This page was not yet optimized for use on mobile devices.

Arista Crypto Module v3.0 [Software, Software IPsec, Web Portal]

Certificate #4791

Webpage information ?

Status	active
Validation dates	06.09.2024
Sunset date	05-09-2026
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions	Roles, services, and authentication: Level 2 Physical security: N/A Non-invasive security: N/A Mitigation of other attacks: N/A Documentation requirements: N/A Cryptographic module security policy: N/A
Description	This validation is for the library contained within the CloudVision Portal (CVP) products and all its related SKUs, which includes SS-CV-SWITCH-1M, SS-CV-SWITCH-1M-P, SS-CV-MOD-G-SWITCH-1M, SS-CV-G-SWITCH-1M, SS-CV-LT-SWITCH-1M, SS-CV-LT-MOD-G-SWITCH-1M, SS-CV-LT-G-SWITCH-1M, SS-CV-SWITCH-LAB-1M, SS-CV-ENT-1M, SS-CV-ENT-1M-P, SS-CV-T1-1M, SS-CV-T2-1M, SS-CV-LT-T1-1M, SS-CV-LT-T2-1M, SS-CV-G-T1-1M, SS-CV-G-T2-1M, SS-CV-LT-G-T1-1M, SS-CV-LT-G-T2-1M, SS-CV-MOD-G-T1-1M, SS-CV-MOD-G-T2-1M, SS-CV-LT-MOD-G-T1-1M, SS-CV-LT-MOD-G-T2-1M, SS-CV-ENT-1M-P, SS-CV-CG-SWITCH-1M, SS-CV-CG-T1-1M, SS-CV-CG-T2-1M, SS-CV-LT-CG-SWITCH-1M, SS-CV-LT-CG-T1-1M, SS-CV-LT-CG-T2-1M and any other future SKUs which use the validated library for the CloudVision Portal (CVP) product.
Tested configurations	CloudVision Portal 2023.2.0 on VMware ESXi 6.7.0 on CentOS 7 running on a Supermicro SYS-6029TP-HTR with Intel Xeon Gold 5218R with PAA CloudVision Portal 2023.2.0 on VMware ESXi 6.7.0 on CentOS 7 running on a Supermicro SYS-6029TP-HTR with Intel Xeon Gold 5218R without PAA
Vendor	Arista Networks, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms

AES, AES-, AES-256, CAST5, CAST, RC2, RC5, DES, Triple-DES, TDEA, IDEA, Blowfish, Camellia, SEED, HMAC, CMAC

Asymmetric Algorithms

RSA 2048, ECDHE, ECDH, ECDSA, ECC, Diffie-Hellman, DHE, DH, DSA

Hash functions

SHA-1, SHA256, SHA-256, MD4, MD5

Schemes

MAC, Key Exchange, Key Agreement, Key agreement

Protocols

SSH, TLS, TLS v1.2, TLS 1.2, TLS v1.0, TLS 1.0, DTLS, IKEv1, IKEv2, IKE, IPsec

Randomness

DRBG, RBG

Libraries

OpenSSL

Elliptic Curves

P-256, P-384, P-521, P-224, secp256r1, secp384r1, secp521r1

Block cipher modes

ECB, CBC, CTR, GCM, CCM, XTS

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_256_CCM, TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CCM_8, TLS_DHE_RSA_WITH_AES_256_CCM, TLS_DHE_RSA_WITH_AES_128_CCM_8, TLS_DHE_RSA_WITH_AES_128_CCM, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Trusted Execution Environments

SSC

Security level

Level 1, level 1

Standards

FIPS 140-3, FIPS PUB 140-3, FIPS186-4, FIPS 186-4, SP 800-140B, SP 800-135, SP 800-38D, SP 800-38F, SP 800-90B, SP 800-140E, SP 800-108, SP 800-90A, SP 800-56a, PKCS 1, PKCS#1, PKCS #1, RFC7627, RFC5288, RFC 7296, RFC 4106, RFC 4581, ISO/IEC 24759

File metadata

Creation date	D:20240718184307-04'00'
Modification date	D:20240718184307-04'00'
Pages	35
Creator	Microsoft® Word for Microsoft 365
Producer	Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

14.10.2024 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf.
09.09.2024 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4791,
  "dgst": "45797cfda8571046",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "Counter DRBGA4153",
        "RSA SigGen (FIPS186-4)A4153",
        "KAS-FFC-SSC Sp800-56Ar3A4153",
        "AES-CMACA4153",
        "AES-XTS Testing Revision 2.0A4153",
        "ECDSA SigGen (FIPS186-4)A4153",
        "HMAC-SHA2-256A4153",
        "KAS-ECC-SSC Sp800-56Ar3A4153",
        "AES-CBCA4153",
        "KDF TLSA4153",
        "AES-CFB8A4153",
        "ECDSA KeyVer (FIPS186-4)A4153",
        "ECDSA KeyGen (FIPS186-4)A4153",
        "HMAC-SHA2-224A4153",
        "AES-GCMA4153",
        "HMAC-SHA-1A4153",
        "TLS v1.2 KDF RFC7627A4153",
        "RSA KeyGen (FIPS186-4)A4153",
        "ECDSA SigVer (FIPS186-4)A4153",
        "SHA2-224A4153",
        "KDF IKEv2A4153",
        "Hash DRBGA4153",
        "KTS-IFCA4153",
        "KDF SSHA4153",
        "AES-ECBA4153",
        "AES-CFB1A4153",
        "AES-CFB128A4153",
        "AES-CCMA4153",
        "SHA2-512A4153",
        "KDF SP800-108A4153",
        "SHA-1A4153",
        "AES-CTRA4153",
        "SHA2-384A4153",
        "HMAC-SHA2-512A4153",
        "HMAC DRBGA4153",
        "RSA SigVer (FIPS186-4)A4153",
        "KDF IKEv1A4153",
        "HMAC-SHA2-384A4153",
        "SHA2-256A4153"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3.0"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 6,
            "ECDHE": 16
          },
          "ECDSA": {
            "ECDSA": 34
          }
        },
        "FF": {
          "DH": {
            "DH": 7,
            "DHE": 8,
            "Diffie-Hellman": 3
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 2
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 9
        },
        "XTS": {
          "XTS": 2
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 3
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 24,
          "IKEv1": 3,
          "IKEv2": 4
        },
        "IPsec": {
          "IPsec": 6
        },
        "SSH": {
          "SSH": 21
        },
        "TLS": {
          "DTLS": {
            "DTLS": 1
          },
          "TLS": {
            "TLS": 42,
            "TLS 1.0": 1,
            "TLS 1.2": 3,
            "TLS v1.0": 24,
            "TLS v1.2": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2,
          "Key agreement": 2
        },
        "KEX": {
          "Key Exchange": 4
        },
        "MAC": {
          "MAC": 4
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 4,
          "P-256": 12,
          "P-384": 12,
          "P-521": 12,
          "secp256r1": 1,
          "secp384r1": 1,
          "secp521r1": 1
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 192": 9,
          "AES 128, 256": 1,
          "AES-256": 1,
          "AES-GCM 256": 1,
          "DRBG 128": 1,
          "HMAC 112": 6,
          "HMAC SHA-1": 9,
          "HMAC-SHA-1": 2,
          "PKCS #1": 1,
          "PKCS 1": 6,
          "PKCS#1": 2,
          "RSA 2048": 1,
          "RSA PKCS #1": 1,
          "SHA-1": 20,
          "SHA-256": 2,
          "SHA2- 224": 4,
          "SHA2- 256": 3,
          "SHA2- 384": 2,
          "SHA2- 512": 1,
          "SHA2-224": 12,
          "SHA2-256": 21,
          "SHA2-384": 19,
          "SHA2-512": 17,
          "SHA256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2,
          "level 1": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 4
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 20
          },
          "SHA2": {
            "SHA-256": 2,
            "SHA256": 2
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 52
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 6,
          "FIPS 186-4": 2,
          "FIPS PUB 140-3": 1,
          "FIPS186-4": 8
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "SP 800-108": 1,
          "SP 800-135": 2,
          "SP 800-140B": 1,
          "SP 800-140E": 1,
          "SP 800-38D": 3,
          "SP 800-38F": 4,
          "SP 800-56a": 1,
          "SP 800-90A": 3,
          "SP 800-90B": 1
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS 1": 3,
          "PKCS#1": 1
        },
        "RFC": {
          "RFC 4106": 1,
          "RFC 4581": 1,
          "RFC 7296": 1,
          "RFC5288": 1,
          "RFC7627": 3
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 26,
            "AES-": 1,
            "AES-256": 1
          },
          "CAST": {
            "CAST": 27,
            "CAST5": 3
          },
          "RC": {
            "RC2": 3,
            "RC5": 3
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "Triple-DES": 4
          },
          "DES": {
            "DES": 3
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 39
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 3
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 3
          },
          "SEED": {
            "SEED": 3
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 9
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_128_CCM_8": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM": 1,
          "TLS_DHE_RSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20240718184307-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240718184307-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 674193,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 35
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "36e5b77c71849e2915d94b48c1b580cd9b778a314696a69bb277aedcec5c69fe",
    "policy_txt_hash": "62a660fb8ad14241e9475578ba214d229a4de4c79422cb58d58e78826b3d42ef"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2024_011024_0217.pdf",
    "date_sunset": "2026-09-05",
    "description": "This validation is for the library contained within the CloudVision Portal (CVP) products and all its related SKUs, which includes SS-CV-SWITCH-1M, SS-CV-SWITCH-1M-P, SS-CV-MOD-G-SWITCH-1M, SS-CV-G-SWITCH-1M, SS-CV-LT-SWITCH-1M, SS-CV-LT-MOD-G-SWITCH-1M, SS-CV-LT-G-SWITCH-1M, SS-CV-SWITCH-LAB-1M, SS-CV-ENT-1M, SS-CV-ENT-1M-P, SS-CV-T1-1M, SS-CV-T2-1M, SS-CV-LT-T1-1M, SS-CV-LT-T2-1M, SS-CV-G-T1-1M, SS-CV-G-T2-1M, SS-CV-LT-G-T1-1M, SS-CV-LT-G-T2-1M, SS-CV-MOD-G-T1-1M, SS-CV-MOD-G-T2-1M, SS-CV-LT-MOD-G-T1-1M, SS-CV-LT-MOD-G-T2-1M, SS-CV-ENT-1M-P, SS-CV-CG-SWITCH-1M, SS-CV-CG-T1-1M, SS-CV-CG-T2-1M, SS-CV-LT-CG-SWITCH-1M, SS-CV-LT-CG-T1-1M, SS-CV-LT-CG-T2-1M and any other future SKUs which use the validated library for the CloudVision Portal (CVP) product.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, services, and authentication: Level 2",
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Arista Crypto Module v3.0 [Software, Software IPsec, Web Portal]",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "3.0",
    "tested_conf": [
      "CloudVision Portal 2023.2.0 on VMware ESXi 6.7.0 on CentOS 7 running on a Supermicro SYS-6029TP-HTR with Intel Xeon Gold 5218R with PAA",
      "CloudVision Portal 2023.2.0 on VMware ESXi 6.7.0 on CentOS 7 running on a Supermicro SYS-6029TP-HTR with Intel Xeon Gold 5218R without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-09-06",
        "lab": "DEKRA Certification, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Arista Networks, Inc.",
    "vendor_url": "http://www.arista.com"
  }
}