCS Cryptographic Library", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/26/2029", "overall_level": 1, "caveat": "None", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4681", "Certificate Number": "4681", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series", "Module Type": "Hardware", "Validation Date": "03/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4681.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4681", "module_name": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/24/2029", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung NVMe TCG Opal SSC SEDs BM1733a Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS 3072 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4680", "Certificate Number": "4680", "Vendor Name": "Hypersecu Information Systems Inc.", "Module Name": "Hypersecu HYP2003 MFA Cryptographic Module", "Module Type": "Hardware", "Validation Date": "03/19/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4680.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4680", "module_name": "Hypersecu HYP2003 MFA Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The Module is a single chip embodiment implementing the JavaCard and Global Platform operational environment with a Card Manager, that is also considered an Issuer Security Domain (ISD), and five Applets. The Module meets FIPS 140-2 overall Level 2 requirements." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4679", "Certificate Number": "4679", "Vendor Name": "NXP Semiconductors, Inc.", "Module Name": "JCOP 4.5 on P71D600", "Module Type": "Hardware", "Validation Date": "03/11/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4679.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4679", "module_name": "JCOP 4.5 on P71D600", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "3/10/2029", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The Module, validated to FIPS 140-3 overall Level 3, is a single chip module named P71D600 implementing the GlobalPlatform operational environment (Card Manager (ISD/SSD)) and the applications: NXP IoT applet v7.2.22 and NXP SEMS Lite applet v2.0.2.11." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4678", "Certificate Number": "4678", "Vendor Name": "SafeLogic Inc.", "Module Name": "CryptoComply for .NET", "Module Type": "Software", "Validation Date": "02/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4678.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4678", "module_name": "CryptoComply for .NET", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SafeLogic's CryptoComply for .NET is designed to provide FIPS 140 validated cryptographic functionality and is available for licensing.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4677", "Certificate Number": "4677", "Vendor Name": "DataKrypto US, Inc.", "Module Name": "DataKrypto Fully Homomorphic Encryption Module", "Module Type": "Software", "Validation Date": "02/22/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4677.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4677", "module_name": "DataKrypto Fully Homomorphic Encryption Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The DataKrypto Fully Homomorphic Encryption Module is a cryptographic engine for DataKrypto's Fhenom and Fhenom for Images. Fhenom is a fully homomorphic encryption module. Fhenom for Images is a fully homomorphic image encryption module that allows images to be processed while remaining images. Both products use core cryptographic functions to perform secure key management, data integrity and secure communications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4676", "Certificate Number": "4676", "Vendor Name": "Thales Alenia Space", "Module Name": "Thales Alenia Space Cryptographic Module for Microsemi RTG4 FPGA", "Module Type": "Hardware", "Validation Date": "02/08/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4676.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4676", "module_name": "Thales Alenia Space Cryptographic Module for Microsemi RTG4 FPGA", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/7/2029", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.3 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "This cryptographic module has been developed by Thales Alenia Space and it has been implemented within the Ground Cryptographic Processor (GCP) placed on Earth and within the Volatiles Investigating Polar Exploration Rover (VIPER) transponder unit. The aim of this cryptographic module is to enable the NASA to encrypt communications at the GCP, and decrypt and authenticate them at the transponder unit using AES-GCM. It is able to encrypt/decrypt and authenticate messages from 128 bytes to 1024 bytes of information in 128-bit blocks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4675", "Certificate Number": "4675", "Vendor Name": "ExtraHop Networks, Inc.", "Module Name": "ExtraHop Cryptographic Module", "Module Type": "Software", "Validation Date": "01/30/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4675.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4675", "module_name": "ExtraHop Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "1/29/2029", "overall_level": 1, "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The ExtraHop Cryptographic Module 2.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 2.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4674", "Certificate Number": "4674", "Vendor Name": "Lightware Visual Engineering Plc.", "Module Name": "Lightware Crypto Core", "Module Type": "Software", "Validation Date": "01/26/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4674.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4674", "module_name": "Lightware Crypto Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Lightware Crypto Core is a standards-based cryptographic engine for embedded Linux systems. The module delivers core cryptographic functions to the embedded systems of Taurus product family's hardware devices and features robust algorithm support. Lightware Crypto Core offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4673", "Certificate Number": "4673", "Vendor Name": "Nokia Corporation", "Module Name": "SR-OS Cryptographic Module", "Module Type": "Firmware", "Validation Date": "01/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4673.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4673", "module_name": "SR-OS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and when installed, initialized and configured as specified in Sections 9.1 and 9.2 of the Security Policy.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4672", "Certificate Number": "4672", "Vendor Name": "Nokia Corporation", "Module Name": "7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Control Plane Cryptographic Module (SARCM)", "Module Type": "Software", "Validation Date": "12/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4672.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4672", "module_name": "7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Control Plane Cryptographic Module (SARCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and when installed, initialized and configured as specified in Sections 9.1 and 9.2 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The 7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Control Plane Cryptographic Module (SARCPCM) provides the cryptographic algorithm functions needed to allow SAR-OS to implement cryptography for those services and protocols that require it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4671", "Certificate Number": "4671", "Vendor Name": "Nokia Corporation", "Module Name": "7705 SAR-OS SAR-A/M Cryptographic Module (SARCM)", "Module Type": "Software", "Validation Date": "12/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4671.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4671", "module_name": "7705 SAR-OS SAR-A/M Cryptographic Module (SARCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and when installed, initialized and configured as specified in Sections 9.1 and 9.2 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The 7705 SAR-OS SAR-A/M Cryptographic Module (SARCM) provides the cryptographic algorithm functions needed to allow SAR-OS to implement cryptography for those services and protocols that require it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4670", "Certificate Number": "4670", "Vendor Name": "Microsoft Corporation", "Module Name": "Kernel Mode Cryptographic Primitives Library", "Module Type": "Software-Hybrid", "Validation Date": "12/12/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4670.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4670", "module_name": "Kernel Mode Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4669", "Certificate Number": "4669", "Vendor Name": "Identity Automation", "Module Name": "RapidIdentity FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "12/08/202304/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4669.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4669", "module_name": "RapidIdentity FIPS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The RapidIdentity FIPS Cryptographic Module is a cryptographic engine for Windows, iOS, and Android. The module delivers core cryptographic functions to Identity Automation’s RapidIdentity MFA Server and MFA Mobile app which provide a variety of authentication methods. The RapidIdentity FIPS Cryptographic Module leverages industry leading, FIPS approved cryptographic algorithms provided by the Bouncy Castle FIPS .NET APIs.", "detail_available": true, "algorithms": [ "AES", "DSA", "ECDSA", "EDDSA", "KDF", "RSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4668", "Certificate Number": "4668", "Vendor Name": "Palo Alto Networks, Inc.", "Module Name": "Prisma SD-WAN Controller's Cryptographic Module", "Module Type": "Software", "Validation Date": "12/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4668.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4668", "module_name": "Prisma SD-WAN Controller's Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When operated per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Palo Alto Networks Controller allows operators the ability to manage ION devices to administer security policy rules and provides various application and network analytics.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4667", "Certificate Number": "4667", "Vendor Name": "DataStax, Inc.", "Module Name": "Datastax BoringCrypto Module", "Module Type": "Software", "Validation Date": "11/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4667.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4667", "module_name": "Datastax BoringCrypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Software library for Datastax applications that use BoringSSL and other user-space applications which require cryptographic functionality.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4666", "Certificate Number": "4666", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "11/29/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4666.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4666", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4665", "Certificate Number": "4665", "Vendor Name": "Infinera Corporation", "Module Name": "Infinera Groove G30 DCI Platform", "Module Type": "Hardware", "Validation Date": "11/28/202311/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4665.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4665", "module_name": "Infinera Groove G30 DCI Platform", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals installed as indicated in the security policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Infinera Groove G30 DCI Platform is an innovative stackable transport solution for cloud and data center networks that delivers 4.8 terabits of capacity throughput in a compact 1RU form factor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4661", "Certificate Number": "4661", "Vendor Name": "Juniper Networks, Inc", "Module Name": "Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches", "Module Type": "Hardware", "Validation Date": "11/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4661.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4661", "module_name": "Juniper Networks EX4650, QFX5120 and QFX5210 Ethernet Switches", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks QFX series switches are high performance, high density data center switches. The QFX switches provide high performance, wire speed switching with low latency and jitter. The QFX series switches provide the universal building blocks for multiple data center fabric architectures.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4659", "Certificate Number": "4659", "Vendor Name": "Altus, Inc.", "Module Name": "ClioConnect Cryptographic Module", "Module Type": "Software", "Validation Date": "11/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4659.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4659", "module_name": "ClioConnect Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "ClioConnect Cryptographic Module is a standards-based cryptographic engine for communication between servers and IoT medical carts. The module delivers core cryptographic functions to IoT-enabled medical carts and features robust algorithm support. ClioConnect Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation. The module ensures secured data transfer using an encrypted protocol between carts, workstations, and web servers.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4657", "Certificate Number": "4657", "Vendor Name": "Quantum Corporation", "Module Name": "Quantum Cryptographic Module", "Module Type": "Software", "Validation Date": "11/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4657.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4657", "module_name": "Quantum Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Quantum Cryptographic Module is a standards-based cryptographic engine used for both data in flight encryption and data at rest encryption. These secure communications and storage mechanisms form a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4656", "Certificate Number": "4656", "Vendor Name": "Cohesity, Inc.", "Module Name": "Cohesity FIPS Object Module", "Module Type": "Software", "Validation Date": "11/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4656.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4656", "module_name": "Cohesity FIPS Object Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cohesity FIPS Object Module provides FIPS 140-2 validated cryptographic functionality for Cohesity products and services.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4654", "Certificate Number": "4654", "Vendor Name": "Ciena Corporation", "Module Name": "Ciena 3926 Platform", "Module Type": "Hardware", "Validation Date": "11/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4654.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4654", "module_name": "Ciena 3926 Platform", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When operated as per the Security Policy. No assurance of minimum security of keys and bit strings that are externally loaded, or of keys and CSPs established with externally loaded bit strings", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Product is Ciena SAOS 3926 Service Access and Aggregation Platform. It uses MACSec for traffic encryption/decryption. It provides routing/switching functionalities for various use cases including enterprise, mobility, and converged network architectures. With Ethernet, MPLS, IP, and SR capabilities, the product supports emerging networks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4653", "Certificate Number": "4653", "Vendor Name": "Juniper Networks Inc.", "Module Name": "Juniper FIPS Provider", "Module Type": "Software", "Validation Date": "11/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4653.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4653", "module_name": "Juniper FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4652", "Certificate Number": "4652", "Vendor Name": "Google, LLC", "Module Name": "Cr50 U2F Cryptographic Library", "Module Type": "Firmware-Hybrid", "Validation Date": "11/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4652.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4652", "module_name": "Cr50 U2F Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "The Cr50 U2F Cryptographic Library is a firmware-hybrid module residing in the Google, LLC Google Security Chips (GSC) chip. The module is responsible for low-level cryptographic primitives on Google Security Chips (GSC) used in recent versions of Google Chromebooks, and includes functionality for key generation, signature generation, random bit generation, keyed-hashing and signature verification operations in support of U2F-related requests in the Cr50 Chrome OS.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4650", "Certificate Number": "4650", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip", "Module Type": "Hardware", "Validation Date": "11/01/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4650.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4650", "module_name": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/31/2028", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "KIOXIA FIPS TC58NC1132GTC Crypto Sub-Chip is used for solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4649", "Certificate Number": "4649", "Vendor Name": "Maxar Technologies", "Module Name": "Maxar AEDS", "Module Type": "Hardware", "Validation Date": "10/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4649.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4649", "module_name": "Maxar AEDS", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals are installed as indicated in the Security Policy. This module contains the embedded module NPCT6XX TPM 2.0 validated to FIPS 140-2 under Cert. #2627 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Maxar AEDS is a network based ground to spacecraft AES GCM & CTR mode encryption/decryption appliance hosted on a 1U network security server. It can support multiple channels simultaneously on up to 6 different subnets with speeds over 75 Mbit/s. There is a web based Crypto Operator interface for easy set-up and configuration. The User interfaces are TCP/IP socket based and follow a straightforward ICD. Both are protected with TLS 1.2.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4648", "Certificate Number": "4648", "Vendor Name": "Intel Corporation", "Module Name": "Cryptographic Module for Intel® Platforms' Security Engine Chipset", "Module Type": "Firmware-Hybrid", "Validation Date": "10/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4648.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4648", "module_name": "Cryptographic Module for Intel® Platforms' Security Engine Chipset", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 2.3 and 9.1 for of the Security Policy. When entropy is externally loaded, no assurance of the minimum strength of generated keys", "module_type": "Firmware-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Module for Intel® CSE is a hardware-firmware hybrid module present on Intel® PCH platforms. The module performs crypto functions for CSE applications, including but are not limited to: PTT (Platform Trust Technology), AMT (Active Management Technology), and DAL (Dynamic Application Loader).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4647", "Certificate Number": "4647", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "10/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4647.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4647", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4643", "Certificate Number": "4643", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco ASR 1000 Series Routers without MACSEC", "Module Type": "Hardware", "Validation Date": "10/25/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4643.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4643", "module_name": "Cisco ASR 1000 Series Routers without MACSEC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco ASR 1000 Series Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services; reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4642", "Certificate Number": "4642", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "10/25/202308/20/202407/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4642.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4642", "module_name": "Red Hat Enterprise Linux 8 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4641", "Certificate Number": "4641", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWall Network Security Manager Appliance", "Module Type": "Firmware", "Validation Date": "10/25/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4641.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4641", "module_name": "SonicWall Network Security Manager Appliance", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The SonicWall Network Security Manager helps in the deployment and management of all your firewalls, connected switches and access points, all in one easy-to-use interface.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4640", "Certificate Number": "4640", "Vendor Name": "Microsoft Corporation", "Module Name": "Secure Kernel Code Integrity", "Module Type": "Software", "Validation Date": "10/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4640.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4640", "module_name": "Secure Kernel Code Integrity", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed.", "detail_available": true, "algorithms": [ "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4638", "Certificate Number": "4638", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco ISR 1000 Series Routers without MACSEC", "Module Type": "Hardware", "Validation Date": "10/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4638.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4638", "module_name": "Cisco ISR 1000 Series Routers without MACSEC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/12/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 9 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco Integrated Services Router (ISR) 1000 Series provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4636", "Certificate Number": "4636", "Vendor Name": "Ribbon Communications, Inc.", "Module Name": "SBC 5400 Session Border Controller", "Module Type": "Hardware", "Validation Date": "10/12/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4636.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4636", "module_name": "SBC 5400 Session Border Controller", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/6/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3.1 of the Security Policy. When FIPS Kit 550-06508 is installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SBC 5400 Session Border Controller is a high-performance aircooled, 2U, IP encryption appliance that provides secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing, and policy management.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4635", "Certificate Number": "4635", "Vendor Name": "Avaya, Inc.", "Module Name": "Avaya G450/G430 FIPS 140-2 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/11/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4635.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4635", "module_name": "Avaya G450/G430 FIPS 140-2 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 1.8 of the Security Policy. When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The G450 and G430 Media Gateways are complete branch office business communications systems that integrate TDM and VoIP telephony. Ideally suited for branch office locations of up to 450 extensions, the G450 and G430 replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631", "Certificate Number": "4631", "Vendor Name": "Amazon Web Services Inc.", "Module Name": "AWS-LC Cryptographic Module", "Module Type": "Software", "Validation Date": "10/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4631.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631", "module_name": "AWS-LC Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/5/2028", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4626", "Certificate Number": "4626", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor", "Module Type": "Firmware-hybrid", "Validation Date": "10/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4626.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4626", "module_name": "AMD Ryzen PRO 6000 Series PSP Cryptographic CoProcessor", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "10/3/2028", "overall_level": 1, "caveat": "When operated in approved mode and when installed, initialized and configured as specified in Section 12.1.1 of the Security Policy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The AMD PSP Cryptographic CoProcessor provides cryptographic algorithm support for the Ryzen PRO 6000 Series processor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4625", "Certificate Number": "4625", "Vendor Name": "Juniper Networks, Inc", "Module Name": "Juniper Networks SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 Services Gateway", "Module Type": "Hardware", "Validation Date": "10/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4625.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4625", "module_name": "Juniper Networks SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 Services Gateway", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 5 of the Security Policy. The JNPR-FIPS-TAMPER-LBLS tamper evident seals installed as indicated in Section 5 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks SRX Series Services Gateways are a series of secure routers that provide essential capabilities to connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4622", "Certificate Number": "4622", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "NPCT7xx TPM 2.0 rev 1.38", "Module Type": "Hardware", "Validation Date": "10/02/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4622.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4622", "module_name": "NPCT7xx TPM 2.0 rev 1.38", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 2, "caveat": "When installed, initialized, and configured as specified in the Security Policy Section 9.2 and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton NPCT7xx TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4621", "Certificate Number": "4621", "Vendor Name": "Axis Communications AB", "Module Name": "Axis Cryptographic Module", "Module Type": "Software", "Validation Date": "10/02/202308/15/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4621.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4621", "module_name": "Axis Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Axis cryptographic module based on OpenSSL is a general-purpose cryptographic library that provides FIPS 140-2 approved cryptographic algorithms serving secure communication for Axis network products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4620", "Certificate Number": "4620", "Vendor Name": "Xage Security, Inc.", "Module Name": "Xage Cryptographic Module for OpenSSL", "Module Type": "Software", "Validation Date": "09/29/202310/31/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4620.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4620", "module_name": "Xage Cryptographic Module for OpenSSL", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Xage Cryptographic Module for OpenSSL is a standards-based FIPS 140-2 approved cryptographic library for Xage Fabric. The module delivers core cryptographic functions to the Xage Fabric platform and features robust algorithm support. The Xage Fabric delivers comprehensive security for real-world operations. It protects every element, new or legacy, secures every interaction, local or remote, and enables zero trust data exchange for OT, IT and Cloud." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4619", "Certificate Number": "4619", "Vendor Name": "BAE Systems Information and Electronics Systems Integration, Inc.", "Module Name": "OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "09/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4619.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4619", "module_name": "OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4618", "Certificate Number": "4618", "Vendor Name": "IBM Corporation", "Module Name": "IBM® z/OS® Version 2 Release 4 System SSL Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "09/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4618.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4618", "module_name": "IBM® z/OS® Version 2 Release 4 System SSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 and IBM(R) z/OS(R) Version 2 Release 4 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #3924 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4617", "Certificate Number": "4617", "Vendor Name": "Aruba, a Hewlett Packard Enterprise Company", "Module Name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Ubuntu Linux", "Module Type": "Software", "Validation Date": "09/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4617.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4617", "module_name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Ubuntu Linux", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/11/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4613", "Certificate Number": "4613", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-5001E1 Blade with FortiGate-5144C Chassis", "Module Type": "Hardware", "Validation Date": "09/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4613.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4613", "module_name": "FortiGate-5001E1 Blade with FortiGate-5144C Chassis", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/12/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-5001E1 is an ATCA, blade based, multiple chip, standalone cryptographic module consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4612", "Certificate Number": "4612", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-600D/1200D/1500D/3000D/3700D and FortiGate-5001D with FortiGate-5144C Chassis", "Module Type": "Hardware", "Validation Date": "09/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4612.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4612", "module_name": "FortiGate-600D/1200D/1500D/3000D/3700D and FortiGate-5001D with FortiGate-5144C Chassis", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals and entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-600D/1200D/1500D/3000D/3700D and FortiGate-5001D with FortiGate-5144C Chassis are multiple chip standalone cryptographic modules consisting of production grade components, contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4611", "Certificate Number": "4611", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-61E/61F/81E/101E/101F and FortiWiFi-61E", "Module Type": "Hardware", "Validation Date": "09/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4611.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4611", "module_name": "FortiGate-61E/61F/81E/101E/101F and FortiWiFi-61E", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-61E/61F/81E/101E/101F and FortiWiFi-61E are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4610", "Certificate Number": "4610", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-3401E/3601E/3960E/3980E", "Module Type": "Hardware", "Validation Date": "09/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4610.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4610", "module_name": "FortiGate-3401E/3601E/3960E/3980E", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-3401E, 3601E, 3960E and 3980E are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4609", "Certificate Number": "4609", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-201E/301E/401E/501E/601E", "Module Type": "Hardware", "Validation Date": "09/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4609.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4609", "module_name": "FortiGate-201E/301E/401E/501E/601E", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/16/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-201E/301E/401E/501E/601E are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4608", "Certificate Number": "4608", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-6300F/6301F/6500F/6501F", "Module Type": "Hardware", "Validation Date": "09/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4608.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4608", "module_name": "FortiGate-6300F/6301F/6500F/6501F", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/1/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals and entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-6300F/6301F/6500F/6501F are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4607", "Certificate Number": "4607", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-VM", "Module Type": "Software", "Validation Date": "09/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4607.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4607", "module_name": "FortiGate-VM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy and with the entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-VM is a software module designed to execute on a General Purpose Computer (GPC) hardware platform running the VMware hypervisor. The module provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering, traffic shaping, and HA capabilities.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4605", "Certificate Number": "4605", "Vendor Name": "LiveAction, Inc.", "Module Name": "LiveAction Cryptographic Module", "Module Type": "Software", "Validation Date": "09/25/202306/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4605.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4605", "module_name": "LiveAction Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "LiveAction Cryptographic Module is a standards-based cryptographic engine used by LiveAction's LiveWire and LiveNX. The module delivers core cryptographic functions to LiveAction platforms and features robust algorithm support, including Suite B algorithms.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4603", "Certificate Number": "4603", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "Nuvoton Cryptographic Library 2.0", "Module Type": "Hardware", "Validation Date": "09/21/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4603.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4603", "module_name": "Nuvoton Cryptographic Library 2.0", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "9/20/2028", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton Cryptographic Library implementation providing cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4602", "Certificate Number": "4602", "Vendor Name": "Microsoft Corporation", "Module Name": "Code Integrity", "Module Type": "Software", "Validation Date": "09/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4602.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4602", "module_name": "Code Integrity", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.", "detail_available": true, "algorithms": [ "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4592", "Certificate Number": "4592", "Vendor Name": "Arista Networks, Inc.", "Module Name": "Arista EOS Crypto Module", "Module Type": "Software", "Validation Date": "09/12/202309/27/202312/05/202306/27/202403/05/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4592.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4592", "module_name": "Arista EOS Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Arista's crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.", "detail_available": true, "algorithms": [ "AES", "DES", "DSA", "HMAC", "KDF", "RSA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4591", "Certificate Number": "4591", "Vendor Name": "IBM Corporation", "Module Name": "IBM® z/OS® Version 2 Release 4 ICSF PKCS #11 Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "09/11/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4591.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4591", "module_name": "IBM® z/OS® Version 2 Release 4 ICSF PKCS #11 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/9/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 4 Security Server RACF(R) Signature Verification Module validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4587", "Certificate Number": "4587", "Vendor Name": "Barracuda Networks", "Module Name": "Barracuda OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "09/06/202310/10/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4587.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4587", "module_name": "Barracuda OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed. The logical cryptographic boundary of the Module is the FIPS Provider, a dynamically loadable library. The Module performs no communication other than with the calling application via APIs that invoke the Module." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4581", "Certificate Number": "4581", "Vendor Name": "Hughes Network Systems, LLC", "Module Name": "HT Satellite Terminals", "Module Type": "Hardware", "Validation Date": "09/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4581.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4581", "module_name": "HT Satellite Terminals", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 3.1 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Hughes JUPITER System is a broadband satellite system designed to support high-throughput satellite communications. It consists of VSAT satellite terminals, single rack or multi rack JUPITER GWs and the capabilities to manage these devices over the network. The Hughes Terminals is the indoor unit (IU), which connects the client workstation to the outdoor unit (ODU) over an inter-facility link (IFL).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4580", "Certificate Number": "4580", "Vendor Name": "Hughes Network Systems, LLC", "Module Name": "HT Satellite Terminal", "Module Type": "Hardware", "Validation Date": "09/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4580.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4580", "module_name": "HT Satellite Terminal", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 3.1 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Hughes JUPITER System is a broadband satellite system designed to support high-throughput satellite communications. It consists of VSAT satellite terminals, single rack or multi rack JUPITER GWs and the capabilities to manage these devices over the network. The Hughes Terminals is the indoor unit (IU), which connects the client workstation to the outdoor unit (ODU) over an inter-facility link (IFL).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4569", "Certificate Number": "4569", "Vendor Name": "CommScope Technologies LLC", "Module Name": "Ruckus Networks SmartZone 144 (SZ-144) and SmartZone 300 (SZ-300) WLAN Controllers", "Module Type": "Hardware", "Validation Date": "08/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4569.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4569", "module_name": "Ruckus Networks SmartZone 144 (SZ-144) and SmartZone 300 (SZ-300) WLAN Controllers", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When initialized and configured as specified in Section 9 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Ruckus SmartZone is an industry leading controller that supports comprehensive management functionality, high performance operation and flexibility to address many different implementation scenarios. Its unique architecture allows the controller to actively manage APs and switches in the network, providing enhanced resiliency and visibility.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4568", "Certificate Number": "4568", "Vendor Name": "CommScope Technologies LLC", "Module Name": "Ruckus Networks Virtual SmartZone (vSZ)", "Module Type": "Software", "Validation Date": "08/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4568.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4568", "module_name": "Ruckus Networks Virtual SmartZone (vSZ)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When initialized and configured as specified in Section 8 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ruckus Virtual SmartZone (vSZ) is a Network Function Virtualization (NFV) based and cloud-ready controller for service providers and enterprises ready to elevate their wired and wireless infrastructure deployment to the next level of flexibility, resiliency, and scale.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4567", "Certificate Number": "4567", "Vendor Name": "CommScope Technologies LLC", "Module Name": "Ruckus Networks Virtual SmartZone - Data Plane (vSZ-D)", "Module Type": "Software", "Validation Date": "08/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4567.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4567", "module_name": "Ruckus Networks Virtual SmartZone - Data Plane (vSZ-D)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When initialized and configured as specified in Section 8 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ruckus Virtual SmartZone-Dataplane (vSZ-D) offers organizations more flexibility in deploying the dataplane as needed in a Network Function Virtualization (NFV) architecture aligned fashion. It offers secure tunneling of user data traffic that encrypts payload traffic, maintains flat network topology, enables mobility across L2 subnets, and offers differentiated per site policy control and QoS amongst others.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4560", "Certificate Number": "4560", "Vendor Name": "KoolSpan, Inc", "Module Name": "KoolSpan Cryptographic Module", "Module Type": "Software", "Validation Date": "08/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4560.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4560", "module_name": "KoolSpan Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "KoolSpan Cryptographic Module is a standards-based cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile device platforms and features robust algorithm support. The module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4558", "Certificate Number": "4558", "Vendor Name": "IBM", "Module Name": "IBM 4770-001 Enterprise PKCS#11 HSM Cryptographic Coprocessor Security Module", "Module Type": "Hardware", "Validation Date": "08/18/202303/07/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4558.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4558", "module_name": "IBM 4770-001 Enterprise PKCS#11 HSM Cryptographic Coprocessor Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 4, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The IBM 4770-001 Enterprise PKCS#11 Hardware Security Module is in the form or a PCIe card that executes IBM Enterprise PKCS#11 firmware within a secured tamper responding hardware boundary.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4557", "Certificate Number": "4557", "Vendor Name": "HCL America, Inc.", "Module Name": "BigFix Cryptographic Module", "Module Type": "Software", "Validation Date": "08/10/202312/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4557.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4557", "module_name": "BigFix Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "BigFix product uses the BigFix Cryptographic Module to perform cryptographic functions throughout its environment. The BigFix Cryptographic Module is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions. The BigFix Cryptographic Module uses OpenSSL 3.0 FIPS Module that has been certified as compliant with the FIPS (Federal Information Processing Standard) 140-2 standard." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4555", "Certificate Number": "4555", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD Ryzen PRO 5000 Series PSP Cryptographic CoProcessor (models 5475U, 5675U, 5875U)", "Module Type": "Firmware-hybrid", "Validation Date": "07/31/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4555.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4555", "module_name": "AMD Ryzen PRO 5000 Series PSP Cryptographic CoProcessor (models 5475U, 5675U, 5875U)", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "7/30/2028", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The module is present in these Models (OPNs): PRO 5475U (100-000000587), PRO 5675U (100-000000584), PRO 5875U (100-000000581), PRO 7730U(100-000000948), PRO 7530U(100-000000949), PRO 7330U(100-000000950)", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4554", "Certificate Number": "4554", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Catalyst 9800-CL Wireless Controller", "Module Type": "Software", "Validation Date": "07/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4554.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4554", "module_name": "Cisco Catalyst 9800-CL Wireless Controller", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed as specified in Section 11 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco Series Wireless Controllers, are a highly scalable and flexible platform that enables system-wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4553", "Certificate Number": "4553", "Vendor Name": "IBM", "Module Name": "IBM 4769-001 Enterprise PKCS#11 HSM Cryptographic Coprocessor Security Module", "Module Type": "Hardware", "Validation Date": "07/27/202301/13/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4553.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4553", "module_name": "IBM 4769-001 Enterprise PKCS#11 HSM Cryptographic Coprocessor Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 4, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The IBM 4769-001 Enterprise PKCS#11 Hardware Security Module is in the form or a PCIe card that executes IBM Enterprise PKCS#11 firmware within a secured tamper responding hardware boundary.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4552", "Certificate Number": "4552", "Vendor Name": "Nokia Corporation", "Module Name": "Nokia 1830 Photonic Service Switch (PSS)", "Module Type": "Hardware", "Validation Date": "07/19/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4552.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4552", "module_name": "Nokia 1830 Photonic Service Switch (PSS)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy. When operated with modules as part of Nokia 1830 Photonic Service Switch (PSS) validated to FIPS 140-2 under the same certificate number.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The 1830 PSS is a scalable, next-generation Dense Wave Division Multipexer (DWDM) platform that supports data center aggregation for Ethernet, Fiber Channel (FC) and other protocols. Multiprotocol services can then be dynamically and flexibly transported over metro and long-haul spans, using Tunable and Reconfigurable Optical Add-Drop Multiplexers (T-ROADMs) for optical wavelengths. The 1830 PSS enables transparent L2 Ethernet or FC and L3 IP services over the optical link.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4551", "Certificate Number": "4551", "Vendor Name": "SecureAge Technology", "Module Name": "SecureData Engine", "Module Type": "Software", "Validation Date": "07/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4551.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4551", "module_name": "SecureData Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3196 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #3195 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The SecureData Engine provides transparent and automatic file and folder data encryption of individual files at their inception and without user deliberation, action, or even awareness. Inherent and Invisible PKI encryption ensures the confidentiality of the data at rest whether leaked, lost, or stolen.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4549", "Certificate Number": "4549", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Catalyst Embedded Wireless Controller on C9100 Series Access Points", "Module Type": "Hardware", "Validation Date": "07/11/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4549.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4549", "module_name": "Cisco Catalyst Embedded Wireless Controller on C9100 Series Access Points", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in the Section 3 of Security Policy. When operated in FIPS mode. The tamper evident seals installed as indicated in the Security Policy. This module contains the embedded module ACT2Lite validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco Catalyst Embedded Wireless Controller on C9100 Series Access Points is the next-generation Wi-Fi solution, combining the most advanced controller - the Cisco Catalyst 9800 Series Wireless Controllers - with the latest Wi-Fi 6 access points - the Cisco Catalyst 9100 Access Points - creating a best-in-class wireless experience for your evolving and growing organization.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4547", "Certificate Number": "4547", "Vendor Name": "Silver Peak Systems, Inc.", "Module Name": "Silver Peak EdgeConnect", "Module Type": "Firmware", "Validation Date": "07/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4547.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4547", "module_name": "Silver Peak EdgeConnect", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "Unity EdgeConnect appliances deliver predictable application performance and high availability over any combination of transport services. Orchestrated, application-driven security policies enable direct internet breakout for trusted SaaS, web, and applications, and secure connection to cloud hosted security services. EdgeConnect reduces complexity by enabling a single element, simplified \"thin branch\".", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4546", "Certificate Number": "4546", "Vendor Name": "Microsoft Corporation", "Module Name": "Boot Manager", "Module Type": "Software-Hybrid", "Validation Date": "06/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4546.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4546", "module_name": "Boot Manager", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4545", "Certificate Number": "4545", "Vendor Name": "Microsoft Corporation", "Module Name": "Windows OS Loader", "Module Type": "Software-Hybrid", "Validation Date": "06/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4545.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4545", "module_name": "Windows OS Loader", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Boot Manager validated to FIPS 140-2 under Cert. #4484 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files.", "detail_available": true, "algorithms": [ "AES", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4543", "Certificate Number": "4543", "Vendor Name": "Aruba, a Hewlett Packard Enterprise company", "Module Name": "Aruba IAP-315, IAP-345, IAP-377, IAP-503H, IAP-505H, IAP-504, IAP-505, IAP-514, IAP-515, IAP-534, IAP-535, IAP-555, IAP-635, and IAP-655 Wireless Access Points", "Module Type": "Hardware", "Validation Date": "06/29/202309/14/202306/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4543.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4543", "module_name": "Aruba IAP-315, IAP-345, IAP-377, IAP-503H, IAP-505H, IAP-504, IAP-505, IAP-514, IAP-515, IAP-534, IAP-535, IAP-555, IAP-635, and IAP-655 Wireless Access Points", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 13 of the Security Policy. The tamper evident labels installed as indicated in the security policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Aruba's Wi-Fi Instant Access Points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba IAPs support the IEEE 802.11i/WPA2 client standard. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies. The built-in GUI provides access to live monitoring and traffic visibility, while network configuration provides full customization of SSIDs, roles, guest access, and more." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4541", "Certificate Number": "4541", "Vendor Name": "HPE Aruba Networking", "Module Name": "HPE Aruba Networking EdgeConnect SD-WAN Cryptographic Library", "Module Type": "Software", "Validation Date": "06/22/202310/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4541.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4541", "module_name": "HPE Aruba Networking EdgeConnect SD-WAN Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "EdgeConnect appliances deliver predictable application performance and high availability over any combination of transport services. Orchestrated, application-driven security policies enable direct internet breakout for trusted SaaS, web, and applications, and secure connection to cloud hosted security services.", "detail_available": true, "algorithms": [ "AES", "DES", "DSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4538", "Certificate Number": "4538", "Vendor Name": "Microsoft Corporation", "Module Name": "BitLocker Dump Filter", "Module Type": "Software", "Validation Date": "06/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4538.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4538", "module_name": "BitLocker Dump Filter", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with the module Code Integrity under Cert. #4511 operating in FIPS mode or Secure Kernel Code Integrity under Cert. #4512 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4537", "Certificate Number": "4537", "Vendor Name": "Microsoft Corporation", "Module Name": "Virtual TPM", "Module Type": "Software", "Validation Date": "06/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4537", "module_name": "Virtual TPM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with the modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4515 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4511 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4512 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Virtual Trusted Platform Module (Virtual TPM or VTPM) is a dynamically linked library, TPMEngUM.dll, that provides TPM 2.0 cryptographic services to virtual machines that are running in guest partitions on the host Windows operating system.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4536", "Certificate Number": "4536", "Vendor Name": "Microsoft Corporation", "Module Name": "Cryptographic Primitives Library", "Module Type": "Software", "Validation Date": "06/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4536.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4536", "module_name": "Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #4515 operating in FIPS mode and Code Integrity validated to FIPS 140-2 under Cert. #4511 operating in FIPS mode or Secure Kernel Code Integrity validated to FIPS 140-2 under Cert. #4512 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4535", "Certificate Number": "4535", "Vendor Name": "Infoblox", "Module Name": "Infoblox Trinzic Virtual Appliances", "Module Type": "Software", "Validation Date": "06/15/202309/11/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4535.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4535", "module_name": "Infoblox Trinzic Virtual Appliances", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Infoblox Trinzic Virtual Appliances enable customers to deploy large, robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed delivery of core network services (including DNS, DHCP, IPAM, TFTP, and FTP) with the nonstop availability and real-time service management required for today's 24x7 advanced IP networks and applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4534", "Certificate Number": "4534", "Vendor Name": "Kasten, Inc.", "Module Name": "Kasten BoringCrypto", "Module Type": "Software", "Validation Date": "06/13/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4534.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4534", "module_name": "Kasten BoringCrypto", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4532", "Certificate Number": "4532", "Vendor Name": "Oracle Communications", "Module Name": "Acme Packet 1100, Acme Packet 3900, Acme Packet 3950 and Acme Packet 4900", "Module Type": "Hardware", "Validation Date": "06/12/202301/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4532.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4532", "module_name": "Acme Packet 1100, Acme Packet 3900, Acme Packet 3950 and Acme Packet 4900", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in the Security Policy Section 10.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Acme Packet 1100, Acme Packet 3900, Acme Packet 3950 and Acme Packet 4900 appliances are specifically designed to meet the unique price performance and manageability requirements of the small to medium sized enterprise and remote office/ branch office. Ideal for small site border control and Session Initiation Protocol (SIP) trunking service termination applications, the Acme Packet 1100, Acme Packet 3900, Acme Packet 3950 and Acme Packet 4900 appliances deliver Oracle’s industry leading ESBC capabilities in a small form factor appliance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4531", "Certificate Number": "4531", "Vendor Name": "Infoblox", "Module Name": "Infoblox Trinzic HW Appliances", "Module Type": "Hardware", "Validation Date": "06/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4531.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4531", "module_name": "Infoblox Trinzic HW Appliances", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The tamper evident seals installed as indicated in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Infoblox Trinzic Appliances enable customers to deploy large, robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed delivery of core network services (including DNS, DHCP, IPAM, TFTP, and FTP) with the nonstop availability and real-time service management required for today's 24x7 advanced IP networks and applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4530", "Certificate Number": "4530", "Vendor Name": "IBM Corporation", "Module Name": "IBM® z/VM® Version 7 Release 2 System SSL Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "06/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4530.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4530", "module_name": "IBM® z/VM® Version 7 Release 2 System SSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/10/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4529", "Certificate Number": "4529", "Vendor Name": "Apricorn", "Module Name": "Aegis Fortress L3 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "06/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4529.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4529", "module_name": "Aegis Fortress L3 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/28/2026", "overall_level": 3, "caveat": "When configured as specified in Section 11.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Aegis Fortress L3 is a FIPS 140-2 Level 3 validated hardware encrypted USB 3.1 external storage drive. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all CSPs (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including forced enrollment, programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4528", "Certificate Number": "4528", "Vendor Name": "Apricorn", "Module Name": "Apricorn FIPS 140-2 Encryption System Gen 2", "Module Type": "Hardware", "Validation Date": "06/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4528.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4528", "module_name": "Apricorn FIPS 140-2 Encryption System Gen 2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/6/2026", "overall_level": 2, "caveat": "When configured as specified in Section 11.1 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The AFESG2 is a FIPS 140-2 Level 2 validated complete encryption system. Its software-free design allows interface to any host that supports USB and mass storage. All CSPs (PINs, encryption keys, etc.) are protected and never leave the module boundary for improved security. The device supports 1 Admin, 4 Users and offers a variety of features including forced enrollment, programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read-only modes, and is compatible with Apricorn’s Aegis Configurator. The AFESG2 is used in the Aegis Fortress, Padlock DT FIPS and Padlock SSD.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4524", "Certificate Number": "4524", "Vendor Name": "Lantronix, Inc.", "Module Name": "Uplogix LM80, LM83X, 500, and 5000", "Module Type": "Hardware", "Validation Date": "05/24/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4524.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4524", "module_name": "Uplogix LM80, LM83X, 500, and 5000", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4523", "Certificate Number": "4523", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS Key Management Service HSM", "Module Type": "Hardware", "Validation Date": "05/19/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4523.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4523", "module_name": "AWS Key Management Service HSM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4522", "Certificate Number": "4522", "Vendor Name": "Inseego Corp.", "Module Name": "Inseego 5G Cryptographic Module", "Module Type": "Software", "Validation Date": "05/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4522.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4522", "module_name": "Inseego 5G Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Inseego 5G Cryptographic Module is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support. Inseego 5G Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4521", "Certificate Number": "4521", "Vendor Name": "Google, LLC", "Module Name": "Look-aside Cryptography and Compression Engine (LCE)", "Module Type": "Hardware", "Validation Date": "05/16/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4521.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4521", "module_name": "Look-aside Cryptography and Compression Engine (LCE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module [Google Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module] validated to FIPS 140-2 under Cert. #4400 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Look-aside Cryptography and Compression Engine (LCE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides lookaside cryptography services including bulk encryption, cryptographic hashing, Integrity Checksum Value (ICV) verification, and compression services. The module also supports operation chaining including cryptographic and pipeline compressing/decompressing and verification as well as standalone or combined DMA data (payload) transfers between nodes.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4518", "Certificate Number": "4518", "Vendor Name": "Fungible, Inc.", "Module Name": "Secure Boot Processor (SBP) Crypto Engine", "Module Type": "Hardware", "Validation Date": "05/10/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4518.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4518", "module_name": "Secure Boot Processor (SBP) Crypto Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Secure Boot Processor operates a secure enclave within the Fungible DPU, and implements a hardware rooted chain of trust for authenticating all software, firmware and configuration files used in the DPU. The SBP also manages a number of asymmetric key cryptography accelerators within the enclave, and implements APIs for invoking these accelerators. The APIs are used by the DPU operating system (FunOS) modules to offload public key cryptography operations.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4517", "Certificate Number": "4517", "Vendor Name": "Thales", "Module Name": "IDPrime 3930 FIDO", "Module Type": "Hardware", "Validation Date": "05/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4517.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4517", "module_name": "IDPrime 3930 FIDO", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Single Chip", "description": "IDPrime 3930 FIDO is a dual interface smartcard combining Minidriver enabled PKI application, offering all the necessary services (with either RSA up to 4096 key length or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure, with FIDO2 application (CTAP2) offering passwordless access for cloud apps, network domains and all Azure AD-connected apps and services", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4516", "Certificate Number": "4516", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco ASR 9000 Aggregated Services Routers", "Module Type": "Hardware", "Validation Date": "05/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4516.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4516", "module_name": "Cisco ASR 9000 Aggregated Services Routers", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. This module contains the embedded module ACT2Lite validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco ASR 9000 Aggregated Services Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services; reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating env", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4515", "Certificate Number": "4515", "Vendor Name": "Microsoft Corporation", "Module Name": "Kernel Mode Cryptographic Primitives Library", "Module Type": "Software", "Validation Date": "05/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4515.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4515", "module_name": "Kernel Mode Cryptographic Primitives Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode, Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode, or TCB Launcher validated to FIPS 140-2 under Cert. #4457 operating in FIPS mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4513", "Certificate Number": "4513", "Vendor Name": "SonicWall", "Module Name": "SonicWall Capture Security Appliance (CSa) 1000", "Module Type": "Hardware", "Validation Date": "05/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4513.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4513", "module_name": "SonicWall Capture Security Appliance (CSa) 1000", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection™ (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4512", "Certificate Number": "4512", "Vendor Name": "Microsoft Corporation", "Module Name": "Secure Kernel Code Integrity", "Module Type": "Software", "Validation Date": "05/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4512.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4512", "module_name": "Secure Kernel Code Integrity", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode, Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode, or TCB Launcher validated to FIPS 140-2 under Cert. #4457 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4511", "Certificate Number": "4511", "Vendor Name": "Microsoft Corporation", "Module Name": "Code Integrity", "Module Type": "Software", "Validation Date": "05/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4511.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4511", "module_name": "Code Integrity", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode, Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode, or TCB Launcher validated to FIPS 140-2 under Cert. #4457 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4509", "Certificate Number": "4509", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "05/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4509.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4509", "module_name": "Juniper OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper OpenSSL Cryptographic Module is a set of software libraries implementing the Transport Layer Security (TLS) protocol v1.0, v1.1 and v1.2 and Datagram Transport Layer Security (DTLS) protocol v1.0 and v1.2, as well as general purpose cryptographic algorithms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4507", "Certificate Number": "4507", "Vendor Name": "Oracle Communications", "Module Name": "Acme Packet VME", "Module Type": "Software", "Validation Date": "05/04/202301/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4507.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4507", "module_name": "Acme Packet VME", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in the Security Policy Section 9.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Acme Packet VME appliance are specifically designed to meet the unique price performance and manageability requirements of the small to medium sized enterprise and remote office/ branch office. Ideal for small site border control and Session Initiation Protocol (SIP) trunking service termination applications, the Acme Packet VME appliance delivers Oracle’s industry leading ESBC capabilities in a small form factor appliance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4506", "Certificate Number": "4506", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "05/03/202303/26/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4506.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4506", "module_name": "Oracle OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle OpenSSL FIPS Provider is a software library written in C programming language for use by Oracle applications that require FIPS 140-2 validated cryptography.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4504", "Certificate Number": "4504", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks PTX1000 Packet Transport Router", "Module Type": "Hardware", "Validation Date": "05/03/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4504.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4504", "module_name": "Juniper Networks PTX1000 Packet Transport Router", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 6 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks PTX1000 Packet Transport Router is a fixed-configuration router that supports 10-Gbps, 40-Gbps, and 100-Gbps port speeds in a compact 2U form factor, enabling service providers to organically distribute peering points throughout the network.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4503", "Certificate Number": "4503", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE-S-X6-128G/RE-1800 Routing Engine and MPC7E-10G MACSec Card", "Module Type": "Hardware", "Validation Date": "05/03/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4503.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4503", "module_name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE-S-X6-128G/RE-1800 Routing Engine and MPC7E-10G MACSec Card", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX Series is a robust portfolio of SDN enabled routing and switching platforms that provide industry leading system capacity,density,security and performance. MPC7E-10G supports 40 ports of 10gbps with GCM-AES-256 MACSEC encryption.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4502", "Certificate Number": "4502", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "PTX10008 and PTX10016 Packet Transport Routers with Routing Engine JNP10K-RE0 and MACsec Line Card LC1105-M", "Module Type": "Hardware", "Validation Date": "05/03/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4502.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4502", "module_name": "PTX10008 and PTX10016 Packet Transport Routers with Routing Engine JNP10K-RE0 and MACsec Line Card LC1105-M", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Networks PTX10000 line of Packet Transport Routers brings physical and virtual innovations to the cloud and service provider networks. These next-generation modular routers help network operators achieve their business goals while effectively handling current and future traffic demands through automation, optimization, and programmability.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4500", "Certificate Number": "4500", "Vendor Name": "Adva Network Security GmbH", "Module Name": "Encryption Module 10TCE-PCN-16GU+AES100G-F", "Module Type": "Hardware", "Validation Date": "05/02/202301/30/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4500.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4500", "module_name": "Encryption Module 10TCE-PCN-16GU+AES100G-F", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the security policy; This module contains the embedded module StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element validated to FIPS 140-2 under Cert. #2628 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The 10TCE-PCN-16GU+AES100G-F encryption module is used for encryption and decryption of data transmitted over Optical Transportation Network (OTN) links. It is used in Adva Network Security's FSP 3000 Optical Network Encryption solutions.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4499", "Certificate Number": "4499", "Vendor Name": "ADVA Optical Networking SE", "Module Name": "Encryption Card 9TCE-PCN-10GU+AES10G-F", "Module Type": "Hardware", "Validation Date": "05/02/202307/31/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4499.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4499", "module_name": "Encryption Card 9TCE-PCN-10GU+AES10G-F", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the security policy; This module contains the embedded module StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element validated to FIPS 140-2 under Cert. #2628 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The ADVA 9TCE-PCN-16GU+AES100G-F encryption module is used for encryption and decryption of data transmitted over Optical Transportation Network (OTN) links. It is used in ADVA's FSP 3000 Optical Network Encryption solutions.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4497", "Certificate Number": "4497", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0", "Module Type": "Hardware", "Validation Date": "05/02/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4497.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4497", "module_name": "FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode with the tamper evident seals and entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0 are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4496", "Certificate Number": "4496", "Vendor Name": "Microsoft Corporation", "Module Name": "Microsoft Azure Linux OpenSSL Cryptographic Library", "Module Type": "Software", "Validation Date": "05/01/202306/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4496.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4496", "module_name": "Microsoft Azure Linux OpenSSL Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 1 and 8 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Microsoft Azure Linux OpenSSL Cryptographic Library is a general-purpose, software cryptographic module that implements FIPS 140-2 approved cryptographic algorithms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4495", "Certificate Number": "4495", "Vendor Name": "Mist Systems", "Module Name": "FIPS AP43", "Module Type": "Hardware", "Validation Date": "04/30/202301/20/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4495.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4495", "module_name": "FIPS AP43", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The AP43 Series is a tri-radio 4x4 802.11ax Access Point with maximum data rates of 2,400 Mbps in the 5GHz band and 1,148 Mbps in the 2.4GHz band. The 3rd radio functions as a network, location, and security sensor, a synthetic test client radio, as well as a spectrum monitor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4493", "Certificate Number": "4493", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Cloud Infrastructure for BoringCrypto", "Module Type": "Software", "Validation Date": "04/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4493.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4493", "module_name": "Oracle Cloud Infrastructure for BoringCrypto", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A Software cryptographic library that contains FIPS Approved cryptography to serve Kubernetes and the Google Go programing language and application ecosystem.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4492", "Certificate Number": "4492", "Vendor Name": "Trellix", "Module Name": "Trellix FIPS Provider", "Module Type": "Software", "Validation Date": "04/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4492.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4492", "module_name": "Trellix FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trellix FIPS Provider is a software library providing a C-language application program interface (API) for use by applications using OpenSSL that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4490", "Certificate Number": "4490", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "04/26/202307/26/202310/20/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4490.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4490", "module_name": "AWS OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Module is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality. The Module is classified under FIPS 140-2 as a software module, with a multi-chip standalone module embodiment. The physical cryptographic boundary is the general-purpose computer on which the module is installed." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4489", "Certificate Number": "4489", "Vendor Name": "Digi International", "Module Name": "Digi DAL OS OpenSSL 3.0", "Module Type": "Software", "Validation Date": "04/26/202310/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4489.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4489", "module_name": "Digi DAL OS OpenSSL 3.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Digi DAL OS is the operating system that runs on all of its modern cellular routers. DAL OS utilizes OpenSSL 3.0 for FIPs-compliant cryptographic calls.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4488", "Certificate Number": "4488", "Vendor Name": "ControlUp Technologies, Inc.", "Module Name": "ControlUp Cryptographic Library", "Module Type": "Software", "Validation Date": "04/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4488.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4488", "module_name": "ControlUp Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The ControlUp Cryptographic library is a general-purpose cryptographic module incorporated into the applications to provide FIPS 140-2 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "DSA", "ECDSA", "EDDSA", "KDF", "RSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4484", "Certificate Number": "4484", "Vendor Name": "Microsoft Corporation", "Module Name": "Boot Manager", "Module Type": "Software-Hybrid", "Validation Date": "04/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4484.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4484", "module_name": "Boot Manager", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4483", "Certificate Number": "4483", "Vendor Name": "Forescout Technologies, Inc.", "Module Name": "Forescout OpenSSL FIPS Module", "Module Type": "Software", "Validation Date": "04/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4483.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4483", "module_name": "Forescout OpenSSL FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Forescout OpenSSL FIPS Module is a FIPS Object Module that is integrated into Forescout products to provide FIPS 140-2 validated cryptography for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4480", "Certificate Number": "4480", "Vendor Name": "Thales", "Module Name": "eToken 5110+ FIPS", "Module Type": "Hardware", "Validation Date": "04/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4480.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4480", "module_name": "eToken 5110+ FIPS", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "SafeNet eToken 5110+ FIPS is a secure portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4479", "Certificate Number": "4479", "Vendor Name": "Thales", "Module Name": "eToken 5110+ FIPS", "Module Type": "Hardware", "Validation Date": "04/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4479.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4479", "module_name": "eToken 5110+ FIPS", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "SafeNet eToken 5110+ FIPS is a secure portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4475", "Certificate Number": "4475", "Vendor Name": "Q-Net Security, Inc.", "Module Name": "Q-Box", "Module Type": "Hardware", "Validation Date": "04/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4475.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4475", "module_name": "Q-Box", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 5 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Complete security is built directly into each module’s silicon. Creating security directly in silicon avoids the use of vulnerable software and/or Operating Systems. The core of the hardware-enabled solution is AES-256 encryption and a novel symmetric key distribution that can provide a unique random key for each packet. QNS devices are placed in-line and nearby the endpoints to be secured. No external key management is necessary. Once deployed, the QNS devices never need to be upgraded or patched.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4473", "Certificate Number": "4473", "Vendor Name": "Aruba, a Hewlett Packard Enterprise Company", "Module Name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Red Hat Enterprise Linux", "Module Type": "Software", "Validation Date": "04/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4473.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4473", "module_name": "Hewlett Packard Enterprise OpenSSL Cryptographic Module on Red Hat Enterprise Linux", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4469", "Certificate Number": "4469", "Vendor Name": "HP, Inc.", "Module Name": "HPI Unified Communications Cryptographic Module", "Module Type": "Firmware-Hybrid", "Validation Date": "04/10/202301/21/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4469.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4469", "module_name": "HPI Unified Communications Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/20/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware-Hybrid", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The HPI Unified Cryptographic Library is a component of HPI's Unified Communications products and solutions. It provides the underlying cryptographic primitives as well as the functionality necessary to support the use of industry-standard secure communications protocols." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4468", "Certificate Number": "4468", "Vendor Name": "Infineon Technologies AG", "Module Name": "Trusted Platform Module 2.0 SLB 9672 FW 17.24 and SLB 9673 FW 27.24", "Module Type": "Hardware", "Validation Date": "04/07/202308/30/202310/23/202411/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4468.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4468", "module_name": "Trusted Platform Module 2.0 SLB 9672 FW 17.24 and SLB 9673 FW 27.24", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, initialized, and configured as specified in Sections 9.1 and 10 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family \"2.0\", Level 00, Revision 01.59, November 8, 2019 (Parts 1-4), Errata Version 1.6. See http://www.trustedcomputinggroup.org for further information on TCG and TPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4467", "Certificate Number": "4467", "Vendor Name": "Infineon Technologies AG", "Module Name": "Trusted Platform Module 2.0 SLB 9672 FW 16.24 and SLB 9673 FW 26.24", "Module Type": "Hardware", "Validation Date": "04/07/202308/30/202310/21/202411/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4467.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4467", "module_name": "Trusted Platform Module 2.0 SLB 9672 FW 16.24 and SLB 9673 FW 26.24", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, initialized, and configured as specified in Sections 9.1 and 10 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family \"2.0\", Level 00, Revision 01.59 November 8, 2019 (Parts 1-4), Errata Version 1.6. See www.trustedcomputinggroup.org for further information on TCG and TPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4466", "Certificate Number": "4466", "Vendor Name": "Security Platform Inc.", "Module Name": "AxioCrypto-M235x", "Module Type": "Firmware-Hybrid", "Validation Date": "04/07/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4466.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4466", "module_name": "AxioCrypto-M235x", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "The AxioCrypto-M235x cryptographic module is designed to provide foundational security services for the platform, including secure boot, secure lifecycle state, platform identity and key management. It offers high-throughput cryptography operations, suitable for diverse set of use cases, such as TLS link protection, key protection, sensor data encryption, device identification and more.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4463", "Certificate Number": "4463", "Vendor Name": "Ascom Sweden AB", "Module Name": "Ascom Smartphone BoringCrypto v2", "Module Type": "Software", "Validation Date": "04/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4463.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4463", "module_name": "Ascom Smartphone BoringCrypto v2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Ascom Smartphone BoringCrypto v2 is a general-purpose cryptographic library incorporated into the Ascom Myco smartphones for the protection of sensitive information.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4462", "Certificate Number": "4462", "Vendor Name": "Oracle Communications", "Module Name": "Acme Packet 4600 and Acme Packet 6350", "Module Type": "Hardware", "Validation Date": "03/29/202301/25/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4462.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4462", "module_name": "Acme Packet 4600 and Acme Packet 6350", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in the Security Policy Section 10.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Acme Packet 4600 and 6350 appliances are specifically designed to meet the unique price performance and manageability requirements of the small to medium sized enterprise and remote office/ branch office. Ideal for small site border control and Session Initiation Protocol (SIP) trunking service termination applications, the Acme Packet 4600 and 6350 appliances delivers Oracle’s industry leading ESBC capabilities in a small form factor appliance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4461", "Certificate Number": "4461", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Catalyst 8300 Series Edge Platforms", "Module Type": "Hardware", "Validation Date": "03/29/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4461.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4461", "module_name": "Cisco Catalyst 8300 Series Edge Platforms", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco C8300 (C8300-1N1S-6T, C8300-1N1S-4T2X, C8300-2N2S-6T, and C8300-2N2S-4T2X) revolutionize WAN communications in the enterprise branch. With new levels of built-in intelligent network capabilities and convergence, it specifically addresses the growing need for application-aware networking in distributed enterprise sites.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4459", "Certificate Number": "4459", "Vendor Name": "Rambus Inc.", "Module Name": "VaultIP", "Module Type": "Hardware", "Validation Date": "03/24/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4459.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4459", "module_name": "VaultIP", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/6/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "VaultIP is a Silicon IP Security Module with a secure asset store protecting all valuable assets on your device. It is a stand-alone Root of Trust that offers key management and crypto functions needed for platform and application security. VaultIP offers all security services to manage your device securely through its lifecycle. These include Secure Debug, Secure Provisioning, HUK and Identity protection and secure authentication services. Secure Boot and Communication protocols such as TLS can leverage VaultIP to secure the boot process and protect private communication keys.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4458", "Certificate Number": "4458", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "03/24/202310/13/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4458.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4458", "module_name": "Red Hat Enterprise Linux 8 NSS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4457", "Certificate Number": "4457", "Vendor Name": "Microsoft Corporation", "Module Name": "TCB Launcher", "Module Type": "Software-Hybrid", "Validation Date": "03/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4457.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4457", "module_name": "TCB Launcher", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules Windows OS Loader validated to FIPS 140-2 under Cert. #4339 operating in FIPS mode or Windows Resume validated to FIPS 140-2 under Cert. #4348 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The TCB Launcher Module, which consists of the binary TCBLAUNCH.EXE, is the module that launches the Hypervisor and Secure Kernel and other binary image files needed to launch those two components.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4456", "Certificate Number": "4456", "Vendor Name": "Symantec, A Division of Broadcom", "Module Name": "Symantec Content Analysis Virtual Appliance", "Module Type": "Software", "Validation Date": "03/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4456.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4456", "module_name": "Symantec Content Analysis Virtual Appliance", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Symantec Content Analysis (CAS) is a critical component of effective protection against advanced targeted attacks achieved via multi-layer file inspection and sandboxing. Together with ProxySG or Symantec Messaging Gateway (SMG), it offers the most complete advanced threat protection in the marketplace for blocking known threats and analyzing zero-day and other advanced threats.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4455", "Certificate Number": "4455", "Vendor Name": "Kyocera Document Solutions Inc.", "Module Name": "MFP Cryptographic Module(A)", "Module Type": "Hardware", "Validation Date": "03/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4455.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4455", "module_name": "MFP Cryptographic Module(A)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/23/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 10.3 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "MFP Cryptographic Module(A) is a cryptographic security chip for encrypting data written to a storage device and other security function of Kyocera multifunction printer. Secure key generation and fast AES encryption/decryption are offered through SATA interface. SecureBoot verifies the integrity of the firmware when the product starts up.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4454", "Certificate Number": "4454", "Vendor Name": "iDirect Government, LLC", "Module Name": "TRANSEC Module", "Module Type": "Hardware", "Validation Date": "03/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4454.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4454", "module_name": "TRANSEC Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode as specified in Security Policy Section 3 Secure Operation", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "iDirect Government, LLC’s satellite-based IP communications technology enables constant connectivity for voice, video, and data applications in any environment. iDirect provides the leading TRANSEC-compliant, bandwidth-efficient satellite platforms for government and military communications. The Secure Satellite Broadband Solutions have uses across a wide range of applications, including maritime connectivity, aeronautical connectivity, military defense, and emergency relief.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4453", "Certificate Number": "4453", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWALL SMA Series v12.4 SMA 6210, SMA 7210, SMA 7200", "Module Type": "Hardware", "Validation Date": "03/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4453.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4453", "module_name": "SonicWALL SMA Series v12.4 SMA 6210, SMA 7210, SMA 7200", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "SonicWall Software SMA 6210, SMA 7210, and SMA 7200 are part of the SonicWall Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS, Google Android and Google Chromebook among others.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4452", "Certificate Number": "4452", "Vendor Name": "Symantec, A Division of Broadcom", "Module Name": "Symantec Management Center Virtual Appliance", "Module Type": "Software", "Validation Date": "03/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4452.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4452", "module_name": "Symantec Management Center Virtual Appliance", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Symantec Management Center is a powerful, unified management platform that gives you centralized visibility over Symantec’s product portfolio. With a single pane of glass, you can see your Symantec deployments, including ProxySG, SSL Visibility Appliance, Content Analysis, Malware Analysis and Reporter. You can also scale deployments and apply powerful proxy policies throughout your environment that address your specific needs and ensure the consistent application of web security and governance.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4451", "Certificate Number": "4451", "Vendor Name": "Symantec, A Division of Broadcom", "Module Name": "Symantec Integrated Secure Gateway", "Module Type": "Hardware", "Validation Date": "03/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4451.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4451", "module_name": "Symantec Integrated Secure Gateway", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Symantec Integrated Secure Gateway (ISG) is the software on the newest Symantec Security Platform SSP-S410 and S210 appliances used to deploy applications. The ISG SSP-S210 and S410 appliances enable organizations to take a modular approach to network security by separating the traditional hardware-based appliance approach into individual software and hardware components. This allows customers to tailor their software and hardware procurement needs specifically to their network topology, providing on-premises, cloud-based, or blended solutions.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4449", "Certificate Number": "4449", "Vendor Name": "Nokia XHAUL", "Module Name": "Wavence Microwave radio cryptoModule", "Module Type": "Hardware", "Validation Date": "03/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4449.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4449", "module_name": "Wavence Microwave radio cryptoModule", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The cryptographic module is a solution for transformation of backhaul networks from TDM (Time-Division Multiplexing) to IP (Internet Protocol). It is a microwave digital radio that supports PDH (Plesiochronous Digital Hierarchy), SDH (Synchronous Digital Hierarchy), and packet data, i.e. Ethernet. The module implements end-to-end protection against loss of confidentiality along the radio path on Layer 1 of the OSI model.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4448", "Certificate Number": "4448", "Vendor Name": "Hughes Network Systems, LLC", "Module Name": "IPsec IP Gateway Server", "Module Type": "Hardware", "Validation Date": "03/13/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4448.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4448", "module_name": "IPsec IP Gateway Server", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Hughes JUPITER System is a broadband satellite system designed to support high-throughput satellite communications. It consists of VSAT satellite terminals, single rack or multi rack JUPITER GWs and the capabilities to manage these devices over the network. The IPsec IPGW is a JUPITER GW component that is used to provide Internet access for associated terminals, perform IP acceleration and routing of packets between terminals and the Internet, and encrypt user traffic between itself and HT Satellite Router terminals via IPsec tunnels.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4447", "Certificate Number": "4447", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWALL SMA Series v12.4 SMA 8200v", "Module Type": "Software-Hybrid", "Validation Date": "03/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4447.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4447", "module_name": "SonicWALL SMA Series v12.4 SMA 8200v", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "SonicWall Software SMA 8200v is part of the SonicWall Security Solution Enterprise product family. It provides virtualized software based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS, Google Android and Google Chromebook among others.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4446", "Certificate Number": "4446", "Vendor Name": "Infineon Technologies AG", "Module Name": "SLS37CSAUS V2X", "Module Type": "Hardware", "Validation Date": "03/07/202303/05/202403/19/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4446.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4446", "module_name": "SLS37CSAUS V2X", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode; The module generates cryptographic keys and random strings whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The cryptographic module is a single-chip security controller for signature generation and secure data storage in V2X systems (vehicle-to-anything). The V2X system is required to support vehicle communication with other vehicles, as well as with road infrastructure and other elements. The cryptographic module will support highly secure and timely necessary cryptographic operations, so that all messages may be securely signed and authenticated.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "KDF", "KTS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4445", "Certificate Number": "4445", "Vendor Name": "Google, LLC", "Module Name": "Look-aside Cryptography and Compression Engine (LCE)", "Module Type": "Hardware", "Validation Date": "02/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4445.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4445", "module_name": "Look-aside Cryptography and Compression Engine (LCE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module [Google Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module] validated to FIPS 140-2 under Cert. #4400 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Look-aside Cryptography and Compression Engine (LCE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides lookaside cryptography services including bulk encryption, cryptographic hashing, Integrity Checksum Value (ICV) verification, and compression services. The module also supports operation chaining including cryptographic and pipeline compressing/decompressing and verification as well as standalone or combined DMA data (payload) transfers between nodes.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4444", "Certificate Number": "4444", "Vendor Name": "Google, LLC.", "Module Name": "BoringCrypto SoC", "Module Type": "Software", "Validation Date": "02/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4444.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4444", "module_name": "BoringCrypto SoC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4443", "Certificate Number": "4443", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiOS 6.4/7.0", "Module Type": "Firmware", "Validation Date": "02/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4443.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4443", "module_name": "FortiOS 6.4/7.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiOS 6.4/7.0 is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4442", "Certificate Number": "4442", "Vendor Name": "VMware, Inc.", "Module Name": "VMware's ESXboot Cryptographic Module", "Module Type": "Software", "Validation Date": "02/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4442.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4442", "module_name": "VMware's ESXboot Cryptographic Module", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "2/22/2028", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware’s ESXboot Cryptographic Module provides FIPS 140-3 Approved cryptographic services for verifying the integrity of ESXi during the boot process.", "detail_available": true, "algorithms": [ "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4441", "Certificate Number": "4441", "Vendor Name": "DocuSign Ltd.", "Module Name": "DocuSign QSCD Appliance", "Module Type": "Hardware", "Validation Date": "02/22/202309/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4441.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4441", "module_name": "DocuSign QSCD Appliance", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4440", "Certificate Number": "4440", "Vendor Name": "Virtru Corporation", "Module Name": "VirtruCrypto - FIPS JavaScript Module", "Module Type": "Software", "Validation Date": "02/21/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4440.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4440", "module_name": "VirtruCrypto - FIPS JavaScript Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of minimum strength or security of keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The VirtruCrypto module is a multi-chip standalone cryptographic module", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4439", "Certificate Number": "4439", "Vendor Name": "Skyhigh Security", "Module Name": "Skyhigh Security OpenSSL Module", "Module Type": "Software", "Validation Date": "02/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4439.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4439", "module_name": "Skyhigh Security OpenSSL Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Skyhigh Security OpenSSL Module provides FIPS validated cryptographic services for Skyhigh Security products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4438", "Certificate Number": "4438", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "02/15/202310/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4438.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4438", "module_name": "Red Hat Enterprise Linux 8 libgcrypt Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 10.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 8.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4437", "Certificate Number": "4437", "Vendor Name": "SK hynix Inc.", "Module Name": "SK hynix PE8110 M.2 22110D NVMe TCG Opal SSC SED", "Module Type": "Hardware", "Validation Date": "02/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4437.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4437", "module_name": "SK hynix PE8110 M.2 22110D NVMe TCG Opal SSC SED", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "These products are NAND semiconductor-based data drives for server systems. Faster response to servers is available, compared to hard disk drives, but the basic operation is the same as conventional hard disk drives.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4436", "Certificate Number": "4436", "Vendor Name": "SK hynix Inc.", "Module Name": "SK hynix PE8010 and PE8030 NVMe Opal SEDs", "Module Type": "Hardware", "Validation Date": "02/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4436.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4436", "module_name": "SK hynix PE8010 and PE8030 NVMe Opal SEDs", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "These products are NAND semiconductor-based data drives for server systems. Faster response to servers is available, compared to hard disk drives, but the basic operation is the same as conventional hard disk drives.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4435", "Certificate Number": "4435", "Vendor Name": "HP Inc.", "Module Name": "Tera2 PCoIP Zero Client Processors", "Module Type": "Hardware", "Validation Date": "02/15/202305/22/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4435.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4435", "module_name": "Tera2 PCoIP Zero Client Processors", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When configured and initialized as specified in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "PC-over-IP (PCoIP) technology delivers a secure, high-definition and highly responsive computing experience. It uses advanced display compression to provide end-users with on-premises or cloud-based virtual machines as a convenient alternative to local computers. This virtual workspace architecture compresses, encrypts, and transmits only pixels to a broad range of software clients, mobile clients, thin clients, and stateless PCoIP Zero Clients, providing a highly secure enterprise environment.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4434", "Certificate Number": "4434", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "02/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4434.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4434", "module_name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 8 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4433", "Certificate Number": "4433", "Vendor Name": "EasyPost", "Module Name": "EZPES Centralized Security Module (CSM)", "Module Type": "Hardware", "Validation Date": "02/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4433.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4433", "module_name": "EZPES Centralized Security Module (CSM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The EasyPost Centralized Security Module (CSM) acts as the core security module of a United States Postal Service (USPS) Intelligent Mail Indicia Performance Criteria (IMI PC) conformant online postage evidencing system (PES). Its primary purpose is to perform secure postal financial transactions.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4432", "Certificate Number": "4432", "Vendor Name": "IBM Corporation", "Module Name": "IBM® Security QRadar® SIEM Cryptographic Module", "Module Type": "Software", "Validation Date": "02/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4432.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4432", "module_name": "IBM® Security QRadar® SIEM Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic module used for QRadar system components.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KAS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4431", "Certificate Number": "4431", "Vendor Name": "Comtech Satellite Network Technologies, Inc.", "Module Name": "Gen 2 TRANSEC", "Module Type": "Hardware", "Validation Date": "02/02/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4431.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4431", "module_name": "Gen 2 TRANSEC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Comtech TRANSEC features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, and firmware to provide the cryptographic functions needed to act as an endpoint for secure TLS- and SSH-based M&C traffic.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4430", "Certificate Number": "4430", "Vendor Name": "Thales", "Module Name": "Thales CipherTrust Manager Core Security Module", "Module Type": "Software", "Validation Date": "01/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4430.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4430", "module_name": "Thales CipherTrust Manager Core Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4429", "Certificate Number": "4429", "Vendor Name": "Thales", "Module Name": "Thales CipherTrust Cryptographic Provider (CCP)", "Module Type": "Software-Hybrid", "Validation Date": "01/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4429.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4429", "module_name": "Thales CipherTrust Cryptographic Provider (CCP)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Thales CipherTrust Cryptographic Provider (CCP) provides cryptographic functionality either internally to the product or to external clients. The module provides support for a broad range of cryptographic services. The module uses the Intel® AES-New Instructions (AES-NI) for acceleration of AES.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4428", "Certificate Number": "4428", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "01/27/202310/13/202308/14/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4428.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4428", "module_name": "Red Hat Enterprise Linux 8 GnuTLS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9 and 10 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with Red Hat Enterprise Linux 8.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4427", "Certificate Number": "4427", "Vendor Name": "Ultra Intelligence & Communications", "Module Name": "3e-520 Secure Access Point Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4427.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4427", "module_name": "3e-520 Secure Access Point Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4426", "Certificate Number": "4426", "Vendor Name": "Google, LLC", "Module Name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "Module Type": "Hardware", "Validation Date": "01/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4426.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4426", "module_name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The DPSC is a HW block within the NVMe Protocol Engine that contains AES-XTS engines which support data rate encrypt and decrypt functions. The module is a sub-chip cryptographic subsystem intended for use within the Google IN762 SoC.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4425", "Certificate Number": "4425", "Vendor Name": "Google, LLC", "Module Name": "Inline Crypto Engine (ICE)", "Module Type": "Hardware", "Validation Date": "01/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4425.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4425", "module_name": "Inline Crypto Engine (ICE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Inline Crypto Engine (ICE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides a cryptographic engine supporting cryptographic offload for IPsec and PSP protocols. The ICE module processes network infrastructure packets in both the Ingress and Egress directions. In addition to providing the cryptographic primitives for the security protocols it also provides packet integrity authentication and anti-replay protection.", "detail_available": true, "algorithms": [ "AES", "KDF" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4424", "Certificate Number": "4424", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Catalyst 9800 (40/80) Wireless Controllers", "Module Type": "Hardware", "Validation Date": "01/25/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4424.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4424", "module_name": "Cisco Catalyst 9800 (40/80) Wireless Controllers", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. This module contains the embedded module ACT2Lite validated to FIPS 140-2 under Cert. #3637 operating in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Cisco Series Wireless Controllers, are a highly scalable and flexible platform that enables system-wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4423", "Certificate Number": "4423", "Vendor Name": "Viasat, Inc.", "Module Name": "Type 3 Data Encryption Device (V3K-102)", "Module Type": "Hardware", "Validation Date": "01/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4423.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4423", "module_name": "Type 3 Data Encryption Device (V3K-102)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Viasat Type 3 Data Encryption Device (V3K-102) is a multi-chip embedded cryptographic module. The V3K-102 provides encryption and decryption services, key management, and can provide filtering for domain separation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4422", "Certificate Number": "4422", "Vendor Name": "FEITIAN Technologies US, Inc.", "Module Name": "FEITIAN MFA Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/23/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4422.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4422", "module_name": "FEITIAN MFA Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "The Module is a single chip embodiment implementing the JavaCard and Global Platform operational environment with a Card Manager, that is also considered an Issuer Security Domain (ISD), and five Applets. The Module meets FIPS 140-2 overall Level 2 requirements." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4421", "Certificate Number": "4421", "Vendor Name": "Microchip Technology Inc", "Module Name": "Microchip Trust Anchor TA100", "Module Type": "Hardware", "Validation Date": "01/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4421.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4421", "module_name": "Microchip Trust Anchor TA100", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in Section 5 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Microchip Trust Anchor TA100 is a secure element from the Microchip CryptoAutomotive™ portfolio intended for automotive security applications providing support for code authentication (aka secure boot), message authentication via MAC generation, support for trusted firmware updates, multiple key management protocols including TLS and other root-of-trust based operations. It is typically a companion device to an MCU or MPU on the same board.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4420", "Certificate Number": "4420", "Vendor Name": "Apricorn", "Module Name": "Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/20/202302/14/202311/27/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4420.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4420", "module_name": "Aegis Secure Key 3Z and Aegis Secure Key 3NX Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Apricorn Aegis Secure Key 3z and Apricorn Aegis Secure Key 3NX are hardware encrypted USB 3.1 memory keys.The software free design allows interface to any host that supports USB and mass storage.Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with our Aegis Configurator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4419", "Certificate Number": "4419", "Vendor Name": "Dream Security Co., Ltd.", "Module Name": "MagicCryptoMVP", "Module Type": "Software", "Validation Date": "01/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4419.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4419", "module_name": "MagicCryptoMVP", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "MagicCryptoMVP cryptographic module is in the form of a software shared library that runs on Linux operating systems. The MagicCryptoMVP uses encryption API functions to provide cryptographic services such as encryption/decryption, hash, digital signatures generation and verification, message authentication (MAC), secret key generation, and key pair generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4418", "Certificate Number": "4418", "Vendor Name": "F5, Inc.", "Module Name": "Cryptographic Module for BIG-IP ®", "Module Type": "Software", "Validation Date": "01/20/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4418.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4418", "module_name": "Cryptographic Module for BIG-IP ®", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic library offering various cryptographic mechanisms to BIG-IP Virtual Edition.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4417", "Certificate Number": "4417", "Vendor Name": "F5, Inc.", "Module Name": "F5® Device Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4417.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4417", "module_name": "F5® Device Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and when installed, initialized, and configured as specified in the section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4416", "Certificate Number": "4416", "Vendor Name": "Legion of the Bouncy Castle Inc.", "Module Name": "BC-FNA (Bouncy Castle FIPS .NET API)", "Module Type": "Software", "Validation Date": "01/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4416.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4416", "module_name": "BC-FNA (Bouncy Castle FIPS .NET API)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well.", "detail_available": true, "algorithms": [ "AES", "DSA", "ECDSA", "EDDSA", "KDF", "RSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4415", "Certificate Number": "4415", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiGate-VM 6.4 and 7.0", "Module Type": "Software-Hybrid", "Validation Date": "01/16/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4415.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4415", "module_name": "FortiGate-VM 6.4 and 7.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy and with the entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiGate-VM 6.4 and 7.0 is a software-hybrid module designed to execute on a General Purpose Computer (GPC) hardware platform running the VMware hypervisor. The module provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering, traffic shaping, and HA capabilities.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4414", "Certificate Number": "4414", "Vendor Name": "F5, Inc.", "Module Name": "F5® vCMP Cryptographic Module", "Module Type": "Firmware", "Validation Date": "01/16/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4414.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4414", "module_name": "F5® vCMP Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and when installed, initialized, and configured as specified in Section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "F5® vCMP Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP and VIPRION hardwares.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4413", "Certificate Number": "4413", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "01/16/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4413.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4413", "module_name": "Red Hat Enterprise Linux 8 NSS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy applies.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4412", "Certificate Number": "4412", "Vendor Name": "JoveAI Innovation, Inc.", "Module Name": "STAR-2000-3", "Module Type": "Hardware", "Validation Date": "01/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4412.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4412", "module_name": "STAR-2000-3", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "A multi-chip embedded cryptographic module compliant with FIPS 140-2 and the Digital Cinema System Specification version 1.2. The module serves as an Integrated Media Block (IMB) as part of a Permanently-Married Projection System.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4411", "Certificate Number": "4411", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "NPCT7xx TPM 2.0 rev 1.59", "Module Type": "Hardware", "Validation Date": "01/12/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4411.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4411", "module_name": "NPCT7xx TPM 2.0 rev 1.59", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized, and configured as specified in the Security Policy Section 9.2 and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton NPCT7xx TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4410", "Certificate Number": "4410", "Vendor Name": "SK hynix Inc.", "Module Name": "SK hynix PE8111 E1.L NVMe TCG Opal SSC SED", "Module Type": "Hardware", "Validation Date": "01/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4410.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4410", "module_name": "SK hynix PE8111 E1.L NVMe TCG Opal SSC SED", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized, and configured as specified in Section 8.2 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "These products are NAND semiconductor-based data drives for server systems. Faster response to servers is available, compared to hard disk drives, but the basic operation is the same as conventional hard disk drives.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4409", "Certificate Number": "4409", "Vendor Name": "WiSECURE Technologies", "Module Name": "KeyVault Hardware Security Module (kvHSM)", "Module Type": "Hardware", "Validation Date": "01/09/202301/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4409.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4409", "module_name": "KeyVault Hardware Security Module (kvHSM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "KeyVault Hardware Security Module (kvHSM) is a hardware security module , a vault that stores and manages cryptographic keys. It is a powerful and protected PCIe card. It governs the entire life cycle of keys, including generation, distribution, storage, destruction and archiving, and provides data encryption, data decryption, signature generation, signature verification, message digest, message authentication code (MAC), random number generation and key management services to systems.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4408", "Certificate Number": "4408", "Vendor Name": "F5, Inc.", "Module Name": "Cryptographic Module for BIG-IP ®", "Module Type": "Software", "Validation Date": "01/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4408.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4408", "module_name": "Cryptographic Module for BIG-IP ®", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic library offering various cryptographic mechanisms to BIG-IP Virtual Edition.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407", "Certificate Number": "4407", "Vendor Name": "Google, LLC.", "Module Name": "BoringCrypto", "Module Type": "Software", "Validation Date": "01/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4407.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407", "module_name": "BoringCrypto", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4406", "Certificate Number": "4406", "Vendor Name": "Fungible, Inc.", "Module Name": "FunOS Crypto Module", "Module Type": "Software-Hybrid", "Validation Date": "01/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4406.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4406", "module_name": "FunOS Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The FunOS Crypto Library implements the APIs for invoking the Fungible DPU hardware crypto engines. These APIs are used by other Fungible operating system modules, including the security, storage and networking stacks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "HMAC", "KDF", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4405", "Certificate Number": "4405", "Vendor Name": "Pensando Systems, Inc", "Module Name": "Pensando Crypto Engine", "Module Type": "Software-Hybrid", "Validation Date": "01/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4405.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4405", "module_name": "Pensando Crypto Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Embedded", "description": "The module provides AES-GCM and AES-XTS cryptographic acceleration to applications running on the DSC2-2Q200.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4404", "Certificate Number": "4404", "Vendor Name": "IBM Corporation", "Module Name": "IBM Cloud Object Storage System’s™ FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "01/04/202306/05/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4404.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4404", "module_name": "IBM Cloud Object Storage System’s™ FIPS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Cryptographic module used for IBM’s Cloud Object Storage system components", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4403", "Certificate Number": "4403", "Vendor Name": "CommScope Technologies LLC", "Module Name": "R650-US Access Point, R650-WW Access Point, R750 Access Point, R850 Access Point, T750SE Access Point, T750 Access Point, and T750-WW Access Point", "Module Type": "Hardware", "Validation Date": "01/03/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4403.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4403", "module_name": "R650-US Access Point, R650-WW Access Point, R750 Access Point, R850 Access Point, T750SE Access Point, T750 Access Point, and T750-WW Access Point", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When initialized and configured as specified in Section 9 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Ruckus WiFi 6 access point portfolio comprises of indoor and outdoor APs that brings higher capacity, efficiency, and performance to enterprises, distributed offices, and small businesses. Ruckus WiFi 6 portfolio offers dual-band, dual-concurrent APs that supports up to eight spatial streams (4x4:4 in 5GHz, 4x4:4 in 2.4GHz). Equipped with OFDMA and MU-MIMO capabilities, the APs efficiently manage up to 1024 client connections with increased capacity, improved coverage and performance in ultra-high dense environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4402", "Certificate Number": "4402", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD Ryzen PRO 4000 Series PSP Cryptographic CoProcessor", "Module Type": "Firmware-hybrid", "Validation Date": "12/30/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4402.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4402", "module_name": "AMD Ryzen PRO 4000 Series PSP Cryptographic CoProcessor", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/29/2027", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The AMD PSP Cryptographic CoProcessor provides cryptographic algorithm support for the Ryzen PRO 4000 Series processor.", "detail_available": true, "algorithms": [ "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4401", "Certificate Number": "4401", "Vendor Name": "Advanced Micro Devices (AMD)", "Module Name": "AMD Ryzen PRO 5000 Series PSP Cryptographic CoProcessor", "Module Type": "Firmware-hybrid", "Validation Date": "12/30/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4401.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4401", "module_name": "AMD Ryzen PRO 5000 Series PSP Cryptographic CoProcessor", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/29/2027", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy.", "module_type": "Firmware-hybrid", "embodiment": "Single Chip", "description": "The AMD PSP Cryptographic CoProcessor provides cryptographic algorithm support for the Ryzen PRO 5000 Series processor.", "detail_available": true, "algorithms": [ "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4400", "Certificate Number": "4400", "Vendor Name": "Google, LLC", "Module Name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module", "Module Type": "Firmware-Hybrid", "Validation Date": "12/27/202202/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4400.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4400", "module_name": "Integrated Management Complex (IMC) and B227 True Random Number Generator (TRNG) Firmware-Hybrid Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with modules [Google Titan-D] validated to FIPS 140-2 under Cert. #4367 operating in FIPS mode.", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "The Integrated Management Complex firmware manages functions such as power-on, reset, clock and power control, configuration, and security functions including encryption and decryption, key derivation, key generation, and hashing. The IMC performs these functions as ARM Trusted Execution Environment (TEE) firmware executing on two ARM-A53 processors within the IN762 SoC. The hardware comprises the B227 TRNG, which is a NIST SP800-90 A/B compliant TRNG employed by the IMC module for generating cryptographic keys.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4398", "Certificate Number": "4398", "Vendor Name": "Seagate Technology LLC", "Module Name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module", "Module Type": "Hardware", "Validation Date": "12/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4398.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4398", "module_name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Enterprise Capacity® HDD v4 Self-Encrypting Drives model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4397", "Certificate Number": "4397", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "12/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4397.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4397", "module_name": "Red Hat Enterprise Linux 8 libgcrypt Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 10.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy applies.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 8.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4396", "Certificate Number": "4396", "Vendor Name": "CommScope Technologies LLC", "Module Name": "Ruckus Wireless Cloudpath Enrollment System Cryptographic Library", "Module Type": "Software", "Validation Date": "12/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4396.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4396", "module_name": "Ruckus Wireless Cloudpath Enrollment System Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "This library provides cryptographic services for the Cloudpath ES application.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4395", "Certificate Number": "4395", "Vendor Name": "Autotalks Ltd.", "Module Name": "CRATON2/SECTON embedded V2X HSM", "Module Type": "Hardware", "Validation Date": "12/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4395.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4395", "module_name": "CRATON2/SECTON embedded V2X HSM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Autotalks Embedded Hardware Security Module (eHSM) provides a hardened, tamper-resistant environment for secure cryptographic processing needed for Automotive Vehicle-to-Everything communication systems including: ECC Public Key cryptography, Symmetric key cryptography, Key protection, and TRNG/DRBG.", "detail_available": true, "algorithms": [ "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4394", "Certificate Number": "4394", "Vendor Name": "Blue Armor", "Module Name": "Blue Armor Cryptographic Module", "Module Type": "Software", "Validation Date": "12/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4394.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4394", "module_name": "Blue Armor Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Blue Armor Cryptographic Module is a standards-based cryptographic engine used in Transport Access Control, SSL, OpenSSL, as well as other security applications. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4393", "Certificate Number": "4393", "Vendor Name": "Vocera Communications, Inc.", "Module Name": "Vocera Cryptographic Module", "Module Type": "Firmware", "Validation Date": "12/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4393.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4393", "module_name": "Vocera Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When configured and initialized as specified in the Security Policy.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Vocera C1000 Module is a firmware module that provides the cryptographic primitives (including encryption/decryption, hashing, digital signature functions, and key derivation) needed to support secure communication services to the system.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4392", "Certificate Number": "4392", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Apple silicon, Kernel, Software]", "Module Type": "Software", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4392.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4392", "module_name": "Apple corecrypto Module v11.1 [Apple silicon, Kernel, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/6/2027", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto Kernel Space Module for Apple silicon is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4391", "Certificate Number": "4391", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Apple silicon, User, Software]", "Module Type": "Software", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4391.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4391", "module_name": "Apple corecrypto Module v11.1 [Apple silicon, User, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/6/2027", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto User Space Module for Apple silicon is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4390", "Certificate Number": "4390", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Intel, Kernel, Software]", "Module Type": "Software", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4390.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4390", "module_name": "Apple corecrypto Module v11.1 [Intel, Kernel, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/6/2027", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto Kernel Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4389", "Certificate Number": "4389", "Vendor Name": "Apple Inc.", "Module Name": "Apple corecrypto Module v11.1 [Intel, User, Software]", "Module Type": "Software", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4389.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4389", "module_name": "Apple corecrypto Module v11.1 [Intel, User, Software]", "standard": "FIPS 140-3", "status": "Active", "sunset_date": "12/6/2027", "overall_level": 1, "caveat": "When operated in approved mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Apple corecrypto User Space Module for Intel is a software cryptographic module running on a multi-chip standalone hardware device and provides services intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4388", "Certificate Number": "4388", "Vendor Name": "OneSpan", "Module Name": "DIGIPASS GO7", "Module Type": "Hardware", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4388.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4388", "module_name": "DIGIPASS GO7", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Digipass GO 7 is an one-time password (OTP) hardware token a convenient single-button authentication device that boosts security while providing unmatched user acceptance. Digipass GO 7 also supports OneSpan’s multi OTP technology offering enhanced security for organizations who need to secure multiple applications with a single Digipass.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KDF", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4387", "Certificate Number": "4387", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX2010 and MX2020 3D Universal Edge Routers with REMX2K-X8-64G and RE-MX2000-1800X4-S Routing Engines, MPC9E with MIC-MACSEC-MRATE", "Module Type": "Hardware", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4387.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4387", "module_name": "Juniper Networks MX2010 and MX2020 3D Universal Edge Routers with REMX2K-X8-64G and RE-MX2000-1800X4-S Routing Engines, MPC9E with MIC-MACSEC-MRATE", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The MX series provides dedicated high-performance processing for flows and sessions and integrates advanced security capabilities that protect the network infrastructure as well as user data.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4386", "Certificate Number": "4386", "Vendor Name": "Apacer Technology Inc.", "Module Name": "Apacer TCG SSD SV240 Series", "Module Type": "Hardware", "Validation Date": "12/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4386.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4386", "module_name": "Apacer TCG SSD SV240 Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "Apacer¡¦s SV240 is a well-balanced solid-state disk (SSD) drive with standard form factor and great performance. Designed in SATA 6 Gb/s interface, the SSD is able to deliver exceptional read/write speed, making it the ideal companion for heavy-loading industrial or server operations. Apacer SV240 SSD provides AES 256 encryption/decryption of data that is stored in NAND flash. The module supports the SATA interface compliant with the Trusted Computing Group (TCG) SSC specification Opal.", "algorithms": [ "AES", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4385", "Certificate Number": "4385", "Vendor Name": "General Dynamics Mission Systems", "Module Name": "Fortress Mesh Points", "Module Type": "Hardware", "Validation Date": "12/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4385.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4385", "module_name": "Fortress Mesh Points", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. The protocol SNMP shall not be used when operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4384", "Certificate Number": "4384", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "12/05/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4384.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4384", "module_name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 8 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4383", "Certificate Number": "4383", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung SCrypto Cryptographic Module", "Module Type": "Software", "Validation Date": "12/03/202205/24/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4383.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4383", "module_name": "Samsung SCrypto Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "SCrypto is secure library which is used to provide a standardized common cryptographic API to trusted applications for the secure world/TEE environment.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4382", "Certificate Number": "4382", "Vendor Name": "cPacket Networks, Inc.", "Module Name": "cVu 16100 Network Packet Broker", "Module Type": "Hardware", "Validation Date": "11/28/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4382.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4382", "module_name": "cVu 16100 Network Packet Broker", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The cPacket cVu product family is the industry's leading network packet broker (NPB) with millisecond accuracy at 100G wire speed. The cVu 16100+ integrates real-time performance monitoring with network packet brokering to enable organizations to cost effectively and quickly find network infrastructure issues and reliably feed security and other network tools without dropping packets.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4381", "Certificate Number": "4381", "Vendor Name": "Alcatel Lucent Enterprise USA Inc.", "Module Name": "OmniSwitch AOS Cryptographic Module", "Module Type": "Software", "Validation Date": "11/28/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4381.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4381", "module_name": "OmniSwitch AOS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in the Security Policy Section 3.1. When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OmniSwitch AOS Cryptographic Module provides cryptographic functionality to Alcatel-Lucent Enterprise software applications present on the Alcatel-Lucent Enterprise OmniSwitch series of routers.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4380", "Certificate Number": "4380", "Vendor Name": "Versa Networks, Inc.", "Module Name": "Versa Networks Controller", "Module Type": "Software", "Validation Date": "11/26/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4380.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4380", "module_name": "Versa Networks Controller", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Versa Networks Controller (aka Versa Controller, which is the cryptographic module) plays a key role in the Versa solution, providing a control plane entry point for Versa Networks Branch deployments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4379", "Certificate Number": "4379", "Vendor Name": "Versa Networks, Inc.", "Module Name": "Versa Networks Branch", "Module Type": "Software", "Validation Date": "11/26/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4379.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4379", "module_name": "Versa Networks Branch", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Versa Networks Branch is a software component that comprises of a comprehensive stack of network and security functions. The Versa Networks Branch software module can be deployed on a bare metal system or on a hypervisor-based Virtual Machine.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4378", "Certificate Number": "4378", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "11/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4378.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4378", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4367", "Certificate Number": "4367", "Vendor Name": "Google, LLC.", "Module Name": "Titan-D Chip", "Module Type": "Hardware", "Validation Date": "11/15/202203/04/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4367.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4367", "module_name": "Titan-D Chip", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Titan is a custom secure micro-controller. It can implement a variety of security, encryption, and cryptography protocols. The protocols are running on a secure processor on-chip, interfacing with a host using an API across a trusted SPI peripheral. It provides secure EEPROM Boot, using SPI pass-through technology that allows Titan to confirm authorship of Boot Code, ensuring code-signing before code swap is completed.", "detail_available": true, "algorithms": [ "AES", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4366", "Certificate Number": "4366", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "11/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4366.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4366", "module_name": "Ubuntu 20.04 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 20.04 Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4365", "Certificate Number": "4365", "Vendor Name": "Nutanix, Inc.", "Module Name": "Nutanix Cryptographic Module for OpenSSH Server", "Module Type": "Software", "Validation Date": "11/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4365.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4365", "module_name": "Nutanix Cryptographic Module for OpenSSH Server", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and configured as specified in Section 3 of the Security Policy with the Nutanix Cryptographic Module for OpenSSL validated to FIPS 140-2 under Cert. #4249 operating in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Nutanix Cryptographic Module for OpenSSH Server is a cryptographic software module, designated as a multi-chip standalone embodiment, and used in Nutanix solutions to provide FIPS 140-2 Approved SSH server-side secure communication.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4364", "Certificate Number": "4364", "Vendor Name": "Nutanix, Inc.", "Module Name": "Nutanix Cryptographic Module for OpenSSH Client", "Module Type": "Software", "Validation Date": "11/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4364.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4364", "module_name": "Nutanix Cryptographic Module for OpenSSH Client", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and configured as specified in Section 3 of the Security Policy with the Nutanix Cryptographic Module for OpenSSL validated to FIPS 140-2 under Cert. #4249 operating in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Nutanix Cryptographic Module for OpenSSH Client is a cryptographic software module, designated as a multi-chip standalone embodiment, and used in Nutanix solutions to provide FIPS 140-2 Approved SSH client-side secure communication.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4363", "Certificate Number": "4363", "Vendor Name": "Saab AB (publ) TransponderTech (SAAB)", "Module Name": "SAAB Encrypted Automatic Identification System Cryptographic Module (EAISCM)", "Module Type": "Firmware", "Validation Date": "11/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4363.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4363", "module_name": "SAAB Encrypted Automatic Identification System Cryptographic Module (EAISCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The SAAB R5 SUPREME AIS Transponder (also referred to as the R5) is designed for all vessels that follow the Safety of Life at Sea (SOLAS) regulations and advanced applications such as Automatic Identification Systems (AIS). AIS provides information about a vessel to other vessels and coastal authorities automatically. The Encrypted Automatic Identification System Cryptographic Module (EAISCM) expands on the R5’s capabilities by providing an AIS with the capability to transmit and receive encrypted data containing the information required by regulation.", "detail_available": true, "algorithms": [ "AES", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4362", "Certificate Number": "4362", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiManager 6.2", "Module Type": "Firmware", "Validation Date": "11/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4362.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4362", "module_name": "FortiManager 6.2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4361", "Certificate Number": "4361", "Vendor Name": "Fortinet, Inc.", "Module Name": "FortiAnalyzer 6.2", "Module Type": "Firmware", "Validation Date": "11/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4361.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4361", "module_name": "FortiAnalyzer 6.2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4360", "Certificate Number": "4360", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "KMF/Wave/Traffic CryptR", "Module Type": "Hardware", "Validation Date": "11/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4360.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4360", "module_name": "KMF/Wave/Traffic CryptR", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Module provides encryption and decryption services for secure key management, Over-the-Air-Rekeying (OTAR), and secure voice/data traffic for Motorola's Key Management Facility (KMF) and Motorola's Wave System. In the Wave System, the Module is referred to as the Wave CryptR/Traffic CryptR. In the Astro System, the Module is referred to as the KMF CryptR. The KMF and the KMF CryptR combine to provide cryptographic services for Motorola’s APCO-25 compliant Astro™ radio systems.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to overall Level 2 per Sections 2.1 and 9.2 of the Security Policy. No assurance of the minimum strength of generated keys", "algorithms": [ "AES", "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4357", "Certificate Number": "4357", "Vendor Name": "Hypersecu Information Systems Inc.", "Module Name": "HyperOTP Token", "Module Type": "Hardware", "Validation Date": "11/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4357.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4357", "module_name": "HyperOTP Token", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/2/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The HyperOTP Token enables strong authentication by positively identifying the user with a one-time password. Pressing the button on the HyperOTP Token generates a secure event-based or time-based one-time password, ensuring proper identification and allowing only authorized access to critical applications and sensitive data. The HyperOTP HOTP complies with IETF RFC4226 event-based authentication methods and the HyperOTP TOTP complies with IETF RFC6238 time-based authentication methods.", "detail_available": true, "algorithms": [ "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4356", "Certificate Number": "4356", "Vendor Name": "Viasat, Inc.", "Module Name": "Type 3 Data Encryption Device (V3K-102)", "Module Type": "Hardware", "Validation Date": "11/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4356.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4356", "module_name": "Type 3 Data Encryption Device (V3K-102)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Viasat Type 3 Data Encryption Device (V3K-102) is a multi-chip embedded cryptographic module. The V3K-102 provides encryption and decryption services, key management, and can provide filtering for domain separation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4354", "Certificate Number": "4354", "Vendor Name": "Google, LLC.", "Module Name": "Google Tensor UFS Inline Storage Encryption Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "11/03/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4354.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4354", "module_name": "Google Tensor UFS Inline Storage Encryption Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Inline storage encryption engine for UFS as part of the Tensor mobile SoC to protect user data at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4352", "Certificate Number": "4352", "Vendor Name": "SZ DJI Technology Co., Ltd.", "Module Name": "Core Crypto Engine", "Module Type": "Firmware-Hybrid", "Validation Date": "11/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4352.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4352", "module_name": "Core Crypto Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "DJI Core Crypto Engine is a firmware hybrid cryptographic module providing foundational security services for the entire platform, including cryptography, key management, platform identity, secure boot, and secure Life Cycle State (LCS). Serving for DJI self-developed SOC, it offers high-throughput cryptography engines suitable for a diverse set of use cases.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4351", "Certificate Number": "4351", "Vendor Name": "Aruba, a Hewlett Packard Enterprise Company", "Module Name": "Aruba VIA Cryptographic Module", "Module Type": "Software", "Validation Date": "11/01/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4351.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4351", "module_name": "Aruba VIA Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 10 of the Security Policy. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Aruba VIA Cryptographic Module Version 1.0 is a software library that provides cryptographic services required by Aruba Virtual Intranet Access", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4350", "Certificate Number": "4350", "Vendor Name": "Guardtime Federal", "Module Name": "Black Lantern® Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/31/202211/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4350.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4350", "module_name": "Black Lantern® Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The BL Cryptographic Module is designed to be integrated into products that have a requirement to be FIPS 140-2 Security Level 3 certified. The module is physically enclosed in a security appliance, designed to protect and secure the module and any pre-loaded applications determined by the integrated products.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4348", "Certificate Number": "4348", "Vendor Name": "Microsoft Corporation", "Module Name": "Windows Resume", "Module Type": "Software", "Validation Date": "10/24/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4348.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4348", "module_name": "Windows Resume", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Boot Manager validated to FIPS 140-2 under Cert. #3923 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4347", "Certificate Number": "4347", "Vendor Name": "Infineon Technologies AG", "Module Name": "Trusted Platform Module 2.0 SLB 9672", "Module Type": "Hardware", "Validation Date": "10/24/202208/23/202310/23/202411/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4347.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4347", "module_name": "Trusted Platform Module 2.0 SLB 9672", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, initialized, and configured as specified in Sections 9.1 and 10 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family \"2.0\", Level 00, Revision 01.59, November 8, 2019 (Parts 1-4), Errata Version 1.6. See http://www.trustedcomputinggroup.org for further information on TCG and TPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4346", "Certificate Number": "4346", "Vendor Name": "Cubic Corporation", "Module Name": "Vocality RoIP and DTECH M3-SE Multi-Function Gateway Appliances", "Module Type": "Hardware", "Validation Date": "10/24/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4346.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4346", "module_name": "Vocality RoIP and DTECH M3-SE Multi-Function Gateway Appliances", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy and tamper evident seals installed as indicated in the Security Policy; The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Vocality ROIP and DTECH M3-SE-MFGW appliances are networked C4ISR solutions for defense, intelligence, security, and commercial missions. The Vocality RoIP appliance provides users with a simple-to-use, small form factor radio gateway solution that allows the connection of legacy push-to-talk and digital radio systems to IP unicast and multicast networks via either Ethernet or an embedded 4G LTE modem. The DTECH M3-SE MFGW offers the capabilities of the ROIP product, but in DTECH’s SE product line which boasts a ruggedized form factor and robust modular power solutions.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4345", "Certificate Number": "4345", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4345.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4345", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4344", "Certificate Number": "4344", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4344.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4344", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4343", "Certificate Number": "4343", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/20/202212/12/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4343.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4343", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4342", "Certificate Number": "4342", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4342.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4342", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4341", "Certificate Number": "4341", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4341.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4341", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4340", "Certificate Number": "4340", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4340.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4340", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4339", "Certificate Number": "4339", "Vendor Name": "Microsoft Corporation", "Module Name": "Windows OS Loader", "Module Type": "Software", "Validation Date": "10/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4339.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4339", "module_name": "Windows OS Loader", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Boot Manager validated to FIPS 140-2 under Cert. #3923 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4338", "Certificate Number": "4338", "Vendor Name": "Entrust", "Module Name": "nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi", "Module Type": "Hardware", "Validation Date": "10/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4338.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4338", "module_name": "nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield modules: nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4337", "Certificate Number": "4337", "Vendor Name": "Entrust", "Module Name": "nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi", "Module Type": "Hardware", "Validation Date": "10/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4337.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4337", "module_name": "nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield modules: nShield F3 10+ 500+ 6000+ & nShield F3 500+ 1500+ 6000+ for nShield Connect+, Connect CLX and HSMi are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 2 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4336", "Certificate Number": "4336", "Vendor Name": "Entrust", "Module Name": "nShield F2 500+ & nShield F2 1500+ & nShield F2 6000+", "Module Type": "Hardware", "Validation Date": "10/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4336.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4336", "module_name": "nShield F2 500+ & nShield F2 1500+ & nShield F2 6000+", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield modules: nShield F2 500+ & nShield F2 1500+ & nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 2 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4335", "Certificate Number": "4335", "Vendor Name": "Entrust", "Module Name": "nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi", "Module Type": "Hardware", "Validation Date": "10/16/202206/18/202406/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4335.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4335", "module_name": "nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield XC F3 PCIe card, sold as nShield XC F3 PCIe server-embedded hardware security modules (HSMs) and also used in the nShield Connect XC and nShield HSMi network appliance HSMs, are multi-tasking HSMs optimized for symmetric and asymmetric operations on protected keys. The nShield modules are FIPS 140-2 Level 3 embedded devices for applications including but not limited to PKI, SSL/TLS, Secure Manufacturing, Data Protection, Key Management and Provisioning.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4334", "Certificate Number": "4334", "Vendor Name": "Entrust", "Module Name": "nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi", "Module Type": "Hardware", "Validation Date": "10/16/202206/18/202406/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4334.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4334", "module_name": "nShield Solo XC F3 & nShield Solo XC F3 for nShield Connect XC and for nShield HSMi", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield XC F3 PCIe card, sold as nShield XC F3 PCIe server-embedded hardware security modules (HSMs) and also used in the nShield Connect XC and nShield HSMi network appliance HSMs, are multi-tasking HSMs optimized for symmetric and asymmetric operations on protected keys. The nShield modules are FIPS 140-2 Level 2 embedded devices for applications including but not limited to PKI, SSL/TLS, Secure Manufacturing, Data Protection, Key Management and Provisioning.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 2 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4333", "Certificate Number": "4333", "Vendor Name": "Entrust", "Module Name": "nShield Solo XC F2", "Module Type": "Hardware", "Validation Date": "10/16/202206/18/202406/27/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4333.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4333", "module_name": "nShield Solo XC F2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The nShield XC F2 PCIe card, sold as nShield XC F2 PCIe server-embedded hardware security modules (HSMs) are multi-tasking HSMs optimized for symmetric and asymmetric operations on protected keys. The nShield module is FIPS 140-2 Level 2 embedded devices for applications including but not limited to PKI, SSL/TLS, Secure Manufacturing, Data Protection, Key Management and Provisioning.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 2 per Security Policy", "algorithms": [ "ECDSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4332", "Certificate Number": "4332", "Vendor Name": "Entrust", "Module Name": "MiniHSM & MiniHSM for nShield Edge F3", "Module Type": "Hardware", "Validation Date": "10/16/202206/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4332.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4332", "module_name": "MiniHSM & MiniHSM for nShield Edge F3", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The MiniHSM and MiniHSM for nShield Edge F3 are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy" }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4331", "Certificate Number": "4331", "Vendor Name": "Entrust", "Module Name": "MiniHSM & MiniHSM for nShield Edge F2", "Module Type": "Hardware", "Validation Date": "10/16/202206/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4331.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4331", "module_name": "MiniHSM & MiniHSM for nShield Edge F2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The MiniHSM and MiniHSM for nShield Edge F2 are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 2 per Security Policy." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4330", "Certificate Number": "4330", "Vendor Name": "Comtech Systems, Inc.", "Module Name": "CS67PLUS Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4330.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4330", "module_name": "CS67PLUS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The CS67PLUS Cryptographic Module is a sub-chip cryptographic subsystem which provides real time AES data encryption and decryption. It typically resides within the FPGA of the CS67PLUS software-defined adaptive troposcatter radio assembly.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4329", "Certificate Number": "4329", "Vendor Name": "Ultra Intelligence and Communications", "Module Name": "3e-636 CyberFence Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4329.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4329", "module_name": "3e-636 CyberFence Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "3eTI’s 636 Series Network Security Devices offer the multiple capabilities necessary for protecting embedded devices and safety-critical industrial control systems (ICS) against internal and external attacks. The core capabilities include VPN encryption, VLAN encryption, network access control, OSI Layer 2 and Layer 3 packet filtering, industrial control protocols packet inspection and secured application data transportation (via encryption).", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4328", "Certificate Number": "4328", "Vendor Name": "Thales", "Module Name": "Thales Cryptovisor K7+ Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/12/202203/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4328.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4328", "module_name": "Thales Cryptovisor K7+ Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Thales Cryptovisor K7+ Cryptographic Module is a high-assurance, Hardware Security Module with a tamper-active physical enclosure targeted at the service provider market. The cryptographic module secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security for elastic deployments particularly in support of cloud applications.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy" }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4327", "Certificate Number": "4327", "Vendor Name": "Thales", "Module Name": "Thales Cryptovisor K7 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "10/12/202202/27/202311/28/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4327.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4327", "module_name": "Thales Cryptovisor K7 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Thales Cryptovisor K7 Cryptographic Module is a high-assurance, tamper-resistant Hardware Security Module targeted at the service provider market. The cryptographic module secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security for elastic deployments, particularly in support of cloud applications. The module meets compliance and audit needs for FIPS 140, HIPA", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy" }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4326", "Certificate Number": "4326", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/11/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4326.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4326", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4325", "Certificate Number": "4325", "Vendor Name": "Rambus Inc.", "Module Name": "CryptoManager Root of Trust (CMRT)", "Module Type": "Hardware", "Validation Date": "10/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4325.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4325", "module_name": "CryptoManager Root of Trust (CMRT)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "CMRT is a Silicon IP Security Module with a secure asset store protecting all valuable assets on your device. It is a stand-alone Root of Trust that offers key management and crypto functions needed for platform and application security. CMRT offers all security services to manage your device securely through its lifecycle. These include Secure Debug, Secure Provisioning, Identity protection and secure authentication services. Secure Boot and Communication protocols such as TLS can leverage CMRT to secure the boot process and protect private communication keys.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4324", "Certificate Number": "4324", "Vendor Name": "CyberCogs, Inc.", "Module Name": "CyberCogs Hardware Security Module", "Module Type": "Hardware", "Validation Date": "10/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4324.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4324", "module_name": "CyberCogs Hardware Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The CyberCogs HSM is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card. The module is intended for use within a general-purpose or custom computing platform. The module is contained in its own secure tamper envelope providing active anti-tamper functionality. The module is designed to offer blind secure PKCS11 key signing, encryption, and token storage with physical security, over a PCIe connection to a Host server.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4323", "Certificate Number": "4323", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/07/202212/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4323.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4323", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4322", "Certificate Number": "4322", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "Module Type": "Software-Hybrid", "Validation Date": "10/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4322.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4322", "module_name": "Qualcomm® Trusted Execution Environment (TEE) Software Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Qualcomm(R) Pseudo Random Number Generator validated to FIPS 140-2 under Cert. #3114 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Single Chip", "description": "Qualcomm Trusted Execution Environment Software Cryptographic Library provides various software cryptographic functionalities to the 32/64 bit Qualcomm Trusted Execution Environment Trusted Applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4321", "Certificate Number": "4321", "Vendor Name": "Dell, Inc.", "Module Name": "Dell Crypto Library for Dell iDRAC and Dell OME-M", "Module Type": "Software", "Validation Date": "10/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4321.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4321", "module_name": "Dell Crypto Library for Dell iDRAC and Dell OME-M", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Dell Crypto Library for Dell iDRAC and Dell OME-M provides cryptography to Dell iDRAC and Dell OME-M lifecycle controllers providing them with the protection afforded by industry-standard, government-approved algorithms to ensure secure, remote management. Dell iDRAC, Dell CMC, and Dell OME-M leverage the Dell Crypto Library for Dell iDRAC and Dell OME-M to ensure use of FIPS 140-2 validated cryptography." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4312", "Certificate Number": "4312", "Vendor Name": "Shanghai Muge Technology Co., Ltd", "Module Name": "GM01", "Module Type": "Hardware", "Validation Date": "10/03/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4312.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4312", "module_name": "GM01", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "GM01 Cryptographic Module is a multi-chip embedded cryptographic module designed to decrypt and decode audio/video data for a digital cinema projector.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4310", "Certificate Number": "4310", "Vendor Name": "Verkada Inc.", "Module Name": "Verkada Cryptographic Module", "Module Type": "Software", "Validation Date": "09/26/202208/16/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4310.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4310", "module_name": "Verkada Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Verkada Cryptographic Module is a software toolkit which provides various cryptographic functions to support the Verkada Command Platform.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4309", "Certificate Number": "4309", "Vendor Name": "Western Digital Technologies, Inc.", "Module Name": "Ultrastar® DC SN640 NVMe™ PCIe 3.0 Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "09/26/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4309.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4309", "module_name": "Ultrastar® DC SN640 NVMe™ PCIe 3.0 Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ultrastar® DC SN640 NVMe™ PCIe 3.0 Self Encrypting Drive, from Western Digital, targets broad deployment opportunities in data center IT and cloud environments. The Ultrastar DC SN640 SSD is designed to maximize flash memory perfomance. The Ultrastar DC SN640, optimized to deliver high performance, ultra-low latency, high scalablity, provides lower TCO compared to SATA-based SSDs. The Ultrastar DC SN640 allows cloud installations to better manage peak demands, especially workloads associated with AI/ML, OLTP, virtualization, CDN, etc.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4306", "Certificate Number": "4306", "Vendor Name": "Dell Australia Pty Limited, BSAFE Product Team", "Module Name": "RSA BSAFE® Crypto-C Micro Edition", "Module Type": "Software", "Validation Date": "09/19/202210/24/202204/12/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4306.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4306", "module_name": "RSA BSAFE® Crypto-C Micro Edition", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "BSAFE Crypto-C Micro Edition is a software module providing a comprehensive set of cryptographic algorithms, including asymmetric key algorithms, symmetric key algorithms, message digests, message authentication, and deterministic random bit generator (DRBG) support. Developers can use the full set of algorithms through a single Application Programming Interface (API) or select a specific set of algorithms to reduce code size or meet performance requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4305", "Certificate Number": "4305", "Vendor Name": "Dell Australia Pty Limited, BSAFE Product Team", "Module Name": "RSA BSAFE® Crypto-C Micro Edition", "Module Type": "Software", "Validation Date": "09/19/202210/24/202204/12/202303/28/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4305.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4305", "module_name": "RSA BSAFE® Crypto-C Micro Edition", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "BSAFE Crypto-C Micro Edition is a software module providing a comprehensive set of cryptographic algorithms, including asymmetric key algorithms, symmetric key algorithms, message digests, message authentication, and deterministic random bit generator (DRBG) support. Developers can use the full set of algorithms through a single Application Programming Interface (API) or select a specific set of algorithms to reduce code size or meet performance requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4304", "Certificate Number": "4304", "Vendor Name": "STMicroelectronics", "Module Name": "Trusted Platform Module ST33TPHF2XSPI [A], ST33TPHF2XI2C [B], ST33GTPMASPI [C], ST33GTPMAI2C [D], ST33GTPMISPI [E] & ST33GTPMII2C [F]", "Module Type": "Hardware", "Validation Date": "09/19/202210/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4304.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4304", "module_name": "Trusted Platform Module ST33TPHF2XSPI [A], ST33TPHF2XI2C [B], ST33GTPMASPI [C], ST33GTPMAI2C [D], ST33GTPMISPI [E] & ST33GTPMII2C [F]", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Trusted Platform Module ST33TPHF2XSPI, ST33TPHF2XI2C, ST33GTPMASPI, ST33GTPMAI2C, ST33GTPMISPI & ST33GTPMII2C (TPM) is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key and random number generation. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family \"2.0\", Level 00, Revision 01.38, September 2016 and Revision 1.59, November 2019. See www.trustedcomputinggroup.org for further information on TCG and TPM.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4303", "Certificate Number": "4303", "Vendor Name": "WISeKey Semiconductors", "Module Name": "VaultIC™ 405 1.2.6", "Module Type": "Hardware", "Validation Date": "09/19/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4303.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4303", "module_name": "VaultIC™ 405 1.2.6", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The VaultIC™ products are security modules designed to secure various applications such as anticloning, physical access control, personal access control for multimedia and web applications, hardware authentication, user strong authentication, SSL support, PKCS#11 or Microsoft® CSP based applications, PKI applications, DRM, trusted computing, IP protection… It is a turnkey solution that combines powerful cryptographic capabilities and secure data storage.", "detail_available": true, "algorithms": [ "DES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4302", "Certificate Number": "4302", "Vendor Name": "WISeKey Semiconductors", "Module Name": "VaultIC™ 405 1.2.6", "Module Type": "Hardware", "Validation Date": "09/19/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4302.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4302", "module_name": "VaultIC™ 405 1.2.6", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "VaultIC™ products are security modules designed to secure various applications such as anticloning, physical access control, personal access control for multimedia and web applications, hardware authentication, user strong authentication, SSL support, PKCS#11 or Microsoft® CSP based applications, PKI applications, DRM, trusted computing, IP protection… It is a turnkey solution that combines powerful cryptographic capabilities and secure data storage.", "detail_available": true, "algorithms": [ "DES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4301", "Certificate Number": "4301", "Vendor Name": "Motorola Mobility Inc", "Module Name": "Motorola BoringCrypto Android", "Module Type": "Software", "Validation Date": "09/15/202211/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4301.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4301", "module_name": "Motorola BoringCrypto Android", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Motorola BoringCrypto Android module is an open-source, general-purpose cryptographic library which provides FIPS 140-2 approved cryptographic algorithms to serve BoringSSL and other user-space applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4300", "Certificate Number": "4300", "Vendor Name": "LogRhythm", "Module Name": "LogRhythm 7.8.0 AI Engine Server", "Module Type": "Software", "Validation Date": "09/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4300.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4300", "module_name": "LogRhythm 7.8.0 AI Engine Server", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3197 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The LogRhythm 7.8.0 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Data Processors and Platform Manager SQL Server databases.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4299", "Certificate Number": "4299", "Vendor Name": "DigiCert, Inc.", "Module Name": "Mocana Cryptographic Suite B Module", "Module Type": "Software", "Validation Date": "09/12/202210/24/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4299.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4299", "module_name": "Mocana Cryptographic Suite B Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Mocana Cryptographic Suite B Module (Software Version 6.5.2f) is a software only, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4298", "Certificate Number": "4298", "Vendor Name": "DigiCert, Inc.", "Module Name": "Mocana Cryptographic Loadable Kernel Module", "Module Type": "Software", "Validation Date": "09/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4298.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4298", "module_name": "Mocana Cryptographic Loadable Kernel Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Mocana Cryptographic Loadable Kernel Module (Software Version 6.5.2f) is a software only, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4297", "Certificate Number": "4297", "Vendor Name": "NetApp, Inc.", "Module Name": "NetApp Cryptographic Security Module", "Module Type": "Software", "Validation Date": "09/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4297.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4297", "module_name": "NetApp Cryptographic Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4296", "Certificate Number": "4296", "Vendor Name": "Ultra Electronics TCS Inc.", "Module Name": "AN/GRC-262", "Module Type": "Hardware", "Validation Date": "09/11/202203/31/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4296.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4296", "module_name": "AN/GRC-262", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Sections [7.1] and [12.1.1] of the Security Policy. The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The AN/GRC-262 radio is a multiband, point-to-point (PTP), point-to-multipoint (PMP) and Mesh radio system capable of providing at-the-halt communications across multiple echelons and on-the-move access capability. The system offers up to 1Gbps throughput and operational flexibility in a compact form factor.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4293", "Certificate Number": "4293", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Secure Processing Unit", "Module Type": "Hardware", "Validation Date": "09/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4293.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4293", "module_name": "Qualcomm® Secure Processing Unit", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode with module Qualcomm(R) Secure Processing Unit (SPU) Random Number Generator (RNG) validated to FIPS 140-2 under Cert. #3911 operating in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The cryptographic module is implemented in the Secure Processing Unit hardware, which resides in Snapdragon 8cx Gen 3 Mobile Compute Platform processors", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4292", "Certificate Number": "4292", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "09/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4292.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4292", "module_name": "Ubuntu 20.04 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4291", "Certificate Number": "4291", "Vendor Name": "Extreme Networks, Inc.", "Module Name": "Extreme Networks SLX 9540 and SLX 9740 Switches", "Module Type": "Hardware", "Validation Date": "09/01/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4291.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4291", "module_name": "Extreme Networks SLX 9540 and SLX 9740 Switches", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized, and configured as specified in Section 9 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Extreme SLX-OS, provides carrier-class advanced features that leverage proven Extreme routing, MPLS, Carrier Ethernet, and VXLAN overlay technology currently deployed in the most demanding service provider, data center, and enterprise networks. And it is all delivered through space and power-efficient forwarding hardware. Basic requirements include support for a full Internet routing table, mainstream routing protocols BGP, OSPF and IS-IS, EVPN VxLAN, ACLs, BGP Internet peering scale, MPLS, deep buffer, device management and entry level DDoS protection.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4290", "Certificate Number": "4290", "Vendor Name": "LogRhythm", "Module Name": "LogRhythm 7.8.0 System Monitor Agent", "Module Type": "Software", "Validation Date": "08/31/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4290.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4290", "module_name": "LogRhythm 7.8.0 System Monitor Agent", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3197 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The LogRhythm 7.8.0 System Monitor Agent cryptographic module provides cryptographic services to a System Monitor Agent. In particular, these services support secure communication with a LogRhythm Data Processor component.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4289", "Certificate Number": "4289", "Vendor Name": "LogRhythm", "Module Name": "LogRhythm 7.8.0 Platform Manager", "Module Type": "Software", "Validation Date": "08/31/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4289.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4289", "module_name": "LogRhythm 7.8.0 Platform Manager", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3197 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The LogRhythm 7.8.0 Platform Manager cryptographic module provides cryptographic services to a Platform Manager. In particular, these services support secure communication with supporting SQL Server databases.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4288", "Certificate Number": "4288", "Vendor Name": "LogRhythm", "Module Name": "LogRhythm 7.8.0 Console", "Module Type": "Software", "Validation Date": "08/31/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4288.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4288", "module_name": "LogRhythm 7.8.0 Console", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3197 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The LogRhythm 7.8.0 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4287", "Certificate Number": "4287", "Vendor Name": "NextFlex", "Module Name": "NextFlex AirGuardian", "Module Type": "Hardware", "Validation Date": "08/30/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4287.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4287", "module_name": "NextFlex AirGuardian", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The NextFlex Cryptographic module provides cryptographic capabilities to the NextFlex Air Guardian.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4286", "Certificate Number": "4286", "Vendor Name": "VMware, Inc.", "Module Name": "VMware's VPN Crypto Module", "Module Type": "Software", "Validation Date": "08/30/202211/07/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4286.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4286", "module_name": "VMware's VPN Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware's VPN Crypto Module is a software cryptographic module whose purpose is to provide FIPS 140-2 validated cryptographic functions to various VMware applications utilizing VPN capabilities.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4284", "Certificate Number": "4284", "Vendor Name": "Qumulo, Inc.", "Module Name": "Qumulo Secure", "Module Type": "Software-Hybrid", "Validation Date": "08/28/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4284.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4284", "module_name": "Qumulo Secure", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Qumulo Secure v1.0 cryptographic module is a component of the Qumulo Core software solution (versions 3.x.x and later). Qumulo Secure offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including TLS 1.2).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282", "Certificate Number": "4282", "Vendor Name": "The OpenSSL Project", "Module Name": "OpenSSL FIPS Provider", "Module Type": "Software", "Validation Date": "08/23/202203/10/202305/23/202301/22/202407/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4282.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282", "module_name": "OpenSSL FIPS Provider", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Provider is a software library providing a C-language application program interface (API) for use by applications that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4280", "Certificate Number": "4280", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "08/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4280.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4280", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4279", "Certificate Number": "4279", "Vendor Name": "Advantor Systems, A Vectrus Company", "Module Name": "Infraguard Processor Module", "Module Type": "Hardware", "Validation Date": "08/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4279.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4279", "module_name": "Infraguard Processor Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4278", "Certificate Number": "4278", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Catalyst 9115AXI/AXE, 9120AXI/AXE/AXP, 9130AXI/AXE and 9105AXI/AXW Wireless LAN Access Points", "Module Type": "Hardware", "Validation Date": "08/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4278.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4278", "module_name": "Cisco Catalyst 9115AXI/AXE, 9120AXI/AXE/AXP, 9130AXI/AXE and 9105AXI/AXW Wireless LAN Access Points", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in the Section 3 of Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Catalyst Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4277", "Certificate Number": "4277", "Vendor Name": "Microsoft Corporation", "Module Name": "Microsoft Azure Linux Kernel Crypto API", "Module Type": "Software", "Validation Date": "08/15/202203/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4277.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4277", "module_name": "Microsoft Azure Linux Kernel Crypto API", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Microsoft Azure Linux Kernel Crypto API Cryptographic Module is a general-purpose, software-based cryptographic module. The module provides general purpose cryptographic services that leverage FIPS 140-2-approved cryptographic algorithms. The module runs as part of the operating system kernel, provides cryptographic services to kernel applications through a C language Application Program Interface (API), and provides cryptographic services to user applications through an AF_ALG socket interface. The module is implemented as a set of shared libraries and binary files.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4275", "Certificate Number": "4275", "Vendor Name": "LogRhythm", "Module Name": "LogRhythm 7.8.0 Data Processor", "Module Type": "Software", "Validation Date": "08/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4275.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4275", "module_name": "LogRhythm 7.8.0 Data Processor", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Cryptographic Primitives Library validated to FIPS 140-2 under Cert. #3197 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The LogRhythm 7.8.0 Data Processor cryptographic module provides cryptographic services to a Data Processor. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents, Data Indexers and AI Engine Servers) and SQL Server databases.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4273", "Certificate Number": "4273", "Vendor Name": "Microsoft Corporation", "Module Name": "Microsoft Azure Networking Adapter Kernel", "Module Type": "Software-Hybrid", "Validation Date": "07/25/202208/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4273.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4273", "module_name": "Microsoft Azure Networking Adapter Kernel", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Library is a general-purpose, software-hybrid cryptographic module. The module provides general purpose cryptographic services that leverage FIPS 140-2-approved cryptographic algorithms. The module runs as part of the operating system kernel, provides cryptographic services to kernel applications through a C language Application Program Interface (API), and provides cryptographic services to user applications through an AF_ALG socket-type interface. The module is implemented as a set of shared libraries and binary files.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4272", "Certificate Number": "4272", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4272.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4272", "module_name": "Red Hat Enterprise Linux 8 GnuTLS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9 and 10 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with Red Hat Enterprise Linux 8.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4271", "Certificate Number": "4271", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4271.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4271", "module_name": "Red Hat Enterprise Linux 8 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4270", "Certificate Number": "4270", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar® DC SN540 NVMe™ PCIe 3.0 Self-Encrypting Drive and Ultrastar® DC ZN540 NVMe™ PCIe 3.0 Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4270.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4270", "module_name": "Ultrastar® DC SN540 NVMe™ PCIe 3.0 Self-Encrypting Drive and Ultrastar® DC ZN540 NVMe™ PCIe 3.0 Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ultrastar® DC SN540 NVMe™ PCIe 3.0 Self-Encrypting Drive and Ultrastar® DC ZN540 NVMe™ PCIe 3.0 Self-Encrypting Drive, from Western Digital, delivers extreme performance and ultra-low latency to the top tier of enterprise storage. With proven dual-port NVMe architecture, these drives are best suited for performance demanding platforms including HPC servers, mission-critical applications and workloads that require superior read/write performance and low latency.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4269", "Certificate Number": "4269", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar® DC HC550 TCG Opal Self-Encrypting Drive and Ultrastar® DC HC650 TCG Opal Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4269.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4269", "module_name": "Ultrastar® DC HC550 TCG Opal Self-Encrypting Drive and Ultrastar® DC HC650 TCG Opal Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The self-encrypting 18TB Ultrastar® DC HC550 HDD and 20TB Ultrastar® DC HC650 HDD, meet or exceed data center performance and security requirements. Both HDDs incorporate sixth-generation HelioSeal® and Energy-Assisted Magnetic Recording technology. EAMR allows for high media precision and increaesed areal density. The host-managed SMR Ultrastar® DC HC650 rpovides data centers with the highest capacity HDD. Higher capacity translates to lower CapEx. Lower power consumption contributees to OpEx savings. A 2.5M hours MTBF, means both HDDs provide high reliability for mission critical environment", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4268", "Certificate Number": "4268", "Vendor Name": "Western Digital Technologies, Inc.", "Module Name": "Ultrastar® DC SN840 NVMe™ PCIe 3.0 Self Encrypting Drive", "Module Type": "Hardware", "Validation Date": "07/18/202209/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4268.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4268", "module_name": "Ultrastar® DC SN840 NVMe™ PCIe 3.0 Self Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Ultrastar® DC SN840 NVMe™ PCIe 3.0 Self Encrypting Drive, from Western Digital, delivers extreme performance and ultra-low latency to the top tier of enterprise storage. With proven dual-port NVMe architecture, these drives are best suited for performance demanding platforms including HPC servers, misson-critical applications and workloads that require superior read/write performance and low latency.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4267", "Certificate Number": "4267", "Vendor Name": "BlackBerry Limited", "Module Name": "Security Builder® FIPS Module", "Module Type": "Software", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4267.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4267", "module_name": "Security Builder® FIPS Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SB FIPS Module is a cryptographic toolkit for C language users, providing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4266", "Certificate Number": "4266", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 Libreswan Cryptographic Module", "Module Type": "Software", "Validation Date": "07/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4266.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4266", "module_name": "Oracle Linux 7 Libreswan Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with Oracle Linux 7 NSS Cryptographic Module validated to FIPS 140-2 under Cert. #4171 operating in FIPS mode and Oracle Linux OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #4170 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Linux 7 Libreswan Cryptographic Module is a framework for providing cryptographic services to other network entities implementing the IKEv1 and IKEv2 protocols.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4265", "Certificate Number": "4265", "Vendor Name": "Google, LLC", "Module Name": "Inline Crypto Engine (ICE)", "Module Type": "Hardware", "Validation Date": "07/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4265.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4265", "module_name": "Inline Crypto Engine (ICE)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Inline Crypto Engine (ICE) module is comprised of a sub-chip cryptographic subsystem in the Google IN762 SoC. The module provides a cryptographic engine supporting cryptographic offload for IPsec and PSP protocols. The ICE module processes network infrastructure packets in both the Ingress and Egress directions. In addition to providing the cryptographic primitives for the security protocols it also provides packet integrity authentication and anti-replay protection.", "detail_available": true, "algorithms": [ "AES", "KDF" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4264", "Certificate Number": "4264", "Vendor Name": "Check Point Software Technologies Ltd.", "Module Name": "Quantum Security Gateway Cryptographic Library", "Module Type": "Firmware", "Validation Date": "07/15/202208/26/202205/30/202309/25/202307/29/202508/27/202502/24/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4264.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4264", "module_name": "Quantum Security Gateway Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3 Secure Operation", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Check Point Cryptographic Library is a firmware module that provides cryptographic services to Check Point products. The module provides a number of NIST validated cryptographic algorithms for services such as IPSec and TLS. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4263", "Certificate Number": "4263", "Vendor Name": "Marvell", "Module Name": "NITROXIII CNN35XX-NFBE HSM Family", "Module Type": "Hardware", "Validation Date": "07/13/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4263.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4263", "module_name": "NITROXIII CNN35XX-NFBE HSM Family", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2 level 3. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, offloading general and TLS specific crypto operations through dedicated logical I/O channels. This product is suitable for PKI users, vendors, TLS servers/load balancers." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4262", "Certificate Number": "4262", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWall Network Security Virtual Appliances", "Module Type": "Firmware", "Validation Date": "07/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4262.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4262", "module_name": "SonicWall Network Security Virtual Appliances", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The NSv series delivers the automated real-time breach detection and prevention organizations need by utilizing innovative deep learning technologies in the SonicWall Capture Cloud Platform. This platform delivers cloud-based threat prevention and network management plus reporting and analytics for organizations of any size.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4261", "Certificate Number": "4261", "Vendor Name": "Huawei Technologies Co., Ltd.", "Module Name": "HSSD_V6 Series", "Module Type": "Hardware", "Validation Date": "07/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4261.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4261", "module_name": "HSSD_V6 Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "HSSD_V6 family module are designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. It also provides instantaneous sanitization of the user data via cryptographic erase.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4260", "Certificate Number": "4260", "Vendor Name": "Druva Inc.", "Module Name": "Druva FIPS Cryptographic Module", "Module Type": "Software", "Validation Date": "07/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4260.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4260", "module_name": "Druva FIPS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Druva FIPS Cryptographic Module provides cryptographic functions to Druva Cloud Platform and associated Products and Services. The module delivers core cryptographic functions and features robust algorithm support.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4259", "Certificate Number": "4259", "Vendor Name": "Barracuda Networks", "Module Name": "Barracuda KTINA FIPS Crypto Module", "Module Type": "Software", "Validation Date": "06/29/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4259.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4259", "module_name": "Barracuda KTINA FIPS Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "No assurance of minimum strength or security of keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Barracuda KTINA FIPS Crypto Module is a Linux kernel module library that provides fundamental cryptographic functions for applications in Barracuda security products that require FIPS 140-2 approved cryptographic functions.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4258", "Certificate Number": "4258", "Vendor Name": "Macronix International Co., Ltd.", "Module Name": "Macronix ArmorFlash MX78 series", "Module Type": "Hardware", "Validation Date": "06/27/202209/28/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4258.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4258", "module_name": "Macronix ArmorFlash MX78 series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The output of the DRBG may not be used to generate keys.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The ArmorFlash is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography. ArmorFlash is a security solution for a wide range of identification, authentication and encryption requirements for automotive, computing and industrial environments, as a device peripheral to the MCU, with the application controlling the storage of the module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4254", "Certificate Number": "4254", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "06/23/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4254.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4254", "module_name": "Red Hat Enterprise Linux 8 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 8 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4252", "Certificate Number": "4252", "Vendor Name": "Aerospike, Inc.", "Module Name": "Aerospike Enterprise Database Federal Edition", "Module Type": "Software", "Validation Date": "06/21/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4252.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4252", "module_name": "Aerospike Enterprise Database Federal Edition", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Aerospike Enterprise Database Federal Edition offloads functions for secure key management, data integrity, data-at-rest encryption, and secure communications (TLS) to a trusted implementation. This module is incorporated into the Aerospike Database servers and the client libraries that enable applications to access the database.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4251", "Certificate Number": "4251", "Vendor Name": "Allied Telesis", "Module Name": "AT-x220, AT-x320, AT-x950 Secure Management Module", "Module Type": "Hardware", "Validation Date": "06/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4251.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4251", "module_name": "AT-x220, AT-x320, AT-x950 Secure Management Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode and installed, initialized, and configured as specified in Section 8 of the Security Policy and tamper-evident seals installed as indicated in Section 5", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The AlliedWare Plus OpenSSL FIPS Object Module is a software library which provides cryptographic support for securing the communications and management of the device. The products certified cover AT-x950, AT-x320, and AT-x220 models.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4250", "Certificate Number": "4250", "Vendor Name": "Crypto4A Technologies Inc.", "Module Name": "QASM Cryptographic Module", "Module Type": "Hardware", "Validation Date": "06/13/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4250.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4250", "module_name": "QASM Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The QASM Cryptographic Module is a high-assurance, tamper-resistant Hardware Security Module (HSM) which secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance. The QASM can be embedded into the QxEDGE family of security appliances for FIPS 140-2 validated key security or be used as a standalone co-processor for an external computing system using a docking-station adapter.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4249", "Certificate Number": "4249", "Vendor Name": "Nutanix, Inc.", "Module Name": "Nutanix Cryptographic Module for OpenSSL", "Module Type": "Software", "Validation Date": "06/13/202205/11/202306/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4249.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4249", "module_name": "Nutanix Cryptographic Module for OpenSSL", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Nutanix Cryptographic Module for OpenSSL is a cryptographic software library, designated as a multi-chip standalone embodiment, and used in Nutanix, Inc. solutions to provide FIPS 140-2 Approved cryptographic algorithms and TLS secure communication.", "algorithms": [ "AES", "CVL", "DES", "DSA", "ECDSA", "KDF", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4247", "Certificate Number": "4247", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "06/09/202201/14/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4247.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4247", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4246", "Certificate Number": "4246", "Vendor Name": "Huawei Technologies CO., Ltd.", "Module Name": "Huawei EulerOS 2.0 OpenSSH Client Cryptographic Module", "Module Type": "Software", "Validation Date": "06/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4246.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4246", "module_name": "Huawei EulerOS 2.0 OpenSSH Client Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "This module contains the embedded module Huawei EulerOS 2.0 OpenSSL Cryptographic module validated to FIPS 140-2 under Cert. #4235 operating in FIPS mode. When operated in FIPS mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Huawei EulerOS 2.0 OpenSSH Client Cryptographic Module is a binary implementing the Secure Shell (SSH) protocol in the EulerOS 2.0 Operating System user space. The module interacts with other entities acting as SSH servers via the SSH protocol. The module only supports SSHv2 protocol.", "detail_available": true, "algorithms": [ "DSA", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4243", "Certificate Number": "4243", "Vendor Name": "Cambium Networks, Ltd.", "Module Name": "PTP 700 Point to Point Wireless Ethernet Bridge", "Module Type": "Hardware", "Validation Date": "06/06/202201/27/202304/26/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4243.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4243", "module_name": "PTP 700 Point to Point Wireless Ethernet Bridge", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The PTP 700 is deployed to create a point-to-point wireless bridge joining two Ethernet networks, or a point-to-multipoint wireless bridge joining between two and nine Ethernet networks. The PTP 45700 variant operates in licensed, lightly-licensed, and unlicensed frequency bands between 4400 MHz and 5875 MHz in channel bandwidths up to 45 MHz, providing aggregate data rates up to 450 Mbit/s. The PTP 78700 variant operates in licensed frequency bands between 7125 MHz and 8500 MHz, in channel bandwidths up to 45 MHz, providing aggregate data rates up to 503 Mbit/s.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4242", "Certificate Number": "4242", "Vendor Name": "Huawei Technologies CO., Ltd.", "Module Name": "Huawei EulerOS 2.0 OpenSSH Server Cryptographic Module", "Module Type": "Software", "Validation Date": "06/06/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4242.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4242", "module_name": "Huawei EulerOS 2.0 OpenSSH Server Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "This module contains the embedded module Huawei EulerOS 2.0 OpenSSL Cryptographic module validated to FIPS 140-2 under Cert. #4235 operating in FIPS mode. When operated in FIPS mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Huawei EulerOS 2.0 OpenSSH Server Cryptographic Module is a binary implementing the Secure Shell (SSH) protocol in the EulerOS 2.0 Operating System user space. The module interacts with other entities acting as SSH clients via the SSH protocol. The module only supports SSHv2 protocol.", "detail_available": true, "algorithms": [ "DSA", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4241", "Certificate Number": "4241", "Vendor Name": "silex technology, Inc.", "Module Name": "SX-590-1402", "Module Type": "Hardware", "Validation Date": "06/05/202206/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4241.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4241", "module_name": "SX-590-1402", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SX-590-1402 is Silex’s latest fifth generation high-performance Serial/Ethernet to Wi-Fi module that provides connectivity for low-power portable devices to 802.11 wireless local area networks (WLANS). The SX-590-1402 provides NIST validated 802.11 WLAN encryption and validated TLS encryption for network connection to the module’s Serial Data port.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4238", "Certificate Number": "4238", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM1733/PM1735 Series", "Module Type": "Hardware", "Validation Date": "05/26/202208/04/202205/06/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4238.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4238", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM1733/PM1735 Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in the Security Rules Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung NVMe TCG Opal SSC SEDs PM1733/PM1735 Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS-3072 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4236", "Certificate Number": "4236", "Vendor Name": "NEC Corporation", "Module Name": "NEC Storage Encryption Board for SAS", "Module Type": "Hardware", "Validation Date": "05/25/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4236.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4236", "module_name": "NEC Storage Encryption Board for SAS", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The NEC Storage Encryption Board for SAS provides high speed data at rest encryption for NEC Storage.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4235", "Certificate Number": "4235", "Vendor Name": "Huawei Technologies CO., Ltd.", "Module Name": "Huawei EulerOS 2.0 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "05/25/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4235.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4235", "module_name": "Huawei EulerOS 2.0 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Huawei EulerOS 2.0 OpenSSL Cryptographic Module is a software library supporting the implementation of Transport Layer Security (TLS) protocol v1.2 as well as general purpose approved cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying EulerOS 2.0 operating system through a C language application program interface (API).", "detail_available": true, "algorithms": [ "DSA", "ECDSA", "HMAC", "RSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4234", "Certificate Number": "4234", "Vendor Name": "ICU Medical, Inc.", "Module Name": "ICU Medical CE3.0 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "05/24/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4234.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4234", "module_name": "ICU Medical CE3.0 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "ICU Medical CE3.0 OpenSSL Cryptographic Module 2.0.9.1 is used within various ICU Medical Plum360 Infusion Pumps for providing secure communication between Infusion pumps and external server.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4233", "Certificate Number": "4233", "Vendor Name": "VMware, Inc.", "Module Name": "VMware’s Linux Cryptographic Module", "Module Type": "Software", "Validation Date": "05/24/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4233.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4233", "module_name": "VMware’s Linux Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware’s Linux Cryptographic Module is a cryptographic implementation in the kernel of Photon OS that provides FIPS Approved functionalities to applications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4232", "Certificate Number": "4232", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "05/23/202207/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4232.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4232", "module_name": "Oracle Linux 8 libgcrypt Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Linux 8 libgcrypt Cryptographic Module is a software library implementing general purpose cryptographic algorithms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4229", "Certificate Number": "4229", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/16/202208/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4229.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4229", "module_name": "Oracle Linux 8 GnuTLS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Linux 8 GnuTLS Cryptographic Module is a set of libraries implementing general purpose cryptographic algorithms and network protocols.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4228", "Certificate Number": "4228", "Vendor Name": "Kanguru Solutions", "Module Name": "Defender HDD 350", "Module Type": "Hardware", "Validation Date": "05/16/202210/04/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4228.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4228", "module_name": "Defender HDD 350", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Defender HDD 350 is a 256-bit AES hardware encrypted USB Hard Drive Crypto Module used primarily to secure data at rest. The Kanguru Defender line of secure USB solutions is remotely manageable through the Kanguru Remote Management Console (KRMC).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4227", "Certificate Number": "4227", "Vendor Name": "BD", "Module Name": "Alaris™ PC Unit Model 8015", "Module Type": "Hardware", "Validation Date": "05/16/202202/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4227.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4227", "module_name": "Alaris™ PC Unit Model 8015", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper-evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The BD Alaris™ PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4226", "Certificate Number": "4226", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/12/202208/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4226.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4226", "module_name": "Oracle Linux 8 NSS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 8 NSS Cryptographic Module is a set of libraries designed to support cross-platform development of security-enabled applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4225", "Certificate Number": "4225", "Vendor Name": "Pitney Bowes, Inc.", "Module Name": "X4i Hardware Security Module (HSM)", "Module Type": "Hardware", "Validation Date": "05/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4225.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4225", "module_name": "X4i Hardware Security Module (HSM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS Mode. No assurance of the minimum strength of generated keys.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The X4i HSM is a single chip cryptographic module using the Maxim MAX32590 hardware. The central purpose of the module is as a physical computing device that safeguards and manages cryptographic keys and provides cryptographic services to connected host devices.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4223", "Certificate Number": "4223", "Vendor Name": "Nokia Corporation", "Module Name": "7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Data Plane Cryptographic Module (SARDCM)", "Module Type": "Firmware", "Validation Date": "05/10/202212/21/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4223.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4223", "module_name": "7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Data Plane Cryptographic Module (SARDCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The 7705 SAR-OS SAR-18/8/X/Ax/Wx/W/H/Hc Control Plane Cryptographic Module (SARDPCM) provides the cryptographic algorithm functions needed to allow SAR-OS to implement cryptography for those services and protocols that require it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4221", "Certificate Number": "4221", "Vendor Name": "Trellix", "Module Name": "Trellix Core Cryptographic Module (user)", "Module Type": "Software", "Validation Date": "05/09/202203/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4221.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4221", "module_name": "Trellix Core Cryptographic Module (user)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trellix Core Cryptographic Module provides cryptographic functionality for Trellix's Endpoint Encryption product range.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4220", "Certificate Number": "4220", "Vendor Name": "Trellix", "Module Name": "Trellix Core Cryptographic Module (kernel)", "Module Type": "Software", "Validation Date": "05/09/202203/13/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4220.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4220", "module_name": "Trellix Core Cryptographic Module (kernel)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trellix Core Cryptographic Module provides cryptographic functionality for Trellix's Endpoint Encryption product range.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4219", "Certificate Number": "4219", "Vendor Name": "JVCKENWOOD Corporation", "Module Name": "Secure Cryptographic Module (SCM)", "Module Type": "Hardware", "Validation Date": "05/09/202207/29/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4219.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4219", "module_name": "Secure Cryptographic Module (SCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption.", "detail_available": true, "algorithms": [ "AES", "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4216", "Certificate Number": "4216", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung BoringSSL Android", "Module Type": "Software", "Validation Date": "05/09/202211/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4216.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4216", "module_name": "Samsung BoringSSL Android", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4215", "Certificate Number": "4215", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "05/09/202207/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4215.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4215", "module_name": "Oracle Linux 8 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Oracle Linux OpenSSL Cryptographic Module is a software module supporting FIPS 140-2 approved cryptographic algorithms for general use by vendors." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4214", "Certificate Number": "4214", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Kernel Crypto Cryptographic Module", "Module Type": "Software", "Validation Date": "05/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4214.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4214", "module_name": "Juniper Kernel Crypto Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with bound module Juniper OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #4131 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Juniper Kernel Cryptographic Module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4212", "Certificate Number": "4212", "Vendor Name": "Google, LLC", "Module Name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "Module Type": "Hardware", "Validation Date": "05/05/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4212.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4212", "module_name": "Non-Volatile Memory express (NVMe) Data Path Security Cluster (DPSC) Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The DPSC is a HW block within the NVMe Protocol Engine that contains AES-XTS engines which support data rate encrypt and decrypt functions. The module is a sub-chip cryptographic subsystem intended for use within the Google IN762 SoC.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4211", "Certificate Number": "4211", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK6) Cryptographic Module", "Module Type": "Software", "Validation Date": "05/04/202207/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4211.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4211", "module_name": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK6) Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 8 Unbreakable Enterprise Kernel (UEK 6) Cryptographic Module provides general-purpose cryptographic services to the remainder of the Linux kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4210", "Certificate Number": "4210", "Vendor Name": "Titaniam, Inc.", "Module Name": "Titaniam Core Engine", "Module Type": "Software", "Validation Date": "05/04/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4210.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4210", "module_name": "Titaniam Core Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Titaniam Core Engine is a FIPS Approved software only cryptographic module for securing data. The module implements the cryptographic functions for Titaniam products. It includes a wide range of standards-based encryption, digital signature, and encoding algorithms as well as additional operations where FIPS approval is not applicable." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4209", "Certificate Number": "4209", "Vendor Name": "Senetas Corporation Ltd., distributed by Thales SA (SafeNet)", "Module Name": "CN6000 Series Encryptors", "Module Type": "Hardware", "Validation Date": "04/29/202207/19/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4209.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4209", "module_name": "CN6000 Series Encryptors", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The CN6000 Series are high-speed hardware encryption platforms that secure data over optical and twisted-pair Ethernet networks. Models included are the CN6100 10G Ethernet; operating at a line rate of 10Gb/s and the CN6040 1G Ethernet; operating at a line rate of up to 1Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication. TRANSEC (aka Traffic Flow Security or TFS) can be used to remove patterns in network traffic and prevent traffic analysis.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4208", "Certificate Number": "4208", "Vendor Name": "Senetas Corporation Ltd., distributed by Thales SA (SafeNet)", "Module Name": "CN Series Encryptors", "Module Type": "Hardware", "Validation Date": "04/29/202207/19/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4208.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4208", "module_name": "CN Series Encryptors", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The CN4010, CN4020, CN6010, CN6140, CN9100 and CN9120 are high-speed hardware encryption platforms that secure data over twisted-pair and optical Ethernet networks. The modules support line rates from 10Mb/s to 100Gb/s. All models except CN4010 are equipped with pluggable transceivers to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES algorithms in CFB, CTR and GCM modes. Additional transmission security is provided via TRANSEC (Traffic Flow Security) which can be used to remove patterns in network traffic and prevent traffic analysis attacks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4207", "Certificate Number": "4207", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar® DC HC310 TCG Enterprise HDD, Ultrastar® DC HC320 TCG Enterprise HDD, and Ultrastar® DC HC330 TCG Enterprise HDD", "Module Type": "Hardware", "Validation Date": "04/29/202207/01/202207/13/202201/25/202309/01/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4207.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4207", "module_name": "Ultrastar® DC HC310 TCG Enterprise HDD, Ultrastar® DC HC320 TCG Enterprise HDD, and Ultrastar® DC HC330 TCG Enterprise HDD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Western Digital's self-encrypting Ultrastar® DC HC330, Ultrastar DC HC320 and Ultrastar DC HC310 TCG Enterprise hard disk drives meet or exceed the most demanding performance and security requirements. The Ultrastar DC HC330/HC320/HC310 product line, which use CMR technology, deliver high-capacity storage and a performance boost. Together, they enable capacity scaling and reduced total Cost of Ownership (TCO). The Ultrastar DC HC330/HC320/HC310 HDDs continue Western Digital's reliability leadership tradition with a 2M-hour MTBF rating.", "detail_available": true, "algorithms": [ "DRBG", "HMAC", "KDF" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4206", "Certificate Number": "4206", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 OpenSSH Client Cryptographic Module", "Module Type": "Software", "Validation Date": "04/29/202212/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4206.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4206", "module_name": "Oracle Linux 7 OpenSSH Client Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Oracle Linux OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #4170 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 7 OpenSSH Cryptographic Module is a software module that supplies cryptographic support for the SSH protocol.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4205", "Certificate Number": "4205", "Vendor Name": "NEC Corporation", "Module Name": "NEC Storage Encryption Board for NVMe", "Module Type": "Hardware", "Validation Date": "04/27/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4205.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4205", "module_name": "NEC Storage Encryption Board for NVMe", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The NEC Storage Encryption Engine provides high speed data at rest encryption for NEC Storage.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KTS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4203", "Certificate Number": "4203", "Vendor Name": "Monaco Enterprises Inc.", "Module Name": "Monaco Communication Cryptographic Module 1.0", "Module Type": "Hardware", "Validation Date": "04/22/202204/28/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4203.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4203", "module_name": "Monaco Communication Cryptographic Module 1.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Monaco Communication Cryptographic Module 1.0 provides FIPS 140-2 level 1 AES-256 encryption for secure RF radio communications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4202", "Certificate Number": "4202", "Vendor Name": "IQVIA", "Module Name": "IQVIA Java Crypto Module", "Module Type": "Software", "Validation Date": "04/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4202.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4202", "module_name": "IQVIA Java Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The output of the DRBG shall not be used to generate keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The cryptographic module is a single Java Archive (JAR) binary, named DvSecurityAPI.jar, that provides cryptographic and secure communication services for other applications developed by IQVIA. In this document, those applications will be referred to as the calling application. The module is a standalone cryptographic library that can be called to provide encryption, decryption, hash generation and verification, certificate generation and verification, random bit generation, and message authentication functions.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4201", "Certificate Number": "4201", "Vendor Name": "Zebra Technologies Corporation", "Module Name": "ZBR-88W8887-WLAN", "Module Type": "Firmware-Hybrid", "Validation Date": "04/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4201.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4201", "module_name": "ZBR-88W8887-WLAN", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Firmware-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The ZBR-88W8887-WLAN Module implements cryptographic support for Zebra wireless devices.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4199", "Certificate Number": "4199", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Voice Processing Module Cryptographic Module (VPMCM) / Telephone Media Gateway Cryptographic Module (TMGCM)", "Module Type": "Hardware", "Validation Date": "04/21/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4199.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4199", "module_name": "Voice Processing Module Cryptographic Module (VPMCM) / Telephone Media Gateway Cryptographic Module (TMGCM)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Motorola VPMCM/TMGCM provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4198", "Certificate Number": "4198", "Vendor Name": "Ezurio", "Module Name": "Summit Linux FIPS Core Crypto Module", "Module Type": "Software", "Validation Date": "04/21/202204/12/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4198.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4198", "module_name": "Summit Linux FIPS Core Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 10.1 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Summit FIPS Core Crypto Module is defined as a Software, Multi-chip Standalone module running on Ezurio's WB45NBT wireless bridge. This solution is equipped with a Microchip AT91SAM9G (ARM926EJ-S) processor.", "detail_available": true, "algorithms": [ "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4197", "Certificate Number": "4197", "Vendor Name": "Dell Inc, BSAFE Product Team", "Module Name": "RSA BSAFE® Crypto-C Micro Edition", "Module Type": "Software", "Validation Date": "04/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4197.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4197", "module_name": "RSA BSAFE® Crypto-C Micro Edition", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Crypto-C Micro Edition (ME) Module is RSA's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4196", "Certificate Number": "4196", "Vendor Name": "Vcinity, Inc.", "Module Name": "RAD X-1040 AES-256", "Module Type": "Hardware", "Validation Date": "04/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4196.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4196", "module_name": "RAD X-1040 AES-256", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "RAD X-1040 belongs to Vcinity’s Radical X product family and transforms the WAN into a Global LAN by encapsulating and extending RDMA over WAN across any distance. AES-256 encryption augments RAD X’s DataPrizm feature, which obfuscates and aggregates data in-flight across multiple network paths. The combined solution enables RAD X-1040 to secure the in-flight data to reduce the ever-growing risk of compromised or lost information. AES-256 encryption can be used independent of the DataPrizm function.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4195", "Certificate Number": "4195", "Vendor Name": "Thales", "Module Name": "Thales Luna Backup HSM Cryptographic Module", "Module Type": "Hardware", "Validation Date": "04/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4195.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4195", "module_name": "Thales Luna Backup HSM Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Thales Luna Backup HSM Cryptographic Module is a multi-chip standalone hardware cryptographic module in the small form factor device that connects to a computer workstation or server via USB. The cryptographic module is contained in its own enclosure that provides physical resistance to tampering.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "EDDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4194", "Certificate Number": "4194", "Vendor Name": "Hitachi, Ltd.", "Module Name": "Hitachi Virtual Storage Platform (VSP) Encryption Board for NVMe", "Module Type": "Hardware", "Validation Date": "04/11/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4194.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4194", "module_name": "Hitachi Virtual Storage Platform (VSP) Encryption Board for NVMe", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Hitachi Virtual Storage Platform(VSP) Encryption Board for NVMe provides high speed data at rest encryption for Hitachi storage.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KTS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4193", "Certificate Number": "4193", "Vendor Name": "JoveAI Innovation, Inc.", "Module Name": "STAR-2000", "Module Type": "Hardware", "Validation Date": "04/11/202205/29/202410/15/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4193.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4193", "module_name": "STAR-2000", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "A multi-chip embedded cryptographic module compliant with FIPS 140-2 and the Digital Cinema System Specification version 1.2. The module serves as an Integrated Media Block (IMB) as part of a Permanently-Married Projection System.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4192", "Certificate Number": "4192", "Vendor Name": "WinMagic Corp", "Module Name": "SecureDoc® Cryptographic Engine for macOS/Linux", "Module Type": "Software", "Validation Date": "04/07/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4192.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4192", "module_name": "SecureDoc® Cryptographic Engine for macOS/Linux", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SecureDoc® Cryptographic Engine for macOS/Linux provides cryptographic services for the WinMagic software products running on non-Windows platforms.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4191", "Certificate Number": "4191", "Vendor Name": "HyTrust, Inc.", "Module Name": "HyTrust KeyControl Cryptographic Module", "Module Type": "Software", "Validation Date": "04/04/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4191.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4191", "module_name": "HyTrust KeyControl Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "HyTrust KeyControl enables enterprises to easily manage all their encryption keys at scale, how often they rotate them, and how they are shared securely. HyTrust KeyControl capabilities include VMware certified Key Management Server (KMS), KMIP support, Enterprise scalability and performance, Multi-cloud support (AWS, Azure, GCP) and HSM Support.", "detail_available": true, "algorithms": [ "AES", "DRBG", "RSA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4190", "Certificate Number": "4190", "Vendor Name": "WinMagic Corp", "Module Name": "SecureDoc® Cryptographic Engine for Windows", "Module Type": "Software", "Validation Date": "04/04/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4190.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4190", "module_name": "SecureDoc® Cryptographic Engine for Windows", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SecureDoc® Cryptographic Engine for Windows provides cryptographic services for the WinMagic software products running on Windows platforms.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4189", "Certificate Number": "4189", "Vendor Name": "Telephonics Corporation", "Module Name": "TruLink Control Logic Module CL6882-M1", "Module Type": "Hardware", "Validation Date": "03/29/202205/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4189.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4189", "module_name": "TruLink Control Logic Module CL6882-M1", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "TruLink is a wireless intercom system typically used in Airborne environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4188", "Certificate Number": "4188", "Vendor Name": "Telephonics Corporation", "Module Name": "TruLink Control Logic Module CL6792-M1", "Module Type": "Hardware", "Validation Date": "03/29/202204/04/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4188.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4188", "module_name": "TruLink Control Logic Module CL6792-M1", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "TruLink is a wireless intercom system typically used in Airborne environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4187", "Certificate Number": "4187", "Vendor Name": "Aviat Networks, Inc.", "Module Name": "Aviat Networks Eclipse Cryptographic Module", "Module Type": "Hardware", "Validation Date": "03/29/202204/14/202211/22/202206/28/202312/06/202308/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4187.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4187", "module_name": "Aviat Networks Eclipse Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS Mode. The tamper evident seals installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Aviat Networks' Eclipse is an all-in-one next generation dual hybrid and packet microwave radio. Eclipse provides superior networking features to address cost-optimized mobile backhaul, public, and private networking applications, along with high performance RF and Carrier Ethernet capabilities. Aviat Eclipse delivers a \"complete\" set of microwave nodal networking capabilities. Eclipse delivers multi-directional integrated microwave switching within a single system, supporting up to 6 RF or up to 45 Ethernet radios in a single rack unit.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4185", "Certificate Number": "4185", "Vendor Name": "OSNEXUS Corporation", "Module Name": "OSNEXUS Crypto Library", "Module Type": "Software", "Validation Date": "03/26/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4185.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4185", "module_name": "OSNEXUS Crypto Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The OSNEXUS Crypto Library is a component of the Linux based QuantaStor software-defined storage platform which handles all of the hashing, key generation, key wrap protection, AES encryption and decryption operations.", "detail_available": true, "algorithms": [ "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4183", "Certificate Number": "4183", "Vendor Name": "Hitachi, Ltd.", "Module Name": "Hitachi Virtual Storage Platform (VSP) Encryption Module", "Module Type": "Hardware", "Validation Date": "03/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4183.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4183", "module_name": "Hitachi Virtual Storage Platform (VSP) Encryption Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Hitachi Virtual Storage Platform (VSP) Encryption Module provides high speed data at rest encryption for Hitachi storage.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4182", "Certificate Number": "4182", "Vendor Name": "N-able Technologies Inc.", "Module Name": "N-able Cryptographic Module", "Module Type": "Software", "Validation Date": "03/21/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4182.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4182", "module_name": "N-able Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The N-able Cryptographic Module is a standards-based cryptographic engine for N-able Take Control. The module delivers core cryptographic functions which are used in the context of remote control sessions.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4181", "Certificate Number": "4181", "Vendor Name": "Spectralink Corporation", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "03/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4181.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4181", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4180", "Certificate Number": "4180", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "03/20/202207/05/202203/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4180.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4180", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4177", "Certificate Number": "4177", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS Key Management Service HSM", "Module Type": "Hardware", "Validation Date": "03/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4177.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4177", "module_name": "AWS Key Management Service HSM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4176", "Certificate Number": "4176", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 OpenSSH Server Cryptographic Module", "Module Type": "Software", "Validation Date": "03/14/202212/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4176.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4176", "module_name": "Oracle Linux 7 OpenSSH Server Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Oracle Linux OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #4170 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 7 OpenSSH Cryptographic Module is a software module that supplies cryptographic support for the SSH protocol.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4173", "Certificate Number": "4173", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Solutions Cryptographic Firmware Module", "Module Type": "Firmware", "Validation Date": "03/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4173.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4173", "module_name": "Motorola Solutions Cryptographic Firmware Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Motorola Solutions Cryptographic Firmware Module is a firmware library that provides cryptographic services to applications running on Motorola Solutions radio products.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4172", "Certificate Number": "4172", "Vendor Name": "Dell Australia Pty Limited, BSAFE Product Team", "Module Name": "RSA BSAFE® Crypto Module", "Module Type": "Software", "Validation Date": "03/07/202203/09/202209/01/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4172.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4172", "module_name": "RSA BSAFE® Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "RSA BSAFE® Crypto Module 1.1 is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. The software supports a wide range of industry standard encryption algorithms offering developers the flexibility to choose the appropriate option to meet their requirements." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4171", "Certificate Number": "4171", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "03/04/202207/01/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4171.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4171", "module_name": "Oracle Linux 7 NSS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 7 NSS Cryptographic Module is a set of libraries designed to support cross-platform development of security-enabled applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4170", "Certificate Number": "4170", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "03/04/202207/01/202201/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4170.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4170", "module_name": "Oracle Linux 7 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Oracle Linux OpenSSL Cryptographic Module is a software module supporting FIPS 140-2 approved cryptographic algorithms for general use by vendors." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4169", "Certificate Number": "4169", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Linux 7 Unbreakable Enterprise Kernel (UEK 6) Cryptographic Module", "Module Type": "Software", "Validation Date": "03/04/202207/01/202208/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4169.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4169", "module_name": "Oracle Linux 7 Unbreakable Enterprise Kernel (UEK 6) Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Oracle Linux 7 Unbreakable Enterprise Kernel (UEK 6) Cryptographic Module provides general-purpose cryptographic services to the remainder of the Linux kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4168", "Certificate Number": "4168", "Vendor Name": "Mitsubishi Electric Software Corporation", "Module Name": "Command Encryption Module", "Module Type": "Firmware", "Validation Date": "03/01/202204/13/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4168.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4168", "module_name": "Command Encryption Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the security policy", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4167", "Certificate Number": "4167", "Vendor Name": "DINAMO Networks, Inc.", "Module Name": "DINAMO CD, XP, and ST Hardware Security Modules", "Module Type": "Hardware", "Validation Date": "03/01/202201/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4167.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4167", "module_name": "DINAMO CD, XP, and ST Hardware Security Modules", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The DINAMO family of Hardware Security Modules are network attached devices that offer a secure environment for the storage and lifecycle management of cryptographic keys, as well as offering cryptographic services such as encryption, digital signatures, key generation, and authentication. The family of DINAMO HSMs reduce risk and operation costs by centralizing enterprise cryptographic key management.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4162", "Certificate Number": "4162", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWALL TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700 and NSa 3700", "Module Type": "Hardware", "Validation Date": "02/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4162.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4162", "module_name": "SonicWALL TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700 and NSa 3700", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SonicWall family of firewalls tightly integrates intrusion prevention, malware protection, Application Intelligence and Control with real-time Visualization. SonicWALL Reassembly-Free Deep Packet Inspection engine scans 100% of traffic and massively scales to meet needs of the most high-performance networks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4161", "Certificate Number": "4161", "Vendor Name": "SonicWall, Inc.", "Module Name": "SonicWALL NSsp 14700 and NSsp 15700", "Module Type": "Hardware", "Validation Date": "02/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4161.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4161", "module_name": "SonicWALL NSsp 14700 and NSsp 15700", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The SonicWall family of firewalls tightly integrates intrusion prevention, malware protection, Application Intelligence and Control with real-time Visualization. SonicWALL Reassembly-Free Deep Packet Inspection engine scans 100% of traffic and massively scales to meet the needs of the most high-performance networks.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4159", "Certificate Number": "4159", "Vendor Name": "WatchData Technologies Pte Ltd", "Module Name": "WatchKey ProX USB Token Cryptographic Module", "Module Type": "Hardware", "Validation Date": "02/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4159.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4159", "module_name": "WatchKey ProX USB Token Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The WatchKey ProX USB Token is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user's private and public key pairs can be generated and stored on the embedded chip.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4158", "Certificate Number": "4158", "Vendor Name": "Intel Corporation", "Module Name": "Cryptographic Module for Intel® Converged Security and Manageability Engine (CSME)", "Module Type": "Firmware-Hybrid", "Validation Date": "02/17/202208/21/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4158.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4158", "module_name": "Cryptographic Module for Intel® Converged Security and Manageability Engine (CSME)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Cryptographic Module for Intel® Converged Security and Manageability Engine(CSME) (hereafter referred to as 'the module') is classified as a multiple-chip standalone firmware-hybrid module for FIPS 140-2 purpose. The module consists of both hardware and firmware. The hardware portion is the Converged Security Engine (CSE) and the firmware portion is the crypto driver process of the Manageability Engine (ME). The two portions form the logical cryptographic boundary and they combine as Converged Security and Manageability Engine (CSME) to perform cryptographic functions within the Cannon Point PCH applications executing on the CSME.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4157", "Certificate Number": "4157", "Vendor Name": "Christine Wireless, Inc.", "Module Name": "Tactical Key Management Device (TKMD)", "Module Type": "Hardware", "Validation Date": "02/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4157.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4157", "module_name": "Tactical Key Management Device (TKMD)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The TKMD is a low-cost single unit that implements the TIA Project 25 Over-the-Air Rekey standard to provide a Key Management Facility (KMF) for 500 and up to 3000 Subscriber Radios. The TKMD can be utilized as a stand-alone KMF for use in a campus environment or can be utilized in a network environment where Subscriber Radio configurations can be securely shared between TKMDs. The networked TKMDs can also securely share collections of Cryptographic keys to allow periodic updating of Cryptographic keys. Control of the TKMD is accomplished with a secure (https) connection to a web browser." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4156", "Certificate Number": "4156", "Vendor Name": "Google, LLC.", "Module Name": "BoringCrypto Android", "Module Type": "Software", "Validation Date": "02/16/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4156.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4156", "module_name": "BoringCrypto Android", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4155", "Certificate Number": "4155", "Vendor Name": "TrellisWare Technologies, Inc.", "Module Name": "TW-900/950 TSM Shadow and TW-870/875 TSM Ghost", "Module Type": "Hardware", "Validation Date": "02/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4155.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4155", "module_name": "TW-900/950 TSM Shadow and TW-870/875 TSM Ghost", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 7.5 of the Security Policy. The tamper evident sealant must be installed as indicated in the security policy Section 7.5.1 using FIPS kit TrellisWare P/N 800AAA0036", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The TW-870/875 TSM Ghost and TW-900/950 TSM Shadow are small form-factor Software Defined Radios that employ the latest version of TrellisWare's TSM waveform and are capable of robust operation at high data rates. The TW-870/875 and TW-900/950 support multi-channel voice, IP data, Position Location Information (PLI) tracking, sleep functions for long-term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4154", "Certificate Number": "4154", "Vendor Name": "Sansec Technology Co., Ltd.", "Module Name": "Sansec HSM Cryptographic Module", "Module Type": "Hardware", "Validation Date": "02/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4154.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4154", "module_name": "Sansec HSM Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Sansec Hardware Security Module (HSM) is a hardware cryptographic module that provides data encryption, data decryption, signature generation, signature verification, message digest, message authentication code (MAC), random number generation and key management services to business systems.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4153", "Certificate Number": "4153", "Vendor Name": "Beijing Lianshi Networks Technology Co.,Ltd.", "Module Name": "Cryptographic Server HSM", "Module Type": "Hardware", "Validation Date": "02/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4153.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4153", "module_name": "Cryptographic Server HSM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "CS-HSM-2697v2-680-32G is a hardware security module, providing cryptographic services including encryption, decryption, signature generation and verification, and key management.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4152", "Certificate Number": "4152", "Vendor Name": "NXP Semiconductors", "Module Name": "i.MX 8X SECO HSMv2", "Module Type": "Hardware", "Validation Date": "02/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4152.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4152", "module_name": "i.MX 8X SECO HSMv2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode and utilizing a Trusted Path as specified in the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The i.MX 8X HSMv2 extends the rich capabilities of the i.MX 8X family of products with advanced security and cryptographic capabilities. These HSM extensions implemented in the i.MX 8X integrated cryptographic module offer OEMs the capability to configure the part in the desired FIPS mode to support challenging IoT use cases and more. The i.MX 8X cryptographic module is an integral part of the NXP i.MX 8X application processors and can be used together with other features offered by these SOCs to reduce both the OEM design bill of materials as well as time to market.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4151", "Certificate Number": "4151", "Vendor Name": "Utimaco IS GmbH", "Module Name": "u.trust Anchor", "Module Type": "Hardware", "Validation Date": "02/10/202202/05/202408/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4151.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4151", "module_name": "u.trust Anchor", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "u.trust Anchor is a new generation of HSM, comprising all traditional hardware security features and introducing containerized HSMs (cHSMs). Each cHSM provides secure cryptographic services such as signing and verification of data, encryption or decryption, hashing, on-board random number generation and secure key generation, key storage and key management functions in a tamper-protected multi-tenant environment. The HSM delivers a highly elastic HSM architecture that scales rapidly on demand and enables service providers to deliver HSM as a Service (HSMaaS) in multiple use cases.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4150", "Certificate Number": "4150", "Vendor Name": "Intel Corporation", "Module Name": "Intel® Converged Security and Manageability Engine (CSME) Crypto Module for Tiger Point PCH, Mule Creek Canyon PCH, and Rocket Lake PCH", "Module Type": "Firmware-Hybrid", "Validation Date": "02/10/202208/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4150.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4150", "module_name": "Intel® Converged Security and Manageability Engine (CSME) Crypto Module for Tiger Point PCH, Mule Creek Canyon PCH, and Rocket Lake PCH", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Firmware-Hybrid", "embodiment": "Single Chip", "description": "Intel® Converged Security and Manageability Engine (CSME) Crypto Module for Tiger Point PCH, Mule Creek Canyon PCH, and Rocket Lake PCH is as a firmware-hybrid cryptographic module. The module consists of both hardware and firmware. The hardware portion is the Offload and Cryptography Subsystem (OCS) and the firmware portion is the Converged Security and Manageability Engine (CSME) Crypto Driver firmware.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4149", "Certificate Number": "4149", "Vendor Name": "Atos", "Module Name": "CHR Cryptographic Module", "Module Type": "Hardware", "Validation Date": "02/10/202208/23/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4149.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4149", "module_name": "CHR Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by ATOS as Application Provider and known as \"Crypt2pay XT\" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4144", "Certificate Number": "4144", "Vendor Name": "NetApp, Inc.", "Module Name": "NetApp CryptoMod", "Module Type": "Software", "Validation Date": "02/03/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4144.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4144", "module_name": "NetApp CryptoMod", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption for NetApp’s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software only cryptographic module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4143", "Certificate Number": "4143", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung NVMe TCG Opal SSC SEDs PM1733 Series", "Module Type": "Hardware", "Validation Date": "02/03/202202/25/202209/07/202211/30/202204/19/202307/11/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4143.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4143", "module_name": "Samsung NVMe TCG Opal SSC SEDs PM1733 Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung NVMe TCG Opal SSC SEDs PM1733 Series are a high-performance Self-Encrypting SSDs supporting NVMe Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS 2048 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4142", "Certificate Number": "4142", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Solaris Userland Cryptographic Framework", "Module Type": "Software", "Validation Date": "02/02/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4142.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4142", "module_name": "Oracle Solaris Userland Cryptographic Framework", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Solaris Userland Cryptographic Framework module provides cryptographic functionality for any application that calls into it. The module provides encryption, decryption, hashing, secure random number generation, signature generation and verification, certificate generation and verification, message authentication functions, and key pair generation for RSA and DSA. The module can leverage the algorithm acceleration from SPARC and x86 processors when available.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4140", "Certificate Number": "4140", "Vendor Name": "L3Harris Technologies, Inc.", "Module Name": "Harris AES Load Module", "Module Type": "Firmware", "Validation Date": "01/24/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4140.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4140", "module_name": "Harris AES Load Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "description": "The Harris AES Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals.", "detail_available": true, "algorithms": [ "AES", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4139", "Certificate Number": "4139", "Vendor Name": "Fortanix, Inc.", "Module Name": "Fortanix SDKMS Appliance", "Module Type": "Hardware", "Validation Date": "01/19/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4139.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4139", "module_name": "Fortanix SDKMS Appliance", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "The tamper evident seals installed as indicated in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Fortanix SDKMS appliance is the building block for running Fortanix Self-Defending Key Management Service (SDKMS), a unified HSM and Key Management solution. With SDKMS, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4138", "Certificate Number": "4138", "Vendor Name": "NETSCOUT Systems, Inc.", "Module Name": "NETSCOUT FIPS Object Module", "Module Type": "Software", "Validation Date": "01/18/202204/04/202307/29/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4138.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4138", "module_name": "NETSCOUT FIPS Object Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The NETSCOUT FIPS Object Module provides cryptographic functionality to NETSCOUT’s series of applications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4137", "Certificate Number": "4137", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "01/18/202208/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4137.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4137", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4134", "Certificate Number": "4134", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco 8800 Series Routers", "Module Type": "Hardware", "Validation Date": "01/13/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4134.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4134", "module_name": "Cisco 8800 Series Routers", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Cisco 8800 Series is a family of routing platforms with modular chassis. The platform offers high port density, high performance forwarding, low jitter and the lowest power consumption per Gigabits/sec at a very cost-effective price point. The routers meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XR software." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4132", "Certificate Number": "4132", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 AWS Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "01/13/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4132.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4132", "module_name": "Ubuntu 20.04 AWS Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 20.04 AWS Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4129", "Certificate Number": "4129", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco Aironet 1562e/i/d/ps, 2802e/i, 3802e/i/p, 4800 and IW6300H- AC/DC/DCW Wireless LAN Access Points, AireOS Version 8.10MR3 and IOS-XE 17.3", "Module Type": "Hardware", "Validation Date": "01/10/202207/05/202201/06/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4129.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4129", "module_name": "Cisco Aironet 1562e/i/d/ps, 2802e/i, 3802e/i/p, 4800 and IW6300H- AC/DC/DCW Wireless LAN Access Points, AireOS Version 8.10MR3 and IOS-XE 17.3", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "The tamper evident seals installed as indicated in the security policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4127", "Certificate Number": "4127", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 GCP Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "01/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4127.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4127", "module_name": "Ubuntu 20.04 GCP Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 20.04 GCP Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4126", "Certificate Number": "4126", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 Azure Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "01/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4126.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4126", "module_name": "Ubuntu 20.04 Azure Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 20.04 Azure Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4125", "Certificate Number": "4125", "Vendor Name": "Spectralink Corporation", "Module Name": "Qualcomm® Inline Crypto Engine (SDCC)", "Module Type": "Hardware", "Validation Date": "01/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4125.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4125", "module_name": "Qualcomm® Inline Crypto Engine (SDCC)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/16/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4124", "Certificate Number": "4124", "Vendor Name": "Hub Security LTD", "Module Name": "Hub Security Cryptographic Module", "Module Type": "Hardware", "Validation Date": "01/10/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4124.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4124", "module_name": "Hub Security Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "This cryptographic module is an HSM Vault developed by Hub Security LTD to be used in a security and privacy solution. It is a key management solution for safely storing and using all the company's sensitive data.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4119", "Certificate Number": "4119", "Vendor Name": "Juniper Networks, Inc", "Module Name": "Juniper Networks ACX5448-M Router", "Module Type": "Hardware", "Validation Date": "01/03/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4119.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4119", "module_name": "Juniper Networks ACX5448-M Router", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ACX5448-M series provides dedicated high-performance processing for flows and sessions and integrates advanced security capabilities that protect the network infrastructure as well as user data.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4117", "Certificate Number": "4117", "Vendor Name": "Christine Wireless, Inc.", "Module Name": "Radio Internet-Protocol Communications Module Z (RIC-Mz)", "Module Type": "Hardware", "Validation Date": "12/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4117.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4117", "module_name": "Radio Internet-Protocol Communications Module Z (RIC-Mz)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The RIC-Mz provides Internet Protocol connectivity for Radio Equipment utilizing the serial protocol known as HDLC. Both synchronous and asynchronous modes are supported. The RIC-Mz can transport the HDLC over Internet Protocol in a unencrypted UDP packet or an encrypted DTLS packet and also can convert the HDLC into Digital Fixed Station Interface (DFSI) formats compliant with TIA standards TIA 102.BAHA and 102.BAHA-A to allow connection to any equipment to a Dispatch Console or DFSI Base Station. Control of the RIC-Mz is accomplished with a secure (https) connection to a web browser." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4111", "Certificate Number": "4111", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Solutions Cryptographic Software Module", "Module Type": "Software", "Validation Date": "12/20/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4111.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4111", "module_name": "Motorola Solutions Cryptographic Software Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Motorola Solutions Cryptographic Software Module is a software based cryptographic module that provides cryptographic services to applications running on a General-Purpose Computer (GPC) hardware platform and supports the APCO Project 25 standard.", "algorithms": [ "DES", "KDF", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4110", "Certificate Number": "4110", "Vendor Name": "Thales", "Module Name": "ProtectServer PCIe HSM 3", "Module Type": "Hardware", "Validation Date": "12/20/202104/20/202205/03/202210/06/202204/21/202310/24/202305/03/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4110.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4110", "module_name": "ProtectServer PCIe HSM 3", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode. When utilizing a Trusted Path as specified in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The ProtectServer PCIe HSM 3 is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4109", "Certificate Number": "4109", "Vendor Name": "Pure Storage, Inc.", "Module Name": "Purity Encryption Module", "Module Type": "Software-Hybrid", "Validation Date": "12/16/202112/30/202101/04/202203/01/202304/04/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4109.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4109", "module_name": "Purity Encryption Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "Purity Encryption Module is a standalone cryptographic module for the Purity Operating Environment for FlashArray (Purity//FA). Purity//FA powers Pure Storage's FlashArray family of products which provide economical all-flash storage. Purity Encryption Module enables FlashArray to support always-on, inline encryption of data with an internal key management scheme that requires no user intervention.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4108", "Certificate Number": "4108", "Vendor Name": "Dell, Inc.", "Module Name": "Dell OpenSSL Cryptographic Library", "Module Type": "Software", "Validation Date": "12/15/202107/11/202208/23/202205/15/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4108.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4108", "module_name": "Dell OpenSSL Cryptographic Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Dell OpenSSL Cryptographic Library v2.6 is used within various Dell EMC Networking products, including the S, N, MX, and Z-Series. Dell EMC Networking products are high performance ToR, Multi-Rate Aggregation, Edge Access, and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell's Data Center hardened OS, Dell EMC Networking OS.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4106", "Certificate Number": "4106", "Vendor Name": "Cloudera, Inc.", "Module Name": "Cloudera Cryptographic Module for OpenSSL", "Module Type": "Software", "Validation Date": "12/13/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4106.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4106", "module_name": "Cloudera Cryptographic Module for OpenSSL", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Cloudera Cryptographic Module for OpenSSL is a FIPS 140-2 Validated Cryptographic provider for use with Cloudera Data Platform (CDP) products. The module delivers core cryptographic functions to the Cloudera Data Platform (CDP) products and features robust algorithm support.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4101", "Certificate Number": "4101", "Vendor Name": "US Army CERDEC", "Module Name": "CERDEC Cryptographic Module 1.0.2", "Module Type": "Hardware", "Validation Date": "12/13/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4101.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4101", "module_name": "CERDEC Cryptographic Module 1.0.2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The CERDEC Crypto Module (CM), is a single-chip module providing cryptographic primitive services and key management. This CM design provides both FIPS approved AES encryption/decryption services, as well as non-approved SPECK and SIMON encryption services.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4098", "Certificate Number": "4098", "Vendor Name": "Citrix Systems, Inc.", "Module Name": "Citrix ADC VPX", "Module Type": "Software", "Validation Date": "12/12/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4098.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4098", "module_name": "Citrix ADC VPX", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Citrix ADC VPX is a virtual application delivery controller that provides the best possible experience to users with flexible deployment options, intelligent global load balancing, centralized management from a single pane, and integrated application and API security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4097", "Certificate Number": "4097", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung Kernel Cryptographic Module", "Module Type": "Software", "Validation Date": "12/11/202106/22/202211/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4097.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4097", "module_name": "Samsung Kernel Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4093", "Certificate Number": "4093", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "12/06/202108/23/202312/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4093.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4093", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments. Crypto Engine Core version 5.6.0 is supported by various Qualcomm platforms including Snapdragon 888 5G Mobile Platform, Qualcomm QCM6490, Qualcomm QCS6490, Qualcomm QCM5430, and Qualcomm QCS5430.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4092", "Certificate Number": "4092", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung Flash Memory Protector V3.0.1", "Module Type": "Software-Hybrid", "Validation Date": "12/05/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4092.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4092", "module_name": "Samsung Flash Memory Protector V3.0.1", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The hardware module supports AES with CBC mode and XTS-AES cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4090", "Certificate Number": "4090", "Vendor Name": "Thales", "Module Name": "Thales Luna K7 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "12/02/202104/29/202203/09/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4090", "module_name": "Thales Luna K7 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Thales Luna K7 Cryptographic Module is a high-assurance, tamper-resistant Hardware Security Module which secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security. The module meets compliance and audit needs for FIPS 140, HIPAA, PCI-DSS, eIDAS, GDPR.", "detail_available": true, "caveat": "When operated in FIPS mode and initialized to Overall Level 3 per Security Policy.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4089", "Certificate Number": "4089", "Vendor Name": "Kaseya US LLC", "Module Name": "Virtual System Administrator (VSA) Cryptographic Module", "Module Type": "Software", "Validation Date": "12/02/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4089.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4089", "module_name": "Virtual System Administrator (VSA) Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Kaseya Virtual System Administrator (VSA) Cryptographic Module is an all-in-one RMM and Unified Endpoint Management product, allowing IT teams and MSPs to proactively protect, monitor, and manage distributed IT resources using a single, integrated web-based interface.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4087", "Certificate Number": "4087", "Vendor Name": "Aruba, a Hewlett Packard Enterprise company", "Module Name": "Aruba 7280 Series Controller with ArubaOS FIPS Firmware", "Module Type": "Hardware", "Validation Date": "12/01/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4087.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4087", "module_name": "Aruba 7280 Series Controller with ArubaOS FIPS Firmware", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. When installed, initialized and configured as specified in Section 13 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4086", "Certificate Number": "4086", "Vendor Name": "Futurex", "Module Name": "EXP1000 Hardware Security Module", "Module Type": "Hardware", "Validation Date": "11/30/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4086.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4086", "module_name": "EXP1000 Hardware Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The EXP1000 Hardware Security Module (HSM) is a multi-chip embedded cryptographic module that provides secure data storage and crypto-processing functionality. The module is assembled from production quality components. All sensitive components of the module are physically protected by a tamper resistant, responsive, and evident casing where all cryptographic operations are performed.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4085", "Certificate Number": "4085", "Vendor Name": "Futurex", "Module Name": "GSP3000 Hardware Security Module", "Module Type": "Hardware", "Validation Date": "11/30/202101/30/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4085.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4085", "module_name": "GSP3000 Hardware Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The GSP3000 Hardware Security Module (HSM) is a multi-chip embedded cryptographic module that provides secure data storage and crypto-processing functionality. The module is assembled from production quality components. All sensitive components of the module are physically protected by a tamper resistant, responsive, and evident casing where all cryptographic operations are performed.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4084", "Certificate Number": "4084", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar DC HC550 TCG Enterprise HDD", "Module Type": "Hardware", "Validation Date": "11/30/202102/05/202204/14/202211/07/202201/27/202308/31/202311/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4084.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4084", "module_name": "Ultrastar DC HC550 TCG Enterprise HDD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The self-encrypting Ultrastar® DC HC550 TCG Enterprise HDD, from Western Digital, meets or exceeds the most demanding performance and security requirements. It incorporates sixth-generation HelioSeal® technology, is the first HDD to harness Energy-Assisted Magnetic Recording (EAMR) technology and provides 29% more capacity in the same form factor as a 14TB HDD. The higher capacity enables data centers to lower CapEx and the low power consumption contributes to OpEx savings. Targeted at 2.5M hours MTBF, the Ultrastar DC HC550 provides high reliability for mission critical environments.", "detail_available": true, "algorithms": [ "AES", "DRBG", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4083", "Certificate Number": "4083", "Vendor Name": "DINAMO Networks, Inc.", "Module Name": "DINAMO Pocket Hardware Security Module", "Module Type": "Hardware", "Validation Date": "11/30/202101/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4083.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4083", "module_name": "DINAMO Pocket Hardware Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The DINAMO family of Hardware Security Modules are network attached devices that offer a secure environment for the storage and lifecycle management of cryptographic keys, as well as offering cryptographic services such as encryption, digital signatures, key generation, and authentication. The family of DINAMO HSMs reduce risk and operation costs by centralizing enterprise cryptographic key management.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KDF", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4082", "Certificate Number": "4082", "Vendor Name": "Cisco Systems, Inc.", "Module Name": "Cisco 8200 Series Routers", "Module Type": "Hardware", "Validation Date": "11/30/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4082.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4082", "module_name": "Cisco 8200 Series Routers", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Cisco 8200 Series is a family of routing platforms including fixed and modular chassis. The platform offers high port density, high performance forwarding, low jitter and the lowest power consumption per Gigabits/sec at a very cost-effective price point. The routers meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules. The modules include cryptographic algorithms implemented in IOS-XR software." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4081", "Certificate Number": "4081", "Vendor Name": "Pitney Bowes, Inc.", "Module Name": "X4i Postal Security Device (PSD)", "Module Type": "Hardware", "Validation Date": "11/30/202101/05/202309/01/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4081.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4081", "module_name": "X4i Postal Security Device (PSD)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS Mode. No assurance of the minimum strength of generated keys.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The X4i PSD is a single chip cryptographic module using the Maxim MAX32590 hardware that provides security services to support the creation of digital postage evidence in the form of an indicium.", "detail_available": true, "algorithms": [ "AES", "DRBG", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4080", "Certificate Number": "4080", "Vendor Name": "EF Johnson Technologies", "Module Name": "Johnson Encryption Machine 2 (JEM2)", "Module Type": "Hardware", "Validation Date": "11/30/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4080.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4080", "module_name": "Johnson Encryption Machine 2 (JEM2)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES Key Wrap, AES, ECDSA, DRBG, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms.", "detail_available": true, "algorithms": [ "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4079", "Certificate Number": "4079", "Vendor Name": "IBM Corporation", "Module Name": "IBM 4769-001 Cryptographic Coprocessor Security Module", "Module Type": "Hardware", "Validation Date": "11/29/202112/21/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4079.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4079", "module_name": "IBM 4769-001 Cryptographic Coprocessor Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 4, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The IBM 4769 PCIe Cryptographic Coprocessor Hardware Security Module is in the form of a programmable PCIe card that offloads computationally intensive cryptographic processes from the hosting server, and performs sensitive tasks within a secured tamper responding hardware boundary. The evolutionary design builds on previous generations of IBM cryptographic technology, improving performance over its predecessors. The IBM 4769 is supported on select IBM Z processors as the Crypto Express7S feature.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDSA", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4077", "Certificate Number": "4077", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung Flash Memory Protector V3.0", "Module Type": "Software-Hybrid", "Validation Date": "11/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4077.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4077", "module_name": "Samsung Flash Memory Protector V3.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The hardware module supports AES with CBC mode and XTS-AES cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4076", "Certificate Number": "4076", "Vendor Name": "Hitachi, Ltd.", "Module Name": "Hitachi Virtual Storage Platform (VSP) Encryption Board for NVMe", "Module Type": "Hardware", "Validation Date": "11/22/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4076.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4076", "module_name": "Hitachi Virtual Storage Platform (VSP) Encryption Board for NVMe", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Hitachi Virtual Storage Platform(VSP) Encryption Board for NVMe provides high speed data at rest encryption for Hitachi storage.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KTS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4074", "Certificate Number": "4074", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye HX Series: HX4402, HX4502, HX4502D", "Module Type": "Hardware", "Validation Date": "11/18/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4074.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4074", "module_name": "FireEye HX Series: HX4402, HX4502, HX4502D", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye HX series appliances enable security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management, and network security products, apply intelligence from FireEye to continuously validate Indicators of Compromises on the endpoints and identify if a compromise has occurred and assess the potential risk.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4070", "Certificate Number": "4070", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "11/15/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4070.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4070", "module_name": "SUSE Linux Enterprise OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4069", "Certificate Number": "4069", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "11/15/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4069.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4069", "module_name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in section 10.1 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Linux Enterprise Server Kernel Crypto API Module provides cryptographic services to the Linux operating system kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4068", "Certificate Number": "4068", "Vendor Name": "Unisys Corporation", "Module Name": "Unisys Linux Kernel Cryptographic API Module", "Module Type": "Software", "Validation Date": "11/09/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4068.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4068", "module_name": "Unisys Linux Kernel Cryptographic API Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Unisys Linux strongSwan Cryptographic Module validated to FIPS 140-2 under Cert. #3971 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a software-only cryptographic module that comprises a set of Linux kernel modules; this set defines the module's cryptographic boundary. It provides cryptographic functionality for any application that calls into it.", "detail_available": true, "algorithms": [ "AES", "HMAC", "KDF", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4067", "Certificate Number": "4067", "Vendor Name": "Aruba, a Hewlett Packard Enterprise company", "Module Name": "Aruba AP-318, AP-344, AP-345, AP-374, AP-375, AP-377 and AP-387 Outdoor Access Points with ArubaOS FIPS Firmware", "Module Type": "Hardware", "Validation Date": "11/04/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4067.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4067", "module_name": "Aruba AP-318, AP-344, AP-345, AP-374, AP-375, AP-377 and AP-387 Outdoor Access Points with ArubaOS FIPS Firmware", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 13 of the Security Policy. The tamper evident labels installed as indicated in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Aruba's 802.11 Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the WPA2/WPA3 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies.", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4065", "Certificate Number": "4065", "Vendor Name": "Thales Alenia Space", "Module Name": "Thales Alenia Space cryptographic module for Microsemi RTAX FPGA", "Module Type": "Hardware", "Validation Date": "11/02/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4065.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4065", "module_name": "Thales Alenia Space cryptographic module for Microsemi RTAX FPGA", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 12.4 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "Cryptographic module encrypt and decrypt input packets, using one of the thirty two possible keys. There are several TC/TM to check: status, number of packets correctly deciphered, number of ciphered packet, etc. There are three UART interfaces for: ground, key and housekeeping (the last one has a redundant interface)." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4064", "Certificate Number": "4064", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "µMACE", "Module Type": "Hardware", "Validation Date": "11/01/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4064.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4064", "module_name": "µMACE", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Sections 2 and 9 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products.", "detail_available": true, "algorithms": [ "AES", "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4063", "Certificate Number": "4063", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye VX Series: VX7690Vfips", "Module Type": "Software", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4063.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4063", "module_name": "FireEye VX Series: VX7690Vfips", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4062", "Certificate Number": "4062", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye CM Series: CM1500V, CM2500V, CM7500V", "Module Type": "Software", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4062.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4062", "module_name": "FireEye CM Series: CM1500V, CM2500V, CM7500V", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-generated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4061", "Certificate Number": "4061", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye VX Series: VX5500, VX12500, VX12550", "Module Type": "Hardware", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4061.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4061", "module_name": "FireEye VX Series: VX5500, VX12500, VX12550", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4060", "Certificate Number": "4060", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye NX Series: NX1500, NX2500, NX2550, NX3500, NX4500, NX5500, NX6500", "Module Type": "Hardware", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4060.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4060", "module_name": "FireEye NX Series: NX1500, NX2500, NX2550, NX3500, NX4500, NX5500, NX6500", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4059", "Certificate Number": "4059", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye HX Series: HX4502V", "Module Type": "Software", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4059.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4059", "module_name": "FireEye HX Series: HX4502V", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye HX series appliances enable security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management, and network security products, apply intelligence from FireEye to continuously validate Indicators of Compromises on the endpoints and identify if a compromise has occurred and assess the potential risk.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4058", "Certificate Number": "4058", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye EX Series: EX5500V", "Module Type": "Software", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4058.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4058", "module_name": "FireEye EX Series: EX5500V", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4057", "Certificate Number": "4057", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye CM Series: CM4500, CM7500, CM9400, CM9500", "Module Type": "Hardware", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4057.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4057", "module_name": "FireEye CM Series: CM4500, CM7500, CM9400, CM9500", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-generated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4056", "Certificate Number": "4056", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye EX Series: EX3500, EX5500, EX8400, EX8500", "Module Type": "Hardware", "Validation Date": "10/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4056.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4056", "module_name": "FireEye EX Series: EX3500, EX5500, EX8400, EX8500", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4055", "Certificate Number": "4055", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Server Libica Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "10/27/202111/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4055.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4055", "module_name": "SUSE Linux Enterprise Server Libica Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy with module SUSE Linux Enterprise Server OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #3991 operating in FIPS mode", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The SUSE Linux Enterprise Server Libica Cryptographic Module contains the interface library routines used by IBM modules to interface with OpenSSL and the IBM Central Processor Assist for Cryptographic Functions (CPACF).", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDSA", "HMAC", "KAS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4054", "Certificate Number": "4054", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "10/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4054.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4054", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4048", "Certificate Number": "4048", "Vendor Name": "Crestron Electronics, Inc.", "Module Name": "Crestron Mobile Crypto Module", "Module Type": "Software", "Validation Date": "10/21/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4048.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4048", "module_name": "Crestron Mobile Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #1938.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Crestron Crypto Kernel for OpenSSL is the cryptographic core of DM-NVX and features robust algorithm support, including Suite B algorithm compliance. This module offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4047", "Certificate Number": "4047", "Vendor Name": "Vocera Communications, Inc.", "Module Name": "Vocera Cryptographic Module v3.1", "Module Type": "Software-Hybrid", "Validation Date": "10/20/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4047.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4047", "module_name": "Vocera Cryptographic Module v3.1", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Vocera B3000n Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000n Badge, ensures protected communications using industry-standard secure wireless communication protocols.", "algorithms": [ "AES", "CVL", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4046", "Certificate Number": "4046", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 Strongswan Cryptographic Module", "Module Type": "Software", "Validation Date": "10/18/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4046.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4046", "module_name": "Ubuntu 20.04 Strongswan Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy with module Ubuntu 20.04 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #3966 operating in FIPS mode and with module Ubuntu 20.04 Kernel Crypto API Cryptographic Module validated to FIPS140-2 under Cert. #3928 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Ubuntu 20.04 Strongswan Cryptographic Module provides cryptographic services for the Internet Key Exchange (IKE) protocol in the Ubuntu Operating System user space.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4044", "Certificate Number": "4044", "Vendor Name": "Microchip Technology, Inc.", "Module Name": "NV-2108 Flashtec™ PCIe NVRAM Drive", "Module Type": "Hardware", "Validation Date": "10/18/202103/04/202208/26/202210/21/202210/02/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4044.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4044", "module_name": "NV-2108 Flashtec™ PCIe NVRAM Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Microchip NV-2108 Flashtec™ PCIe NVRAM Drive is an 8 GB, 2.5-inch form factor NVRAM dual port drive that provides outstanding reliability, performance, and security.", "detail_available": true, "algorithms": [ "AES", "DRBG", "HMAC", "KDF", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4043", "Certificate Number": "4043", "Vendor Name": "Citrix Systems, Inc.", "Module Name": "Citrix ADC MPX", "Module Type": "Hardware", "Validation Date": "10/16/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4043.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4043", "module_name": "Citrix ADC MPX", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section [3.1.4] of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The MPX product line optimizes delivery of applications over the Internet and private networks. MPX is an application delivery controller (ADC) that performs application-specific traffic analysis to intelligently distribute, optimize, and secure L4-L7 network traffic for web-applications. All these capabilities are combined into a single, integrated appliance for increased productivity, with lower overall total cost of ownership.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4041", "Certificate Number": "4041", "Vendor Name": "Samsung Electronics Co., Ltd.", "Module Name": "Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a Series", "Module Type": "Hardware", "Validation Date": "10/06/202109/07/202206/21/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4041.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4041", "module_name": "Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in the Security Rules Section of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Samsung SAS 12G TCG Enterprise SSC SEDs PM1643a Series are a high-performance Self-Encrypting SSDs supporting SAS 12G Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, RSA PSS-2048 for FW authentication, and Hash_DRBG for key generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4034", "Certificate Number": "4034", "Vendor Name": "Oracle Corporation", "Module Name": "Oracle Solaris Kernel Cryptographic Framework", "Module Type": "Software", "Validation Date": "09/20/202101/30/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4034.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4034", "module_name": "Oracle Solaris Kernel Cryptographic Framework", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/19/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Oracle Solaris Kernel Cryptographic Framework module provides cryptographic functionality for the kernel module. The module provides encryption, decryption, hashing, signature generation and verification, secure random number generation, and message authentication functions. The module can leverage the algorithm acceleration from SPARC and x86 processors when available.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4032", "Certificate Number": "4032", "Vendor Name": "CliniComp, Intl.", "Module Name": "CliniComp Data Acquisition Cryptographic Module", "Module Type": "Software", "Validation Date": "09/17/202109/05/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4032.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4032", "module_name": "CliniComp Data Acquisition Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/16/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Medical device integration and data acquisition for all categories of devices including waveforms.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4025", "Certificate Number": "4025", "Vendor Name": "Intel Corporation", "Module Name": "Intel® Offload and Crypto Subsystem (OCS)", "Module Type": "Hardware", "Validation Date": "09/09/202108/23/202204/19/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4025.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4025", "module_name": "Intel® Offload and Crypto Subsystem (OCS)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/8/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The Intel® Offload and Crypto Subsystem (OCS) is classified as a single-chip hardware cryptographic module for FIPS 140-2 purpose.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4019", "Certificate Number": "4019", "Vendor Name": "Arista Networks, Inc.", "Module Name": "Arista EOS Crypto Module", "Module Type": "Software", "Validation Date": "08/30/202111/01/202101/17/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4019.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4019", "module_name": "Arista EOS Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Arista’s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency.", "detail_available": true, "algorithms": [ "AES", "DES", "DSA", "HMAC", "KDF", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4018", "Certificate Number": "4018", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 18.04 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "08/30/202109/21/202110/18/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4018.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4018", "module_name": "Ubuntu 18.04 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strength is modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 18.04 Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4017", "Certificate Number": "4017", "Vendor Name": "Taglio", "Module Name": "Taglio PIV Applet v2.1 on NXP JCOP 3 SecID P60 CS (OSB)", "Module Type": "Hardware", "Validation Date": "08/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4017.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4017", "module_name": "Taglio PIV Applet v2.1 on NXP JCOP 3 SecID P60 CS (OSB)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/26/2026", "overall_level": 2, "caveat": "When initialized and configured as specified in Section 8 of the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "detail_available": true, "description": "Taglio PIV Applet v2.1 is a Java Card applet that provides Certificate Based PKI security on the NXP JCOP 3 SecID P60 CS (OSB) smart card platform. The Taglio PIV Applet supports the PIV Card standard (NIST SP 800-73-4 ad SP 800-78-4) and is suitable for US Government (PIV), Federal Contractor (PIV-I), Enterprise (CIV) and Physical Access (PACS/FICAM) applications." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4013", "Certificate Number": "4013", "Vendor Name": "iStorage Ltd.", "Module Name": "iStorage datAshur BT", "Module Type": "Hardware", "Validation Date": "08/24/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4013.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4013", "module_name": "iStorage datAshur BT", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/23/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Hardware encrypted USB 3.0 flash drive with Bluetooth interface for authentication and configuration.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4011", "Certificate Number": "4011", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar® He¹° and Ultrastar® DC HC510 TCG Enterprise HDD", "Module Type": "Hardware", "Validation Date": "08/19/202102/18/202201/27/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4011.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4011", "module_name": "Ultrastar® He¹° and Ultrastar® DC HC510 TCG Enterprise HDD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/18/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Self-encrypting Ultrastar® He¹º and Ultrastar® DC HC510 TCG Enterprise HDDs, from Western Digital, meet or exceed the most demanding performance and security requirements. They incorporate third-generation HelioSeal® technology, use PMR technology and are the industry's first 10TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He¹º and Ultrastar DC HC510 provide the highest reliability rating available of all HDDs on the market today. They build on the design success of their 8TB and 6TB predecessors.", "detail_available": true, "algorithms": [ "AES", "DRBG" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4010", "Certificate Number": "4010", "Vendor Name": "Western Digital Corporation", "Module Name": "Ultrastar® He¹² and Ultrastar® DC HC520 TCG Enterprise HDD", "Module Type": "Hardware", "Validation Date": "08/19/202102/04/202205/06/202201/25/202309/01/202301/10/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4010.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4010", "module_name": "Ultrastar® He¹² and Ultrastar® DC HC520 TCG Enterprise HDD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/18/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Self-encrypting Ultrastar® He¹² and Ultrastar® DC HC520 TCG Enterprise HDDs, from Western Digital, meet or exceed the most demanding performance and security requirements. They incorporate fourth-generation HelioSeal® technology, use PMR technology and are the industry's first 12TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He¹² and Ultrastar DC HC520 provide the highest reliability rating available of all HDDs on the market today. They build on the design success of their 10TB, 8TB and 6TB predecessors", "detail_available": true, "algorithms": [ "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4006", "Certificate Number": "4006", "Vendor Name": "FireEye, Inc.", "Module Name": "FireEye NX Series: NX1500V, NX2500V, NX2550V, NX4500V, NX6500V", "Module Type": "Software", "Validation Date": "08/10/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4006.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4006", "module_name": "FireEye NX Series: NX1500V, NX2500V, NX2550V, NX4500V, NX6500V", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/9/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4003", "Certificate Number": "4003", "Vendor Name": "FEITIAN Technologies", "Module Name": "OTP Token", "Module Type": "Hardware", "Validation Date": "08/03/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4003.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4003", "module_name": "OTP Token", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/2/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "OTP Token enables strong authentication by positively identifying user with one-time passwords. Simply pressing the button OTP Token generates a secure event synchronous or time-based one-time password, ensuring properly identification and allowing only authorized access to critical applications and sensitive data.", "detail_available": true, "algorithms": [ "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3997", "Certificate Number": "3997", "Vendor Name": "Trellix", "Module Name": "Network Security Platform Sensor NS7500", "Module Type": "Hardware", "Validation Date": "08/03/202106/29/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3997.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3997", "module_name": "Network Security Platform Sensor NS7500", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/2/2026", "overall_level": 2, "caveat": "When operated with the tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3995", "Certificate Number": "3995", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "07/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3995.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3995", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/26/2026", "overall_level": 1, "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3993", "Certificate Number": "3993", "Vendor Name": "Mirantis, Inc.", "Module Name": "Mirantis Cryptographic Module NG", "Module Type": "Software", "Validation Date": "07/22/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3993.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3993", "module_name": "Mirantis Cryptographic Module NG", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Mirantis Cryptographic Module NG delivers core cryptographic functions for Mirantis platforms and features robust algorithm support, including Suite B algorithms. Mirantis Cryptographic Module NG offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted and verified implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3992", "Certificate Number": "3992", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Server libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "07/22/202111/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3992.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3992", "module_name": "SUSE Linux Enterprise Server libgcrypt Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in section 9 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Libgcrypt is a general purpose cryptographic library based on the code from GnuPG.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3991", "Certificate Number": "3991", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Server OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "07/22/202111/28/202110/12/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3991.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3991", "module_name": "SUSE Linux Enterprise Server OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in section 9 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3990", "Certificate Number": "3990", "Vendor Name": "NXP Semiconductors", "Module Name": "i.MX 8X SECO HSM", "Module Type": "Hardware", "Validation Date": "07/20/202101/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3990.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3990", "module_name": "i.MX 8X SECO HSM", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/19/2026", "overall_level": 3, "caveat": "When operated in FIPS mode and utilizing a Trusted Path as specified in the Security Policy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The i.MX 8X HSM extends the rich capabilities of the i.MX 8X family of products with advanced security and cryptographic capabilities. These HSM extensions implemented in the i.MX 8X integrated cryptographic module offer OEMs the capability to configure the part in the desired FIPS mode to support V2X or IoT use cases and more. The i.MX 8X cryptographic module is an integral part of the NXP i.MX 8X application processors and can be used together with other features offered by these SOCs to reduce both the OEM design bill of materials as well as time to market in security critical applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3989", "Certificate Number": "3989", "Vendor Name": "Quadient Technologies France", "Module Name": "Quadient Postal Security Device (PSD)", "Module Type": "Hardware", "Validation Date": "07/19/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3989.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3989", "module_name": "Quadient Postal Security Device (PSD)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/18/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Quadient Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3987", "Certificate Number": "3987", "Vendor Name": "Thales", "Module Name": "CipherTrust Transparent Encryption Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "07/19/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3987.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3987", "module_name": "CipherTrust Transparent Encryption Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode.", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Vormetric Transparent Encryption Cryptographic Module is a loadable kernel module. This module comprises a layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Transparent Encryption Cryptographic Library, which provides all cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3986", "Certificate Number": "3986", "Vendor Name": "Infinera Corporation", "Module Name": "mTera 8-slot Universal Transport Platform", "Module Type": "Hardware", "Validation Date": "07/18/202108/15/202309/14/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3986.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3986", "module_name": "mTera 8-slot Universal Transport Platform", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/17/2026", "overall_level": 2, "caveat": "When operated in FIPS mode; When installed, initialized and configured as specified in Section 11 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The mTera 8-slot Universal Transport Platform is a flexible and scalable universal transport platform that can dynamically adapt to changing traffic patterns and address multiple use cases. Its capacity ranges from 1.6Tbps to 4.0Tbps.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3983", "Certificate Number": "3983", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC", "Module Type": "Hardware", "Validation Date": "07/15/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3983.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3983", "module_name": "KIOXIA TCG OPAL SSC Crypto Sub-Chip TC58NC1132GTC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/14/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The KIOXIA TCG OPAL SSC Crypto Sub-Chip is used for NVMe solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3980", "Certificate Number": "3980", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 18.04 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "07/12/202109/21/202110/18/202111/23/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3980.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3980", "module_name": "Ubuntu 18.04 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/11/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3979", "Certificate Number": "3979", "Vendor Name": "FEITIAN Technologies Co., Ltd.", "Module Name": "FEITIAN Biometric FIDO Key Module", "Module Type": "Hardware", "Validation Date": "07/12/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3979.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3979", "module_name": "FEITIAN Biometric FIDO Key Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/11/2026", "overall_level": 2, "caveat": "When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "FEITIAN Biometric FIDO Key Module is built on FIDO2 and U2F specification which is issued and promoted by FIDO Alliance to drive and enable a real passwordless multi-factor authentication.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3978", "Certificate Number": "3978", "Vendor Name": "Corelight Inc.", "Module Name": "Corelight Cryptographic Module", "Module Type": "Software", "Validation Date": "07/12/202110/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3978.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3978", "module_name": "Corelight Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Corelight's Network Detection and Response (NDR) solutions transform raw traffic into comprehensive evidence and actionable insights that accelerate incident response and unlock powerful hunting capabilities in SIEM platforms. The module delivers core cryptographic functions for robust algorithm support, secure key management, data integrity, and secure communications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3977", "Certificate Number": "3977", "Vendor Name": "Pavilion Data Systems", "Module Name": "Pavilion Cryptographic Module", "Module Type": "Software-Hybrid", "Validation Date": "07/12/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3977.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3977", "module_name": "Pavilion Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/11/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The Pavilion Encryption Module is a standalone cryptographic module for the Pavilion Operating System (PavilionOS) for Pavilion Hyperparallel Flash Arrays. PavilionOS allows customers to take advantage of unprecedented performance for all applications by being the first solution to support high performance with ultra-low latency for local block, file and object workloads simultaneously. The Pavilion Encryption Module allows for inline encryption of data using either internally managed keys or through integration with KMIP.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3975", "Certificate Number": "3975", "Vendor Name": "VMware, Inc.", "Module Name": "VMware's SD-WAN VPN Crypto Module", "Module Type": "Software", "Validation Date": "07/12/202111/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3975.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3975", "module_name": "VMware's SD-WAN VPN Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/11/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "VMware's SD-WAN VPN Crypto Module is a software module that is used by various VMware products to provide confidentiality and integrity to data plane traffic.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3973", "Certificate Number": "3973", "Vendor Name": "VMware, Inc.", "Module Name": "VMware's SD-WAN VPN Hybrid Crypto Module", "Module Type": "Software-Hybrid", "Validation Date": "07/07/202111/01/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3973.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3973", "module_name": "VMware's SD-WAN VPN Hybrid Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/6/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "VMware’s SD-WAN VPN Hybrid Crypto Module is a cryptographic module that is used in different products to provide confidentiality and integrity to data plane traffic.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3971", "Certificate Number": "3971", "Vendor Name": "Unisys Corporation", "Module Name": "Unisys Linux strongSwan Cryptographic Module", "Module Type": "Software", "Validation Date": "07/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3971.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3971", "module_name": "Unisys Linux strongSwan Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/5/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Unisys Linux OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #3959 operating in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a software-shared cryptographic library that provides key derivation functions for the Internet Key Exchange (IKE) protocol in the Ubuntu operating system user space. The module is defined as a multi-chip standalone module, as defined by FIPS PUB 140-2. This module implements a KDF for IKEv1 and IKEv2 that complies with the requirements of SP 800-135rev1.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3970", "Certificate Number": "3970", "Vendor Name": "Integral Memory Plc", "Module Name": "Integral AES 256 Bit Crypto SSD Underlying PCB", "Module Type": "Hardware", "Validation Date": "07/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3970.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3970", "module_name": "Integral AES 256 Bit Crypto SSD Underlying PCB", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/5/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Integral Crypto SSD is the Full Disk Encryption solution for Windows and Linux desktops and laptops. Featuring government department approved military-level AES 256-bit Hardware Encryption it comes in 2.5\" SATA III, M.2 2280 SATA III and M.2 2280 MVMe in the following capacities: 128GB to 4TB.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3969", "Certificate Number": "3969", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola GGM 8000 Gateway", "Module Type": "Hardware", "Validation Date": "07/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3969.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3969", "module_name": "Motorola GGM 8000 Gateway", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/5/2026", "overall_level": 2, "caveat": "When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a modular purpose-build gateway that can be configured to support a variety of public safety network applications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3968", "Certificate Number": "3968", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE-S-X6-64G Routing Engine and Multiservices MPC", "Module Type": "Hardware", "Validation Date": "07/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3968.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3968", "module_name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE-S-X6-64G Routing Engine and Multiservices MPC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/5/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX Series is a robust portfolio of SDN enabled routing platforms that provide industry leading system capacity, density, security and performance. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services. Multiservices MPC supports Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring and RPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3966", "Certificate Number": "3966", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 OpenSSL Cryptographic Module", "Module Type": "Software", "Validation Date": "07/06/202110/18/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3966.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3966", "module_name": "Ubuntu 20.04 OpenSSL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/5/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3965", "Certificate Number": "3965", "Vendor Name": "KIOXIA Corporation", "Module Name": "KIOXIA TCG Enterprise SSC Crypto Sub-Chip TC58NC1132GTC", "Module Type": "Hardware", "Validation Date": "07/05/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3965.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3965", "module_name": "KIOXIA TCG Enterprise SSC Crypto Sub-Chip TC58NC1132GTC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "7/4/2026", "overall_level": 2, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The KIOXIA TCG Enterprise SSC Crypto Sub-Chip is used for SAS solid state drive data security.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3964", "Certificate Number": "3964", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Motorola Network Router (MNR) S6000", "Module Type": "Hardware", "Validation Date": "07/01/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3964.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3964", "module_name": "Motorola Network Router (MNR) S6000", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/30/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a network router supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3963", "Certificate Number": "3963", "Vendor Name": "Envieta Systems LLC", "Module Name": "Envieta QFlex Hardware Security Module", "Module Type": "Hardware", "Validation Date": "06/30/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3963.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3963", "module_name": "Envieta QFlex Hardware Security Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/29/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Envieta QFlex HSM is designed, engineered, and manufactured in the United States, offering top of the market performance for a fraction of the cost. QFlex’s integrated FPGA fabric provides organizations the capability to run accelerated proprietary algorithms inside the security perimeter of the HSM. This unique solution provides the lowest cost per operation on the market today, making QFlex the clear choice to satisfy enterprise capacity requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3962", "Certificate Number": "3962", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "06/30/202111/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3962.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3962", "module_name": "SUSE Linux Enterprise Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in section 10.1 of the Security Policy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "z SUSE Linux Enterprise Kernel Crypto API Module provides cryptographic services to the Linux operating system kernel.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3959", "Certificate Number": "3959", "Vendor Name": "Unisys Corporation", "Module Name": "Unisys Linux OpenSSL FIPS Object Module", "Module Type": "Software", "Validation Date": "06/22/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3959.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3959", "module_name": "Unisys Linux OpenSSL FIPS Object Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The module is a software library providing a C-language Application Program Interface (API) for use by other processes that require cryptographic functionality.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3957", "Certificate Number": "3957", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Server GnuTLS Cryptographic Module", "Module Type": "Software", "Validation Date": "06/17/202111/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3957.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3957", "module_name": "SUSE Linux Enterprise Server GnuTLS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/16/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "GnuTLS is a secure communications library implementing the TLS protocol. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS#12, and other required structures which is shipped with SUSE Linux Enterprise Server.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3955", "Certificate Number": "3955", "Vendor Name": "Oracle Communications", "Module Name": "Acme Packet 4600 and Acme Packet 6300 and Acme Packet 6350", "Module Type": "Hardware", "Validation Date": "06/14/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3955.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3955", "module_name": "Acme Packet 4600 and Acme Packet 6300 and Acme Packet 6350", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/13/2026", "overall_level": 1, "caveat": "When installed, initialized and configured as specified in Section 9 of the Security Policy and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Acme Packet 4600, 6300 and 6350 appliances are specifically designed to meet the unique price performance and manageability requirements of the small to medium sized enterprise and remote office/ branch office. Ideal for small site border control and Session Initiation Protocol (SIP) trunking service termination applications, the Acme Packet 4600, 6300 and 6350 appliances delivers Oracle’s industry leading ESBC capabilities in a small form factor appliance.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3953", "Certificate Number": "3953", "Vendor Name": "", "Module Name": "", "Module Type": "Hardware", "Validation Date": "06/09/202106/23/202104/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3953.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3953", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/8/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3952", "Certificate Number": "3952", "Vendor Name": "Adva Network Security GmbH", "Module Name": "WCC-PCN-AES100GB-F Encryption Module with FSP 3000R7 Shelf", "Module Type": "Hardware", "Validation Date": "06/08/202109/13/202201/21/2026", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3952.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3952", "module_name": "WCC-PCN-AES100GB-F Encryption Module with FSP 3000R7 Shelf", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/7/2026", "overall_level": 2, "caveat": "When operated with tamper-evident seals and wire seal installed as indicated in Section 5 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The WCC-PCN-AES100GB-F Encryption Module is a transponder for core telecommunication networks. The module transports plaintext 100GbE or OTU4 client side data services to and from the encrypted network interface. The module is a configuration of the ADVA Fiber Service Platform (FSP) 3000R7 scalable optical data transport system. The encryption module is composed of a WCC-PCN-AES100GB-F card assembly installed in a customer-chosen ADVA FSP 3000R7 shelf. ADVA FSP 3000R7 shelves are available in various form factors to host customer-chosen combinations of modular functionality and density.", "detail_available": true, "algorithms": [ "AES", "DRBG", "DSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3951", "Certificate Number": "3951", "Vendor Name": "Advantech Co., Ltd.", "Module Name": "SQFlash FIPS Certified SSD", "Module Type": "Hardware", "Validation Date": "06/08/202108/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3951.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3951", "module_name": "SQFlash FIPS Certified SSD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/7/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in the Security Rules Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "Advantech SQF FIPS products are industry-leading SSDs in the industry. SQF FIPS provides suitable SQF 840F (SATA 6.0Gbs) and SQF 920F (PCIe Gen.3 x4) SSD solutions according to different interface specifications. It's delivering high performance, low latency, and high availability, and included TCG OPAL self-encrypting support.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3949", "Certificate Number": "3949", "Vendor Name": "Fescaro Co. Ltd.", "Module Name": "FAST C-LIB", "Module Type": "Software", "Validation Date": "06/07/202109/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3949.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3949", "module_name": "FAST C-LIB", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/6/2026", "overall_level": 1, "caveat": "None", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "FAST C-LIB is software cryptographic library embedded in vehicle ECUs. FAST C-LIB is used to meet OEM’s automotive security requirements. For example, FAST C-LIB is used to implement secure In-Vehicle communication and secure V2X communication.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3948", "Certificate Number": "3948", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3", "Module Type": "Hardware", "Validation Date": "06/07/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3948.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3948", "module_name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/6/2026", "overall_level": 3, "module_type": "Hardware", "embodiment": "Single Chip", "description": "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management.", "detail_available": true, "caveat": "When operated in FIPS mode and configured to Overall Level 3 per Section 2 of the Security Policy", "algorithms": [ "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3947", "Certificate Number": "3947", "Vendor Name": "Motorola Solutions, Inc.", "Module Name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2", "Module Type": "Hardware", "Validation Date": "06/07/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3947.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3947", "module_name": "Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "6/6/2026", "overall_level": 2, "module_type": "Hardware", "embodiment": "Single Chip", "description": "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management.", "detail_available": true, "caveat": "When operated in FIPS mode and configured to Overall Level 2 per Section 2 of the Security Policy", "algorithms": [ "DES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3940", "Certificate Number": "3940", "Vendor Name": "UD info Corp.", "Module Name": "UD info DA-series FIPS SSD", "Module Type": "Hardware", "Validation Date": "06/01/202105/17/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3940.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3940", "module_name": "UD info DA-series FIPS SSD", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/31/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in the Security Rules Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "UD info DA-series FIPS SSD is a Cryptographic Module (CM) series providing various cryptographic services by FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3939", "Certificate Number": "3939", "Vendor Name": "Red Hat®, Inc.", "Module Name": "Red Hat Enterprise Linux 7 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "06/01/202110/01/202110/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3939.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3939", "module_name": "Red Hat Enterprise Linux 7 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/31/2026", "overall_level": 1, "caveat": "When operated in FIPS mode with module Red Hat Enterprise Linux 7 NSS Module validated to FIPS 140-2 under Cert. #3860 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3938", "Certificate Number": "3938", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers and EX9204, EX9208, EX9214 Ethernet Switches with RE-S-X6-64G/RE-S-X6-128G/EX9200-RE2 Routing Engine and MPC7E-10G/EX9200-40XS MACsec Card", "Module Type": "Hardware", "Validation Date": "05/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3938.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3938", "module_name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers and EX9204, EX9208, EX9214 Ethernet Switches with RE-S-X6-64G/RE-S-X6-128G/EX9200-RE2 Routing Engine and MPC7E-10G/EX9200-40XS MACsec Card", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/26/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX and EX9200 Series is a robust portfolio of SDN enabled routing and switching platforms that provide industry leading system capacity,density,security and performance. MPC7E-10G/EX9200-40XS supports 40 ports of 10gbps with GCM-AES-256 MACSEC encryption.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3936", "Certificate Number": "3936", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX104 3D Universal Edge Router with the Multiservices MIC", "Module Type": "Hardware", "Validation Date": "05/26/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3936.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3936", "module_name": "Juniper Networks MX104 3D Universal Edge Router with the Multiservices MIC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "MX104 3D Universal Edge router is a modular, highly redundant, mobile back haul optimized full featured MX series platform built for space and power constrained service provider and enterprise facilities. Multiservices MIC supports Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring and RPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3935", "Certificate Number": "3935", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE1800 Routing Engine and MPC7E-10G MACsec Card", "Module Type": "Hardware", "Validation Date": "05/26/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3935.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3935", "module_name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE1800 Routing Engine and MPC7E-10G MACsec Card", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX Series is a robust portfolio of SDN enabled routing and switching platforms that provide industry leading system capacity,density,security and performance. MPC7E-10G supports 40 ports of 10gbps with GCM-AES-256 MACSEC encryption.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3934", "Certificate Number": "3934", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE1800 Routing Engine and Multiservices MPC", "Module Type": "Hardware", "Validation Date": "05/26/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3934.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3934", "module_name": "Juniper Networks MX240, MX480, MX960 3D Universal Edge Routers with RE1800 Routing Engine and Multiservices MPC", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Section 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Juniper Networks MX Series is a robust portfolio of SDN enabled routing platforms that provide industry leading system capacity, density, security and performance. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services. Multiservices MPC supports Layer 3 services such as stateful firewall, NAT, IPsec, active flow monitoring and RPM.", "detail_available": true, "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDH", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3933", "Certificate Number": "3933", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "NPCT7xx TPM 2.0 rev 1.38", "Module Type": "Hardware", "Validation Date": "05/26/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3933.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3933", "module_name": "NPCT7xx TPM 2.0 rev 1.38", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/25/2026", "overall_level": 2, "caveat": "When installed, initialized, and configured as specified in the Security Policy Section 9.2 and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton NPCT7xx TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3932", "Certificate Number": "3932", "Vendor Name": "Private Machines Inc.", "Module Name": "ENFORCER R1", "Module Type": "Hardware", "Validation Date": "05/24/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3932.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3932", "module_name": "ENFORCER R1", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/23/2026", "overall_level": 4, "caveat": "When utilizing a Trusted Path as specified in the security policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The ENFORCER R1 provides a physically secure, Level 4 enclosure protecting CSPs and cryptographic data. A physical tamper event on the enclosure immediately zeroizes module CSPs. It provides a KMIP (Key Management Interoperability Protocol) service for key management to external users. It also provides additional services for module management, module configuration, and for building higher-level application scenarios such as integration into cloud and data center environments.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3931", "Certificate Number": "3931", "Vendor Name": "Aruba, a Hewlett Packard Enterprise company", "Module Name": "Aruba 9004 Series Gateway with ArubaOS FIPS Firmware", "Module Type": "Hardware", "Validation Date": "05/24/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3931.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3931", "module_name": "Aruba 9004 Series Gateway with ArubaOS FIPS Firmware", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/23/2026", "overall_level": 2, "caveat": "When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. When installed, initialized and configured as specified in Section 13 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "Aruba's family of Gateways are network infrastructure devices providing secure, scalable solutions for branch and small campus networks. The Gateways provide network security policy enforcement firewall with Deep Packet Inspection, enterprise Wi-Fi, WLAN, LAN and VPN services including Aruba Dynamic Segmentation, flexible connectivity options, integrated device profiling, and role-based wireless intrusion detection and prevention (IDS/IPS). Gateways serve as central points of authentication, encryption, access control, and network coordination for all mobile network services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3928", "Certificate Number": "3928", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 Kernel Crypto API Cryptographic Module", "Module Type": "Software", "Validation Date": "05/19/202110/18/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3928.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3928", "module_name": "Ubuntu 20.04 Kernel Crypto API Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/18/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Ubuntu 20.04 Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3926", "Certificate Number": "3926", "Vendor Name": "DIGISTOR", "Module Name": "DIGISTOR TCG OPAL SSC FIPS SSD Series", "Module Type": "Hardware", "Validation Date": "05/11/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3926.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3926", "module_name": "DIGISTOR TCG OPAL SSC FIPS SSD Series", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/10/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in the Security Rules Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "The DIGISTOR® Secure Data Storage TCG Opal SSC FIPS 140-2 Self-Encrypting SSD Series covers all critical storage form factors and connection types from 2.5\" SATA to M.2 SATA and PCIe Gen 3x4 NVMe high-speed storage. DIGISTOR® Secure SSD drives meet the performance and security requirements of the most demanding data security applications. The cryptographic module (CM) provides a wide range of cryptographic services ensuring that the firmware integrity, encryption technology and physical security of the SSD all meet the requirements set forth by the Federal Information Processing Standard.", "algorithms": [ "AES", "DRBG", "HMAC", "KTS", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3925", "Certificate Number": "3925", "Vendor Name": "Utimaco IS GmbH", "Module Name": "CryptoServer Se-Series Gen2", "Module Type": "Hardware", "Validation Date": "05/10/202108/02/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3925.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3925", "module_name": "CryptoServer Se-Series Gen2", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/9/2026", "overall_level": 3, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The CryptoServer Se-Series Gen2 is an encapsulated, protected security module realized as a multi-chip embedded cryptographic module as defined in FIPS 140-2. Its realization meets the overall FIPS 140-2 Level 3 requirements. The module's primary purpose is to provide secure cryptographic services such as encryption or decryption (for various cryptographic algorithms like AES and Triple-DES), hashing, signing and verification of data (RSA, ECDSA, DSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3923", "Certificate Number": "3923", "Vendor Name": "Microsoft Corporation", "Module Name": "Boot Manager", "Module Type": "Software", "Validation Date": "05/10/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3923.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3923", "module_name": "Boot Manager", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3922", "Certificate Number": "3922", "Vendor Name": "SUSE, LLC", "Module Name": "SUSE Linux Enterprise Server NSS Cryptographic Module", "Module Type": "Software", "Validation Date": "05/09/202111/28/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3922.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3922", "module_name": "SUSE Linux Enterprise Server NSS Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/8/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3920", "Certificate Number": "3920", "Vendor Name": "Broadcom, Inc.", "Module Name": "BCM58200 Series: BCM58201, BCM58202", "Module Type": "Hardware", "Validation Date": "05/03/202105/31/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3920.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3920", "module_name": "BCM58200 Series: BCM58201, BCM58202", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 3, "caveat": "The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Highly integrated, low power, security processor with rich peripheral connection options like USB, NFC, Contacted Smart Card, SPI, ADC, MIPI, UART etc.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3916", "Certificate Number": "3916", "Vendor Name": "Yubico, Inc.", "Module Name": "YubiHSM 2 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "05/03/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3916.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3916", "module_name": "YubiHSM 2 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 3, "caveat": "When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The YubiHSM 2 is a USB-based, multi-purpose cryptographic device that is primarily used in servers. It is optimized for a small form factor and low power requirements.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3915", "Certificate Number": "3915", "Vendor Name": "ZOLL Medical Corporation", "Module Name": "ZOLL Cryptographic Module", "Module Type": "Software", "Validation Date": "05/03/202109/22/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3915.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3915", "module_name": "ZOLL Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The ZOLL Cryptographic Module provides cryptographic functionality for the R Series product suite.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3914", "Certificate Number": "3914", "Vendor Name": "Yubico, Inc.", "Module Name": "YubiKey 5 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "05/03/202108/19/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3914.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3914", "module_name": "YubiKey 5 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 2, "caveat": "When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication.The module implements five major functions - Yubico One Time Password (OTP), FIDO2, PIV-compatible smart card, OpenPGP smart card and OATH OTP authentication.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3911", "Certificate Number": "3911", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Secure Processing Unit (SPU) Random Number Generator (RNG)", "Module Type": "Hardware", "Validation Date": "05/03/202107/13/202208/23/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3911.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3911", "module_name": "Qualcomm® Secure Processing Unit (SPU) Random Number Generator (RNG)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/2/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm SPU Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3910", "Certificate Number": "3910", "Vendor Name": "Curtiss-Wright Defense Solutions", "Module Name": "FSM-2 Flash Storage Cryptographic Module", "Module Type": "Hardware", "Validation Date": "04/27/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3910.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3910", "module_name": "FSM-2 Flash Storage Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "4/26/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. When installed with the tamper evident seals, initialized and configured as specified in Section 3 of the Security Policy.", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3908", "Certificate Number": "3908", "Vendor Name": "Juniper Networks, Inc.", "Module Name": "Juniper Networks NFX250 Network Services Platform", "Module Type": "Hardware", "Validation Date": "04/23/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3908.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3908", "module_name": "Juniper Networks NFX250 Network Services Platform", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "4/22/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized and configured as specified in Sections 1.2 and 6 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The NFX250 Network Services Platform provides multiple network connections and an open, standards-based architecture. It uses SRX Series next-generation firewall software for security. The NFX250 delivers business services, such as SD-WAN. It is for enterprise organizations and for service providers that deliver managed services to the enterprise.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KDF", "RSA", "SHA", "SHS", "SSH" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3907", "Certificate Number": "3907", "Vendor Name": "Yubico, Inc.", "Module Name": "YubiKey 5 Cryptographic Module", "Module Type": "Hardware", "Validation Date": "04/22/202108/19/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3907.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3907", "module_name": "YubiKey 5 Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "4/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode, installed, initialized, and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The YubiKey 5 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB and/or NFC security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence. The module implements several major functions - Yubico One Time Password (OTP), FIDO/FIDO2, FIDO/U2F, PIV-compatible smart card, OpenPGP smart card, and OATH OTP authentication.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3903", "Certificate Number": "3903", "Vendor Name": "Focus Systems Corporation", "Module Name": "MonoCrypt AES Enhanced Crypto Library", "Module Type": "Software", "Validation Date": "04/22/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3903.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3903", "module_name": "MonoCrypt AES Enhanced Crypto Library", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "4/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "MonoCrypt AES Enhanced Crypto Library (MonocryptAES) is a software module and is defined as a multi-chip standalone module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3902", "Certificate Number": "3902", "Vendor Name": "Canonical Ltd.", "Module Name": "Ubuntu 20.04 Libgcrypt Cryptographic Module", "Module Type": "Software", "Validation Date": "04/20/202110/18/202104/11/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3902.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3902", "module_name": "Ubuntu 20.04 Libgcrypt Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "4/19/2026", "overall_level": 1, "caveat": "When operated in FIPS mode and installed, initialized and configured as specified in Section 9.1 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The libgcrypt library implementation providing cryptographic services to Linux user space software components in general and to GnuPG in particular.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3694", "Certificate Number": "3694", "Vendor Name": "CGI Federal Inc.", "Module Name": "CGI Momentum™ C++ Cryptographic Module", "Module Type": "Software", "Validation Date": "07/31/202003/16/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3694.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3694", "module_name": "CGI Momentum™ C++ Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CGI Momentum™ C++ Cryptographic Module implements wide array of cryptographic algorithms including Suite B algorithms. CGI Momentum™ product suite uses this module for low level crypto function thus providing data at rest encryption, transport level encryption, PKI key management, digital signature generation and other crypto operations through a trusted and verified implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3475", "Certificate Number": "3475", "Vendor Name": "Aviatrix Systems Inc.", "Module Name": "Aviatrix Cryptographic Module", "Module Type": "Software", "Validation Date": "06/14/201911/06/201903/16/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3475.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3475", "module_name": "Aviatrix Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Aviatrix Cryptographic Module is used in Aviatrix Secure Networking Platform to provide robust algorithm support, including Suite B algorithm compliance for secure network communication.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3470", "Certificate Number": "3470", "Vendor Name": "Crestron Electronics, Inc.", "Module Name": "Crestron Crypto Kernel for OpenSSL", "Module Type": "Software", "Validation Date": "06/07/201903/16/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3470.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3470", "module_name": "Crestron Crypto Kernel for OpenSSL", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3273.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Crestron Crypto Kernel for OpenSSL features robust algorithm support, including Suite B algorithm compliance. This module offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3316", "Certificate Number": "3316", "Vendor Name": "Seagate Technology, LLC", "Module Name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "10/31/201803/01/201906/06/201909/27/201905/06/202009/18/202001/22/202105/21/202112/13/202112/14/202104/04/202306/02/202304/04/202402/18/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3316.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3316", "module_name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 7 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided through in", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3273", "Certificate Number": "3273", "Vendor Name": "SafeLogic Inc.", "Module Name": "CryptoComply for Server", "Module Type": "Software", "Validation Date": "08/29/201810/16/202003/02/202109/12/202210/06/202211/01/202204/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3273.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3273", "module_name": "CryptoComply for Server", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "SafeLogic's CryptoComply for Server is designed to provide FIPS 140-2 validated cryptographic functionality and is available for licensing.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3257", "Certificate Number": "3257", "Vendor Name": "Texas Instruments Inc.", "Module Name": "WiLink™ 8 Cryptographic Engine", "Module Type": "Hardware", "Validation Date": "08/09/201809/04/202002/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3257.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3257", "module_name": "WiLink™ 8 Cryptographic Engine", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "The WiLink™ 8 Cryptographic Engine provides the crypto support to the WiLink™ WL1837MOD, which is a Wi-Fi, dual-band, 2.4-GHz and 5-GHz module solution offering high throughput and extended range along with Wi-Fi® and Bluetooth® coexistence in a power-optimized design.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3252", "Certificate Number": "3252", "Vendor Name": "Seagate Technology LLC", "Module Name": "Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module", "Module Type": "Hardware", "Validation Date": "08/01/201801/31/201907/10/201908/15/201909/18/202008/10/202111/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3252.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3252", "module_name": "Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode. This validation entry is a non-security-relevant modification to Cert. #2695", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "detail_available": true, "description": "The ‘Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module’ is embodied in Seagate Laptop thin and Laptop Self-Encrypting Drive model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface.", "algorithms": [ "AES", "CVL", "DRBG", "DSA", "HMAC", "KDF", "RSA", "SHA", "SHS", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3187", "Certificate Number": "3187", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "NPCT7xx TPM 2.0", "Module Type": "Hardware", "Validation Date": "05/31/201804/05/201910/01/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3187.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3187", "module_name": "NPCT7xx TPM 2.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized, and configured as specified in the Security Policy Section 9.2 and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton NPCT7xx TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3178", "Certificate Number": "3178", "Vendor Name": "Tintri by DDN, Inc.", "Module Name": "Tintri Cryptographic Module", "Module Type": "Software", "Validation Date": "04/27/201802/10/202209/13/202206/08/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3178.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3178", "module_name": "Tintri Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "The output of the DRBG may not be used to generate keys. When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Tintri Cryptographic Module is a repackaged copy of OpenSSL which includes AES-GCM, AES-CBC, HMAC-SHA1, and DRBG. No modifications to the software content have been made, and no modifications to the algorithms implemented by the module have been made.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3159", "Certificate Number": "3159", "Vendor Name": "Zscaler Inc.", "Module Name": "Zscaler Crypto Module", "Module Type": "Software", "Validation Date": "03/26/201807/06/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3159.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3159", "module_name": "Zscaler Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #2038.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Zscaler Crypto Module ™ offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3154", "Certificate Number": "3154", "Vendor Name": "Zscaler Inc.", "Module Name": "Zscaler Mobile Cryptographic Module", "Module Type": "Software", "Validation Date": "03/19/201803/09/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3154.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3154", "module_name": "Zscaler Mobile Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security-relevant modification to Cert. #1938.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Zscaler Mobile Cryptographic Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2969", "Certificate Number": "2969", "Vendor Name": "Trellix", "Module Name": "Trellix OpenSSL FIPS Object Module", "Module Type": "Software", "Validation Date": "07/25/201711/16/201707/28/202107/11/202207/20/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2969.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2969", "module_name": "Trellix OpenSSL FIPS Object Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Trellix OpenSSL FIPS module provides cryptographic services for Trellix products.", "detail_available": true, "algorithms": [ "DES", "DSA", "ECDSA", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2946", "Certificate Number": "2946", "Vendor Name": "Bull Atos Technologies", "Module Name": "CHR Cryptographic Module", "Module Type": "Hardware", "Validation Date": "06/29/201704/14/202208/23/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2946.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2946", "module_name": "CHR Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 3, "caveat": "None", "module_type": "Hardware", "embodiment": "Multi-Chip Stand Alone", "description": "The Atos CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by Atos as Application Provider and known as \"CRYPT2Protect HR\" and \"CRYPT2Pay HR\" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2886", "Certificate Number": "2886", "Vendor Name": "Seagate Technology LLC", "Module Name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "04/20/201703/26/201807/15/201905/06/202001/22/202105/21/202103/20/202309/18/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2886.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2886", "module_name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download.", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "HMAC", "KAS", "KDF", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2872", "Certificate Number": "2872", "Vendor Name": "Veeam Software Corporation", "Module Name": "Veeam Cryptographic Module", "Module Type": "Software", "Validation Date": "03/30/201708/10/202112/21/202111/03/2023", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2872.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2872", "module_name": "Veeam Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #2038", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Veeam Cryptographic Module provides cryptographic functions for the Veeam Availability Suite and Veeam Agent for Mac. These functions are used for protecting data in transit and at rest using standards based and trusted algorithms.", "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2815", "Certificate Number": "2815", "Vendor Name": "CTERA Networks Ltd.", "Module Name": "CTERA Crypto Module", "Module Type": "Software", "Validation Date": "01/12/201701/17/201712/11/201803/18/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2815.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2815", "module_name": "CTERA Crypto Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #2038.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "CTERA Crypto Module™ (Server) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2796", "Certificate Number": "2796", "Vendor Name": "Seagate Technology, LLC", "Module Name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "Module Type": "Hardware", "Validation Date": "11/22/201603/07/201706/22/201709/11/201712/01/201703/22/201807/03/201809/24/201801/28/201902/19/201903/25/201907/15/201910/02/201901/16/202005/06/202007/06/202012/01/202003/10/202105/21/202108/03/202112/13/202112/14/202103/20/202309/18/202309/22/202302/26/202408/12/202402/18/202509/19/2025", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2796.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2796", "module_name": "Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized and configured as specified in Section 7 of the Security Policy", "module_type": "Hardware", "embodiment": "Multi-Chip Embedded", "description": "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided throug", "detail_available": true, "algorithms": [ "AES", "CVL", "DRBG", "DSA", "HMAC", "KDF", "RSA", "SHA", "TLS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2788", "Certificate Number": "2788", "Vendor Name": "Check Point Software Technologies Ltd.", "Module Name": "Harmony Endpoint FDE and MEPP CryptoCore", "Module Type": "Software", "Validation Date": "11/07/201607/16/201905/17/202207/22/202210/14/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2788.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2788", "module_name": "Harmony Endpoint FDE and MEPP CryptoCore", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. No assurance of the minimum strength of generated keys", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "Check Point CryptoCore is a 140-2 Level 1 cryptographic module for Windows 10 and macOS Sierra. The module provides cryptographic services accessible in kernel mode and user mode on the respective platforms through implementation of platform specific binaries.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2691", "Certificate Number": "2691", "Vendor Name": "IBM® Corporation", "Module Name": "IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1], IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2], IBM® z/OS® Version 2 Release 3 Security Server RACF® Signature Verification Module [3] and IBM® z/OS® Version 2 Release 4 Security Server RACF® Signature Verification Module [4][5]", "Module Type": "Software-Hybrid", "Validation Date": "07/28/201604/25/201705/09/201706/01/201710/31/201702/07/201902/19/201904/22/202009/08/202008/13/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2691.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2691", "module_name": "IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1], IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2], IBM® z/OS® Version 2 Release 3 Security Server RACF® Signature Verification Module [3] and IBM® z/OS® Version 2 Release 4 Security Server RACF® Signature Verification Module [4][5]", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/12/2026", "overall_level": 1, "caveat": "None", "module_type": "Software-Hybrid", "embodiment": "Multi-Chip Stand Alone", "description": "The z/OS RACF Program Signature Verification package consists of the core module (IRRPVERS) that is utilized when verifying signed code as it is loaded as well as an auxiliary module responsible for driving the initialization of IRRPVERS. The RACF Program Signature Verification module consists of software-based cryptographic algorithms, as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF).", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2659", "Certificate Number": "2659", "Vendor Name": "L3Harris Technologies, Inc.", "Module Name": "eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module", "Module Type": "Firmware", "Validation Date": "06/16/201612/13/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2659.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2659", "module_name": "eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "None", "module_type": "Firmware", "embodiment": "Multi-Chip Embedded", "description": "A software-based AES implementation in a Cockpit Voice and Flight Data Recorder (CVFDR) that supports 128, 192, and 256 bit key lengths. Various data types can be selected for encryption prior to being recorded in a crash-protected module.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2627", "Certificate Number": "2627", "Vendor Name": "Nuvoton Technology Corporation", "Module Name": "NPCT6XX TPM 2.0", "Module Type": "Hardware", "Validation Date": "04/28/201608/25/201603/14/201702/15/201810/25/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2627.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2627", "module_name": "NPCT6XX TPM 2.0", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When installed, initialized, and configured as specified in the Security Policy Section 8 and operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Nuvoton NPCT6XX TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2623", "Certificate Number": "2623", "Vendor Name": "Veritas Technologies LLC", "Module Name": "Veritas Cryptographic Module", "Module Type": "Software", "Validation Date": "04/25/201605/10/201606/24/202006/29/202007/07/202003/15/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2623.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2623", "module_name": "Veritas Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #2038.", "module_type": "Software", "embodiment": "Multi-Chip Stand Alone", "description": "The Veritas Cryptographic Module from Veritas provides cryptographic services which are used to encrypt the data at rest and in the secure communication with a trusted third party.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2614", "Certificate Number": "2614", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Crypto Engine Core", "Module Type": "Hardware", "Validation Date": "04/11/201602/12/201801/12/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2614.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2614", "module_name": "Qualcomm® Crypto Engine Core", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 2, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Single Chip", "description": "QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2588", "Certificate Number": "2588", "Vendor Name": "Qualcomm Technologies, Inc.", "Module Name": "Qualcomm® Inline Crypto Engine (SDCC)", "Module Type": "Hardware", "Validation Date": "03/22/201602/12/201808/17/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2588.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2588", "module_name": "Qualcomm® Inline Crypto Engine (SDCC)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/16/2026", "overall_level": 1, "caveat": "None", "module_type": "Hardware", "embodiment": "Single Chip", "description": "Qualcomm Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2503", "Certificate Number": "2503", "Vendor Name": "L3Harris Technologies, Inc.", "Module Name": "Harris AES Load Module", "Module Type": "Firmware", "Validation Date": "12/18/201505/28/202103/03/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2503.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2503", "module_name": "Harris AES Load Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "5/27/2026", "overall_level": 1, "caveat": "None", "module_type": "Firmware", "embodiment": "Multi-Chip Stand Alone", "detail_available": true, "description": "The Harris AES Load Module is a firmware module which supports secure voice and data communications by providing Advanced Encryption Standard (AES) algorithm encryption/decryption as specified in FIPS 197. It interacts with a Digital Signal Processor (DSP) application executing on the Harris XL family of radios and other terminal products in order to provide its services to those terminals.", "algorithms": [ "AES", "KTS", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2340", "Certificate Number": "2340", "Vendor Name": "Veritas Technologies LLC", "Module Name": "Veritas NetBackup Cryptographic Module", "Module Type": "Software", "Validation Date": "03/20/201502/11/201604/22/201604/27/201606/24/202002/11/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2340.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2340", "module_name": "Veritas NetBackup Cryptographic Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "The Veritas NetBackup Cryptographic Module provides cryptographic functions for Veritas NetBackup.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2038", "Certificate Number": "2038", "Vendor Name": "SafeLogic Inc.", "Module Name": "CryptoComply for Server", "Module Type": "Software", "Validation Date": "11/15/201301/23/201402/20/201401/25/201602/05/201603/29/201807/24/202003/09/202105/25/202101/17/202304/16/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2038.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2038", "module_name": "CryptoComply for Server", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys.", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "SafeLogic's CryptoComply for Server is designed to provide FIPS 140-2 validated cryptographic functionality and is available for licensing.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1949", "Certificate Number": "1949", "Vendor Name": "Harris Corporation", "Module Name": "Harris AES Software Load Module", "Module Type": "Software", "Validation Date": "05/16/201305/17/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1949.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1949", "module_name": "Harris AES Software Load Module", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. When running on an operational environment listed on the certificate", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals.", "detail_available": true, "algorithms": [ "AES" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1938", "Certificate Number": "1938", "Vendor Name": "SafeLogic Inc.", "Module Name": "CryptoComply for Mobile", "Module Type": "Software", "Validation Date": "04/30/201311/08/201304/23/201401/25/201602/10/201603/29/201803/09/202104/20/202101/17/202304/18/2024", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1938.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1938", "module_name": "CryptoComply for Mobile", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys.", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "SafeLogic's CryptoComply for Mobile is designed to provide FIPS 140-2 validated cryptographic functionality and is available for licensing.", "detail_available": true, "algorithms": [ "AES", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "RSA", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1592", "Certificate Number": "1592", "Vendor Name": "L3Harris Technologies, Inc.", "Module Name": "Harris Unified Audio Card", "Module Type": "Hardware", "Validation Date": "08/22/201104/13/201607/20/201808/30/2021", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1592.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1592", "module_name": "Harris Unified Audio Card", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "8/29/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Hardware", "embodiment": "Multi-chip embedded", "description": "The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network.", "detail_available": true, "algorithms": [ "AES", "HMAC", "SHA", "SHS" ] }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1363", "Certificate Number": "1363", "Vendor Name": "Progress Software, Inc.", "Module Name": "MOVEit Crypto", "Module Type": "Software", "Validation Date": "07/12/201004/26/201604/27/201601/24/201801/30/202203/08/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1363.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1363", "module_name": "MOVEit Crypto", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "MOVEit Crypto is a compact and fast dynamically-linked library for Windows and Linux. It provides AES encryption, SHA-1 and SHA-2 hashing, and pseudo-random number generation. Both 32-bit and 64-bit versions are available for each operating system. MOVEit Crypto is a member of the MOVEit security and file transfer product family.", "detail_available": true }, { "Certificate Number_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/911", "Certificate Number": "911", "Vendor Name": "L3Harris Technologies, Inc.", "Module Name": "Harris Corporation Wireless Systems Cryptographic Library (SECLIB)", "Module Type": "Software", "Validation Date": "02/07/200807/02/201004/10/201504/27/201603/01/2022", "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp911.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/911", "module_name": "Harris Corporation Wireless Systems Cryptographic Library (SECLIB)", "standard": "FIPS 140-2", "status": "Active", "sunset_date": "9/21/2026", "overall_level": 1, "caveat": "When operated in FIPS mode", "module_type": "Software", "embodiment": "Multi-chip standalone", "description": "The L3Harris Technologies, Inc. Wireless Systems Cryptographic Library (SECLIB) is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements.", "detail_available": true } ] }