Home / FIPS 140 / 34ac9f308cb2e1f6
Link Link by certificate ID Link by certificate name

SonicWall Capture Security Appliance (CSa) 1000

Certificate #4513

Webpage information ?

Status active
Validation dates 08.05.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 2
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Exceptions
  • Cryptographic Module Specification: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Description The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection™ (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization.
Version (Hardware) 101-500644-50 Rev A
Version (Firmware) 1.2
Vendor SonicWall
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms
AES, AES-256, HMAC, HMAC-SHA-256
Asymmetric Algorithms
RSA 4096, ECDHE, ECDSA, ECC
Hash functions
SHA-1, SHA-256
Schemes
Key Exchange, Key Agreement
Protocols
SSH, TLS, TLS 1.2
Randomness
DRBG, RNG
Libraries
OpenSSL
Elliptic Curves
P-224, B-571
Block cipher modes
ECB, CBC, GCM
TLS cipher suites
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Trusted Execution Environments
SSC

Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 180-4, SP 800-52, SP 800-90A, SP 800-90B, SP 900-90B, SP 800-135, PKCS1

File metadata

Title Security Policy Doc Draft
Author Svati
Creation date D:20230321145817-04'00'
Modification date D:20230321145817-04'00'
Pages 22
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 26.06.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf.
  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4513,
  "dgst": "34ac9f308cb2e1f6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KTS#A1906",
        "RSA#A1906",
        "KAS#A1906",
        "KASCert.#A1906",
        "KAS-SSC#A1906",
        "DRBG#A1906",
        "HMAC#A1906",
        "ECDSA#A1906",
        "SHS#A1906",
        "CVL#A1906",
        "AES#A1906"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDHE": 4
          },
          "ECDSA": {
            "ECDSA": 1
          }
        },
        "RSA": {
          "RSA 4096": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 6
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 2
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 4
        },
        "TLS": {
          "TLS": {
            "TLS": 47,
            "TLS 1.2": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 10
        },
        "KEX": {
          "Key Exchange": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-571": 5,
          "P-224": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 2,
          "#2": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "HMAC 160": 1,
          "HMAC 160, 256": 1,
          "HMAC SHA-1": 2,
          "HMAC SHA-256 128": 1,
          "HMAC-SHA- 256 160": 2,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 2,
          "PKCS1": 4,
          "RSA 4096": 1,
          "SHA- 256": 1,
          "SHA-1": 5,
          "SHA-256": 6
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA2": {
            "SHA-256": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 10
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 10,
          "FIPS 180-4": 1,
          "FIPS 186-4": 6,
          "FIPS 197": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-52": 1,
          "SP 800-90A": 1,
          "SP 800-90B": 1,
          "SP 900-90B": 1
        },
        "PKCS": {
          "PKCS1": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 8,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 7,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 4
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Svati",
      "/CreationDate": "D:20230321145817-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230321145817-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "Security Policy Doc Draft",
      "pdf_file_size_bytes": 496796,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-NISTSP800-133r2KeyRecommendationsforKeyGeneration",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-NISTreferences",
          "https://csrc.nist.gov/publications/detail/sp/800-90b/final",
          "https://blog.sonicwall.com/en-us/2020/08/bring-the-power-of-rtdmi-analysis-on-premises-with-csa-1000/",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPSValidationLists",
          "https://github.com/sonicwall/sonicwall-capture-api-python",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedKeyEstablishmentTechniques",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPSImplementationGuidanceforValidation",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedSecurityFunctionsAnnexA",
          "https://csrc.nist.gov/publications/detail/sp/800-135/rev-1/final",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedRandomNumberGeneratorsAnnexC",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34515"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 22
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "939824f22e88fd7113d316d22128f438684b84d21e908c86d8d9d9e53389352d",
    "policy_txt_hash": "7b66cfd520b19c3b4f3769a574693c8a8113350b3254ea8d2335322575efcbfb"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection\u2122 (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Cryptographic Module Specification: Level 3",
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "1.2",
    "historical_reason": null,
    "hw_versions": "101-500644-50 Rev A",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "SonicWall Capture Security Appliance (CSa) 1000",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-08",
        "lab": "DEKRA Testing and Certification S.A.U",
        "validation_type": "Initial"
      }
    ],
    "vendor": "SonicWall",
    "vendor_url": "http://www.sonicwall.com"
  }
}