Forcepoint Next Generation Firewall for Desktop Appliances

Certificate #5276

Webpage information

Status active
Validation dates 20.05.2026
Sunset date 19-05-2031
Standard FIPS 140-3
Security level 1
Type Hardware
Embodiment MultiChipStand
Caveat When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs
Exceptions
  • Roles, services, and authentication: Level 2
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Description The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.
Vendor Forcepoint
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy

Symmetric Algorithms
AES-256, AES, AES-, CAST, HMAC
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH
Hash functions
SHA-1, SHA3-256, PBKDF, PBKDF2
Schemes
MAC, Key Agreement
Protocols
SSH, TLS, TLS v1.2, IKEv1, IKEv2, IKE, IPsec, VPN
Randomness
DRBG, RBG
Libraries
OpenSSL
Elliptic Curves
P-224, P-256, P-384, P-521
Block cipher modes
CBC, GCM
TLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Trusted Execution Environments
PSP, SSC

Security level
Level 1
Side-channel analysis
malfunction

Standards
FIPS 140-3, FIPS 140, FIPS186-5, FIPS 186-5, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS186-4, FIPS 186-4, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-56A, SP 800-135, SP 800-108, SP 800-132, NIST SP 800-133, NIST SP 800-57, SP 800-63B, SP 800-140F, PKCS 1, RFC7627, RFC 5288, RFC 4106, RFC 7296, ISO/IEC 19790:2012

File metadata

Author Hawes, David J. (Fed)
Creation date D:20260518085158-04'00'
Modification date D:20260518085158-04'00'
Pages 100
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates Feed

  • The certificate data changed.
  • The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 5276,
  "dgst": "1d653df7edb962b6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 80
          },
          "ECDSA": {
            "ECDSA": 212
          }
        },
        "FF": {
          "DH": {
            "DH": 56,
            "Diffie-Hellman": 10
          }
        },
        "RSA": {
          "RSA 2048": 2
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 35
        },
        "GCM": {
          "GCM": 26
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 11
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 39,
          "IKEv1": 8,
          "IKEv2": 10
        },
        "IPsec": {
          "IPsec": 46
        },
        "SSH": {
          "SSH": 2
        },
        "TLS": {
          "TLS": {
            "TLS": 284,
            "TLS v1.2": 8
          }
        },
        "VPN": {
          "VPN": 157
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 50
        },
        "MAC": {
          "MAC": 44
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 24,
          "P-256": 20,
          "P-384": 8,
          "P-521": 26
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "- PKCS 1": 1,
          "AES-256": 4,
          "DRBG 512": 2,
          "HMAC-SHA-1": 16,
          "PKCS 1": 1,
          "RSA 2048": 2,
          "SHA-1": 11,
          "SHA2- 256": 4,
          "SHA2- 512": 2,
          "SHA2-224": 5,
          "SHA2-256": 21,
          "SHA2-384": 9,
          "SHA2-512": 18,
          "SHA3-256": 5
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 9,
          "PBKDF2": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 11
          },
          "SHA3": {
            "SHA3-256": 5
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 93
        },
        "RNG": {
          "RBG": 2
        }
      },
      "side_channel_analysis": {
        "FI": {
          "malfunction": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140": 3,
          "FIPS 140-3": 13,
          "FIPS 180-4": 10,
          "FIPS 186-4": 16,
          "FIPS 186-5": 23,
          "FIPS 198-1": 9,
          "FIPS 202": 1,
          "FIPS186-4": 3,
          "FIPS186-5": 30
        },
        "ISO": {
          "ISO/IEC 19790:2012": 1
        },
        "NIST": {
          "NIST SP 800-133": 2,
          "NIST SP 800-57": 1,
          "SP 800-108": 1,
          "SP 800-132": 6,
          "SP 800-135": 3,
          "SP 800-140F": 1,
          "SP 800-38A": 3,
          "SP 800-38D": 3,
          "SP 800-38F": 4,
          "SP 800-56A": 4,
          "SP 800-63B": 1,
          "SP 800-90A": 1
        },
        "PKCS": {
          "PKCS 1": 1
        },
        "RFC": {
          "RFC 4106": 1,
          "RFC 5288": 1,
          "RFC 7296": 1,
          "RFC7627": 5
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 64,
            "AES-": 6,
            "AES-256": 4
          },
          "CAST": {
            "CAST": 70
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 79
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 25
        },
        "IBM": {
          "SSC": 64
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 2,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Hawes, David J. (Fed)",
      "/CreationDate": "D:20260518085158-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20260518085158-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 1443562,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.forcepoint.com/",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37036",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37160",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37403",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34775",
          "https://support.forcepoint.com/Login"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 100
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.InternalState",
    "module": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": null,
      "txt_hash": null
    },
    "policy": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "source_hash": "33b86e386f6405b12857747fbadeecb3b5ae42e079f4aef7337c58676ad38338",
      "txt_hash": "7442cdd3aa2f5cf3e09fe1abc8d379ed63b37db145f8742646e9646822966dc0"
    }
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2026_030626_0716.pdf",
    "date_sunset": "2031-05-19",
    "description": "The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.",
    "embodiment": "MultiChipStand",
    "exceptions": [
      "Roles, services, and authentication: Level 2",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Forcepoint Next Generation Firewall for Desktop Appliances",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2026-05-20",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Forcepoint",
    "vendor_url": "http://www.forcepoint.com"
  }
}