This page was not yet optimized for use on mobile
devices.
NITROXIII CNN35XX-NFBE HSM Family
Certificate #3741
Webpage information
Security policy
Symmetric Algorithms
AES, AES-256, RC4, Triple-DES, HMAC, HMAC-SHA-256Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA-256, SHA-224, SHA-512, SHA256, MD5Schemes
MAC, Key agreement, Key AgreementProtocols
SSH, SSL, TLS, TLS 1.2Randomness
DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521, P-192, K-233, K-283, K-409, B-233, B-283, B-409, B-571, K-571, K-163, B-163Block cipher modes
ECB, CBC, CTR, GCMSecurity level
Level 3Standards
FIPS 140-2, FIPS 186-2, FIPS 186-4, FIPS PUB 186-4, FIPS PUB 140-2, SP 800-38D, SP 800-90A, SP 800-38F, SP 800-133, SP 800-56A, SP 800-56B, SP 800-108, SP 800-135, SP 800-52, SP 800-56, PKCS #1, PKCS#1, RFC 5288File metadata
| Creation date | D:20200928124538-04'00' |
|---|---|
| Modification date | D:20200928124538-04'00' |
| Pages | 40 |
References
Outgoing- 53 - historical - PERMIT/Gate 4520™ Cryptographic Module
Heuristics
No heuristics are available for this certificate.
References
Loading...
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3741,
"dgst": "66d0af18b66f5630",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA#2218",
"DSA#916",
"HMAC#1233",
"KTS#2242",
"RSA#1634",
"SHS#1780",
"AES#2035",
"Triple-DES#1311",
"ECDSA#589",
"AES#4104",
"CVL#167",
"HMAC#2019",
"AES#3206",
"SHS#2652",
"CVL#563",
"DRBG#680",
"AES#3205",
"Triple-DES#2242",
"AES#2033",
"AES#2034",
"KBKDF#65"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"2.04",
"2.0",
"2.05"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"3254"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"3254"
]
}
},
"module_prunned_references": {
"_type": "Set",
"elements": [
"3254"
]
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"53"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"53"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"53"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 17
},
"ECDH": {
"ECDH": 4
},
"ECDSA": {
"ECDSA": 6
}
},
"FF": {
"DH": {
"DH": 6,
"Diffie-Hellman": 1
},
"DSA": {
"DSA": 4
}
},
"RSA": {
"RSA 2048": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CTR": {
"CTR": 2
},
"ECB": {
"ECB": 8
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 2
},
"TLS": {
"SSL": {
"SSL": 9
},
"TLS": {
"TLS": 36,
"TLS 1.2": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1,
"Key agreement": 2
},
"MAC": {
"MAC": 4
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 1,
"B-233": 4,
"B-283": 4,
"B-409": 4,
"B-571": 4,
"K-163": 1,
"K-233": 4,
"K-283": 4,
"K-409": 4,
"K-571": 3,
"P-192": 2,
"P-224": 8,
"P-256": 8,
"P-384": 4,
"P-521": 10
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"# 3206": 1,
"#1": 3,
"#1233": 1,
"#1311": 1,
"#1634": 1,
"#167": 2,
"#1780": 1,
"#2": 1,
"#2019": 1,
"#2033": 1,
"#2034": 1,
"#2035": 1,
"#2218": 1,
"#2242": 2,
"#2652": 1,
"#3205": 1,
"#3206": 1,
"#4104": 1,
"#53": 1,
"#563": 2,
"#589": 1,
"#65": 1,
"#680": 2,
"#916": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128, 192": 2,
"AES 256": 2,
"AES-256": 2,
"CVL #167": 1,
"CVL #563": 1,
"DRBG (Cert. #680": 1,
"Diffie-Hellman (CVL #167": 1,
"HMAC SHA-1, 224": 1,
"HMAC SHA256": 1,
"HMAC-SHA-1, 224": 6,
"HMAC-SHA-256": 2,
"HMAC-SHA-256, 384": 2,
"PKCS #1": 6,
"PKCS#1": 1,
"RSA 2048": 3,
"RSA PKCS#1": 1,
"SHA-1": 5,
"SHA-1, 224": 6,
"SHA-224": 5,
"SHA-256": 3,
"SHA-512": 1,
"SHA256": 1
}
},
"fips_security_level": {
"Level": {
"Level 3": 7
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"SHA": {
"SHA1": {
"SHA-1": 11
},
"SHA2": {
"SHA-224": 5,
"SHA-256": 3,
"SHA-512": 1,
"SHA256": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 8
},
"RNG": {
"RNG": 4
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 7,
"FIPS 186-2": 1,
"FIPS 186-4": 1,
"FIPS PUB 140-2": 2,
"FIPS PUB 186-4": 1
},
"NIST": {
"SP 800-108": 1,
"SP 800-133": 5,
"SP 800-135": 1,
"SP 800-38D": 1,
"SP 800-38F": 9,
"SP 800-52": 1,
"SP 800-56": 1,
"SP 800-56A": 10,
"SP 800-56B": 9,
"SP 800-90A": 4
},
"PKCS": {
"PKCS #1": 3,
"PKCS#1": 1
},
"RFC": {
"RFC 5288": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 34,
"AES-256": 2
},
"RC": {
"RC4": 2
}
},
"DES": {
"3DES": {
"Triple-DES": 10
}
},
"constructions": {
"MAC": {
"HMAC": 19,
"HMAC-SHA-256": 2
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20200928124538-04\u002700\u0027",
"/ModDate": "D:20200928124538-04\u002700\u0027",
"pdf_file_size_bytes": 1316422,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://support.cavium.com/websilo/document/JmlfaWQ9OTQ3MCZwX2lkPTc0MAAA"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 40
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "4c1cecdafbf55aae766da3bd323de9f53336ecb7533c989f8715d9ad904d0934",
"policy_txt_hash": "2bad708ba4618548423f2face11ec59488802293efb24f0210df4fe134bfa52c"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and initialized and configured per Section 10 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security-relevant modification to Cert. #3254",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2020_021120_0702_signed.pdf",
"date_sunset": null,
"description": "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers.",
"embodiment": "Multi-Chip Embedded",
"exceptions": [
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "CNN35XX-NFBE-FW-2.04 build 48 [1, 2], CNN35XX-NFBE-FW-2.04 build 49 [1, 2], CNN35XX-NFBE-FW-2.04 build 50 [1, 2], CNN35XX-NFBE-FW-2.04 build 52 [1, 2], CNN35XX-NFBE-FW-2.04 build 53 [1, 2], CNN35XX-NFBE-FW-2.05 build 15 [1] and CNN35XX-NFBE-FW-2.05 build 18 [1]",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "P/Ns CNL3560P-NFBE-G [1], CNL3560-NFBE-G [1], CNL3530-NFBE-G [1], CNL3510-NFBE-G [1], CNL3510P-NFBE-G [1], CNN3560P-NFBE-G [1], CNN3560-NFBE-G [1], CNN3530-NFBE-G [1], CNN3510-NFBE-G [1], CNL3560P-NFBE-2.0-G [2], CNL3560-NFBE-2.0-G [2], CNL3530-NFBE-2.0-G [2], CNL3510-NFBE-2.0-G [2], CNL3510P-NFBE-2.0-G [2], CNL3560PB-NFBE-2.0-G [2], CNL3560B-NFBE-2.0-G [2], CNL3530B-NFBE-2.0-G [2], CNL3510B-NFBE-2.0-G [2], CNL3510PB-NFBE-2.0-G [2], CNN3510LP-NFBE-2.0-G [2] and CNN3510LPB-NFBE-2.0-G [2]",
"level": 3,
"mentioned_certs": {
"3254": 1
},
"module_name": "NITROXIII CNN35XX-NFBE HSM Family",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2020-10-30",
"lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
"validation_type": "Initial"
}
],
"vendor": "Marvell Semiconductor, Inc.",
"vendor_url": "http://www.marvell.com"
}
}