This page was not yet optimized for use on mobile
devices.
CN6000 Series Encryptors
Certificate #4209
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-256, AES-, AES128, AES256, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-512, HMAC-SHA-384Asymmetric Algorithms
RSA 2048, RSA2048, RSA4096, ECDH, ECDHE, ECDSA, DH, Diffie-HellmanHash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA3, MD5Schemes
MAC, Key Exchange, Key AgreementProtocols
SSH, SSL, TLS, TLSv1.2, TLS 1.2Randomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-256, P-384, P-521, NIST P-256, NIST P-521Block cipher modes
ECB, CBC, CTR, CFB, GCMVendor
Thales SA, ThalesSecurity level
Level 3Side-channel analysis
physical probingCertification process
out of scope, loading of any other firmware version on the specified CN6000 Series Ethernet Encryption devices is out of scope of this FIPS 140-2 validation. This Security Policy contains only non-proprietary information. AnyStandards
FIPS 140-2, FIPS PUB 140-2, FIPS140-2, FIPS197, FIPS 186-4, NIST SP 800-108, SP 800-56C, SP 800-133, SP 800-90A, SP 800-56A, SP 800-108, NIST SP 800-90A, SP 800-52, NIST SP 800-38D, NIST SP 800-90B, SP 800-90B, PKCS#12, RFC 2459, RFC 5246, X.509File metadata
| Title | Microsoft Word - CN6040-CN6100-Public-Security-Policy_125_Co-branded.docx |
|---|---|
| Author | ben.king |
| Creation date | D:20220713101648+10'00' |
| Modification date | D:20220713101648+10'00' |
| Pages | 60 |
| Creator | PScript5.dll Version 5.2.2 |
| Producer | Acrobat Distiller 10.1.16 (Windows) |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4209,
"dgst": "625a9c770505e881",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES#A1567",
"AES#A1569",
"DRBG#A1583",
"SHA-3#A1583",
"AES#A1568",
"KTS-RSA#A1583",
"KBKDF#A1583",
"KAS#A1583",
"AES#A1583",
"CVL#A1583",
"ECDSA#A1583",
"HMAC#A1583",
"RSA#A1583",
"Triple-DES#A1583",
"KTS#A1583",
"SHS#A1583"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"5.2.1",
"5.2.0"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 44,
"ECDHE": 2
},
"ECDSA": {
"ECDSA": 41
}
},
"FF": {
"DH": {
"DH": 7,
"Diffie-Hellman": 9
}
},
"RSA": {
"RSA 2048": 2,
"RSA2048": 2,
"RSA4096": 2
}
},
"certification_process": {
"OutOfScope": {
"loading of any other firmware version on the specified CN6000 Series Ethernet Encryption devices is out of scope of this FIPS 140-2 validation. This Security Policy contains only non-proprietary information. Any": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CFB": {
"CFB": 12
},
"CTR": {
"CTR": 14
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 18
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 2
}
},
"crypto_protocol": {
"SSH": {
"SSH": 46
},
"TLS": {
"SSL": {
"SSL": 1
},
"TLS": {
"TLS": 81,
"TLS 1.2": 1,
"TLSv1.2": 1
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 9
},
"KEX": {
"Key Exchange": 22
},
"MAC": {
"MAC": 5
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"NIST P-256": 9,
"NIST P-521": 1,
"P-256": 67,
"P-384": 68,
"P-521": 77
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"Certificate7": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128": 3,
"AES 256": 1,
"AES- 256": 3,
"AES-128": 1,
"AES-256": 8,
"AES-CTR 128 and 256": 2,
"AES-GCM 128 and 256": 3,
"AES128": 2,
"AES256": 2,
"Certificate7 RSA": 1,
"HMAC SHA-1": 1,
"HMAC- SHA-256": 3,
"HMAC-SHA- 256": 2,
"HMAC-SHA-1": 2,
"HMAC-SHA-17": 2,
"HMAC-SHA-256": 20,
"HMAC-SHA-384": 10,
"HMAC-SHA-512": 8,
"HMAC-SHA256": 2,
"HMAC2": 2,
"PKCS#12": 4,
"RSA 2048": 2,
"RSA2048": 2,
"RSA4096": 2,
"SHA-1": 5,
"SHA-256": 20,
"SHA-384": 11,
"SHA-512": 8,
"SHA1/2": 1,
"SHA3": 1
}
},
"fips_security_level": {
"Level": {
"Level 3": 4
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"SHA": {
"SHA1": {
"SHA-1": 5
},
"SHA2": {
"SHA-256": 22,
"SHA-384": 10,
"SHA-512": 8
},
"SHA3": {
"SHA3": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 47
},
"RNG": {
"RNG": 4
}
},
"side_channel_analysis": {
"SCA": {
"physical probing": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-2": 22,
"FIPS 186-4": 2,
"FIPS PUB 140-2": 4,
"FIPS140-2": 3,
"FIPS197": 5
},
"NIST": {
"NIST SP 800-108": 2,
"NIST SP 800-38D": 3,
"NIST SP 800-90A": 1,
"NIST SP 800-90B": 1,
"SP 800-108": 6,
"SP 800-133": 28,
"SP 800-52": 1,
"SP 800-56A": 2,
"SP 800-56C": 2,
"SP 800-90A": 28,
"SP 800-90B": 1
},
"PKCS": {
"PKCS#12": 2
},
"RFC": {
"RFC 2459": 1,
"RFC 5246": 1
},
"X509": {
"X.509": 14
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 76,
"AES-": 3,
"AES-128": 1,
"AES-256": 8,
"AES128": 2,
"AES256": 2
}
},
"DES": {
"3DES": {
"Triple-DES": 8
},
"DES": {
"DES": 2
}
},
"constructions": {
"MAC": {
"HMAC": 34,
"HMAC-SHA-256": 10,
"HMAC-SHA-384": 5,
"HMAC-SHA-512": 4
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Thales": {
"Thales": 1,
"Thales SA": 3
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "ben.king",
"/CreationDate": "D:20220713101648+10\u002700\u0027",
"/Creator": "PScript5.dll Version 5.2.2",
"/ModDate": "D:20220713101648+10\u002700\u0027",
"/Producer": "Acrobat Distiller 10.1.16 (Windows)",
"/Title": "Microsoft Word - CN6040-CN6100-Public-Security-Policy_125_Co-branded.docx",
"pdf_file_size_bytes": 987870,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 60
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "8ee9e8b25e5a72ea767d76e5ea3202e4240c12244be691c4606b9038afb77bf9",
"policy_txt_hash": "26253bd6ac4b0ffc66ffd4c51639ac70feab3ffeb7a838ee55327361587c3f28"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/CMVP Certificates (FCVC) April 2022_020522_0649_mmsigned.pdf",
"date_sunset": "2026-09-21",
"description": "The CN6000 Series are high-speed hardware encryption platforms that secure data over optical and twisted-pair Ethernet networks. Models included are the CN6100 10G Ethernet; operating at a line rate of 10Gb/s and the CN6040 1G Ethernet; operating at a line rate of up to 1Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication. TRANSEC (aka Traffic Flow Security or TFS) can be used to remove patterns in network traffic and prevent traffic analysis.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": null,
"fw_versions": "5.2.0 and 5.2.1",
"historical_reason": null,
"hw_versions": "Senetas Corp. Ltd. CN6000 Series: A6040B (AC), A6041B (DC), A6042B (AC/DC), A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. \u0026 SafeNet Inc CN6000 Series: A6040B (AC), A6041B (DC), A6042B (AC/DC), A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. \u0026 Thales CN6000 Series: A6040B (AC), A6041B (DC), A6042B (AC/DC), A6100B (AC), A6101B (DC) and A6102B (AC/DC)",
"level": 3,
"mentioned_certs": {},
"module_name": "CN6000 Series Encryptors",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2022-04-29",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2022-07-19",
"lab": "Lightship Security, Inc.",
"validation_type": "Update"
}
],
"vendor": "Senetas Corporation Ltd., distributed by Thales SA (SafeNet)",
"vendor_url": "http://www.senetas.com"
}
}