This page was not yet optimized for use on mobile
devices.
Forcepoint Next Generation Firewall for Desktop Appliances
Certificate #5276
Webpage information
| Status | active |
|---|---|
| Validation dates | 20.05.2026 |
| Sunset date | 19-05-2031 |
| Standard | FIPS 140-3 |
| Security level | 1 |
| Type | Hardware |
| Embodiment | MultiChipStand |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs |
| Exceptions |
|
| Description | The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network. |
| Vendor | Forcepoint |
| References | This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates. |
Security policy
Symmetric Algorithms
AES-256, AES, AES-, CAST, HMACAsymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA3-256, PBKDF, PBKDF2Schemes
MAC, Key AgreementProtocols
SSH, TLS, TLS v1.2, IKEv1, IKEv2, IKE, IPsec, VPNRandomness
DRBG, RBGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521Block cipher modes
CBC, GCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384Trusted Execution Environments
PSP, SSCSecurity level
Level 1Side-channel analysis
malfunctionStandards
FIPS 140-3, FIPS 140, FIPS186-5, FIPS 186-5, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS186-4, FIPS 186-4, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-56A, SP 800-135, SP 800-108, SP 800-132, NIST SP 800-133, NIST SP 800-57, SP 800-63B, SP 800-140F, PKCS 1, RFC7627, RFC 5288, RFC 4106, RFC 7296, ISO/IEC 19790:2012File metadata
| Author | Hawes, David J. (Fed) |
|---|---|
| Creation date | D:20260518085158-04'00' |
| Modification date | D:20260518085158-04'00' |
| Pages | 100 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 5276,
"dgst": "1d653df7edb962b6",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": []
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDH": {
"ECDH": 80
},
"ECDSA": {
"ECDSA": 212
}
},
"FF": {
"DH": {
"DH": 56,
"Diffie-Hellman": 10
}
},
"RSA": {
"RSA 2048": 2
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 35
},
"GCM": {
"GCM": 26
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 11
}
},
"crypto_protocol": {
"IKE": {
"IKE": 39,
"IKEv1": 8,
"IKEv2": 10
},
"IPsec": {
"IPsec": 46
},
"SSH": {
"SSH": 2
},
"TLS": {
"TLS": {
"TLS": 284,
"TLS v1.2": 8
}
},
"VPN": {
"VPN": 157
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 50
},
"MAC": {
"MAC": 44
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 24,
"P-256": 20,
"P-384": 8,
"P-521": 26
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"- PKCS 1": 1,
"AES-256": 4,
"DRBG 512": 2,
"HMAC-SHA-1": 16,
"PKCS 1": 1,
"RSA 2048": 2,
"SHA-1": 11,
"SHA2- 256": 4,
"SHA2- 512": 2,
"SHA2-224": 5,
"SHA2-256": 21,
"SHA2-384": 9,
"SHA2-512": 18,
"SHA3-256": 5
}
},
"fips_security_level": {
"Level": {
"Level 1": 4
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 9,
"PBKDF2": 2
},
"SHA": {
"SHA1": {
"SHA-1": 11
},
"SHA3": {
"SHA3-256": 5
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 93
},
"RNG": {
"RBG": 2
}
},
"side_channel_analysis": {
"FI": {
"malfunction": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140": 3,
"FIPS 140-3": 13,
"FIPS 180-4": 10,
"FIPS 186-4": 16,
"FIPS 186-5": 23,
"FIPS 198-1": 9,
"FIPS 202": 1,
"FIPS186-4": 3,
"FIPS186-5": 30
},
"ISO": {
"ISO/IEC 19790:2012": 1
},
"NIST": {
"NIST SP 800-133": 2,
"NIST SP 800-57": 1,
"SP 800-108": 1,
"SP 800-132": 6,
"SP 800-135": 3,
"SP 800-140F": 1,
"SP 800-38A": 3,
"SP 800-38D": 3,
"SP 800-38F": 4,
"SP 800-56A": 4,
"SP 800-63B": 1,
"SP 800-90A": 1
},
"PKCS": {
"PKCS 1": 1
},
"RFC": {
"RFC 4106": 1,
"RFC 5288": 1,
"RFC 7296": 1,
"RFC7627": 5
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 64,
"AES-": 6,
"AES-256": 4
},
"CAST": {
"CAST": 70
}
},
"constructions": {
"MAC": {
"HMAC": 79
}
}
},
"tee_name": {
"AMD": {
"PSP": 25
},
"IBM": {
"SSC": 64
}
},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 2,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Hawes, David J. (Fed)",
"/CreationDate": "D:20260518085158-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20260518085158-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 1443562,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.forcepoint.com/",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37036",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37160",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37403",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34775",
"https://support.forcepoint.com/Login"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 100
}
},
"state": {
"_type": "sec_certs.sample.fips.InternalState",
"module": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": null,
"txt_hash": null
},
"policy": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"json_hash": null,
"source_hash": "33b86e386f6405b12857747fbadeecb3b5ae42e079f4aef7337c58676ad38338",
"txt_hash": "7442cdd3aa2f5cf3e09fe1abc8d379ed63b37db145f8742646e9646822966dc0"
}
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2026_030626_0716.pdf",
"date_sunset": "2031-05-19",
"description": "The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.",
"embodiment": "MultiChipStand",
"exceptions": [
"Roles, services, and authentication: Level 2",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Forcepoint Next Generation Firewall for Desktop Appliances",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2026-05-20",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Initial"
}
],
"vendor": "Forcepoint",
"vendor_url": "http://www.forcepoint.com"
}
}