SSH Communications Security Cryptographic Module

Certificate #5020

Webpage information

Status active
Validation dates 23.05.2025
Sunset date 10-07-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat No assurance of the minimum strength of generated SSPs (e.g., keys).
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Life-cycle assurance: Level 3
Description The SSH Communications Security Cryptographic Module is a general-purpose cryptographic library incorporated into the PrivX Privileged Access Management systems and other SSH Communications Security products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.
Vendor SSH Communications Security, Oyj.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, CAST, HMAC, KMAC, CMAC
Asymmetric Algorithms
ECDSA, EdDSA, ECC, DHE, DSA
Hash functions
SHA2, SHA3, SHAKE128, SHAKE256, PBKDF
Schemes
MAC, Key agreement, Key Agreement, AEAD
Protocols
SSH, SSHv2, TLS v1.2, TLS v1.3, TLS 1.3, TLS, TLS 1.2
Randomness
DRBG, RBG
Libraries
OpenSSL
Block cipher modes
CTR, GCM, CCM

JavaCard API constants
ED25519, ED448
Trusted Execution Environments
PSP

Security level
Level 1
Side-channel analysis
timing attacks

Standards
FIPS 202, PKCS 1, RFC7627, RFC 5288, RFC 5647, RFC 8446, RFC8446, ISO/IEC 19790:2012

File metadata

Title Microsoft Word - SSH FIPS 140-3 Security Policy_Output_V1.0.docx
Author Rachel Shelby
Creation date D:20250122081601-08'00'
Modification date D:20250122081601-08'00'
Pages 40
Creator PScript5.dll Version 5.2.2
Producer Acrobat Distiller 24.0 (Windows)

References

Outgoing
  • 210 - historical - VPN 3000 Concentrator Series

Heuristics

No heuristics are available for this certificate.

References

Updates

  • 02.06.2025 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name SSH Communications Security Cryptographic Module was processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 5020,
  "dgst": "38fc95162021cc1a",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "210"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "100",
          "147",
          "210"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "210"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 8
          },
          "ECDSA": {
            "ECDSA": 23
          },
          "EdDSA": {
            "EdDSA": 4
          }
        },
        "FF": {
          "DH": {
            "DHE": 1
          },
          "DSA": {
            "DSA": 23
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 3
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 10
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 90,
          "SSHv2": 2
        },
        "TLS": {
          "TLS": {
            "TLS": 3,
            "TLS 1.2": 1,
            "TLS 1.3": 1,
            "TLS v1.2": 4,
            "TLS v1.3": 5
          }
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 17
        },
        "MAC": {
          "MAC": 16
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#210": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "PKCS 1": 4,
          "SHA2": 1,
          "SHA3": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 10
        },
        "SHA": {
          "SHA2": {
            "SHA2": 1
          },
          "SHA3": {
            "SHA3": 1
          }
        },
        "SHAKE": {
          "SHAKE128": 1,
          "SHAKE256": 1
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "ED25519": 4,
          "ED448": 4
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 37
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 202": 6
        },
        "ISO": {
          "ISO/IEC 19790:2012": 3
        },
        "PKCS": {
          "PKCS 1": 2
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 5647": 1,
          "RFC 8446": 1,
          "RFC7627": 4,
          "RFC8446": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 10
          },
          "CAST": {
            "CAST": 73
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 6,
            "HMAC": 19,
            "KMAC": 7
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 12
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Rachel Shelby",
      "/CreationDate": "D:20250122081601-08\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20250122081601-08\u002700\u0027",
      "/Producer": "Acrobat Distiller 24.0 (Windows)",
      "/Title": "Microsoft Word - SSH FIPS 140-3 Security Policy_Output_V1.0.docx",
      "pdf_file_size_bytes": 603106,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 40
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "59097f4fef18340a62782794310ac8e244d7e0d89f68fb853ea42d8d8eeb67d6",
    "policy_txt_hash": "c7d6faa692f9a36bb395f7ae1bb7dd73f41c371447ab2173a4981cc092652aed"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
    "certificate_pdf_url": null,
    "date_sunset": "2029-07-10",
    "description": "The SSH Communications Security Cryptographic Module is a general-purpose cryptographic library incorporated into the PrivX Privileged Access Management systems and other SSH Communications Security products to provide FIPS 140-3 validated cryptography for the protection of sensitive information.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Life-cycle assurance: Level 3"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "SSH Communications Security Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-05-23",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "SSH Communications Security, Oyj.",
    "vendor_url": "http://www.ssh.com"
  }
}