Citrix Systems, Inc.
Citrix ADC MPX
Hardware Models: 8905 FIPS, 8910 FIPS, 8920 FIPS, 15020-50G FIPS, 15030-
50G FIPS, 15040-50G FIPS, 15060-50G FIPS, 15080-50G FIPS, 15100-50G FIPS,
15120-50G FIPS
Firmware Version: 12.1.55.180
FIPS 140-2 Non-Proprietary Security Policy
FIPS Security Level: 2
Document Version: 0.2
Prepared for: Prepared by:
Citrix Systems, Inc. Corsec Security, Inc.
851 Cypress Creek Road 13921 Park Center Road, Suite 460
Fort Lauderdale, FL 33309 Herndon, VA 20171
United States of America United States of America
Phone: +1 954 267 3000 Phone: +1 703 267 6050
www.citrix.com www.corsec.com
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 2 of 54
Table of Contents
1. Introduction ..........................................................................................................................................4
1.1 Purpose.....................................................................................................................................................4
1.2 References................................................................................................................................................4
1.3 Document Organization ...........................................................................................................................4
2. Citrix ADC MPX ......................................................................................................................................5
2.1 Overview...................................................................................................................................................5
2.2 Module Specification................................................................................................................................8
2.2.1 Approved and Non-Approved Algorithms...................................................................................8
2.3 Module Interfaces ................................................................................................................................. 14
2.4 Roles and Services ................................................................................................................................. 17
2.4.1 Authorized Roles ...................................................................................................................... 17
2.4.2 Operator Services..................................................................................................................... 19
2.4.3 Additional Services ................................................................................................................... 25
2.5 Physical Security.................................................................................................................................... 27
2.6 Operational Environment...................................................................................................................... 28
2.7 Cryptographic Key Management........................................................................................................... 29
2.8 EMI / EMC.............................................................................................................................................. 39
2.9 Self-Tests ............................................................................................................................................... 39
2.9.1 Power-Up Self-Tests ................................................................................................................. 39
2.9.2 Conditional Self-Tests............................................................................................................... 40
2.9.3 Critical Functions Self-Tests...................................................................................................... 40
2.9.4 Self-Test Failures ...................................................................................................................... 40
2.10 Mitigation of Other Attacks................................................................................................................... 41
3. Secure Operation.................................................................................................................................43
3.1 Installation and Setup............................................................................................................................ 43
3.1.1 Initial Tamper-Evident Seal Inspection..................................................................................... 43
3.1.2 Installation................................................................................................................................ 45
3.1.3 General Configuration.............................................................................................................. 45
3.1.4 FIPS-Approved Mode Configuration and Status....................................................................... 46
3.2 Crypto Officer Guidance........................................................................................................................ 48
3.2.1 Management ............................................................................................................................ 48
3.2.2 On-Demand Self-Tests.............................................................................................................. 48
3.2.3 Zeroization................................................................................................................................ 48
3.2.4 Monitoring Status..................................................................................................................... 49
3.3 User Guidance ....................................................................................................................................... 49
3.4 Additional Guidance and Usage Policies ............................................................................................... 49
3.5 Non-FIPS-Approved Mode..................................................................................................................... 50
4. Acronyms ............................................................................................................................................51
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 3 of 54
List of Tables
Table 1 – Security Level per FIPS 140-2 Section.........................................................................................................7
Table 2 – Algorithm Certificate Numbers (Citrix ADC CP Cryptographic Library v4)..................................................8
Table 3 – Algorithm Certificate Numbers (Citrix ADC DP Cryptographic Library v4) .............................................. 11
Table 4 – Algorithm Certificate Numbers (Intel Communication chipset 8955 hardware cryptographic
accelerator) ............................................................................................................................................................. 12
Table 5 – CVL Certificate Numbers.......................................................................................................................... 13
Table 6 – Allowed Algorithm Implementations....................................................................................................... 14
Table 7 – Mapping of FIPS 140-2 Logical Interfaces to MPX Interfaces.................................................................. 16
Table 8 – LEDs and Status Indications ..................................................................................................................... 17
Table 9 – Mapping of Module Services to Roles, CSPs, and Type of Access ........................................................... 19
Table 10 – Additional Services................................................................................................................................. 26
Table 11 – Cryptographic Keys, Cryptographic Key Components, and CSPs........................................................... 29
Table 12 – Acronyms ............................................................................................................................................... 51
List of Figures
Figure 1 – Typical Citrix MPX Deployment .................................................................................................................6
Figure 2 –MPX 89xx FIPS Ports and Interfaces (Front Panel) .................................................................................. 14
Figure 3 –MPX 89xx FIPS Ports and Interfaces (Back Panel) ................................................................................... 15
Figure 4 –MPX 15xxx FIPS Ports and Interfaces (Front Panel) ................................................................................ 15
Figure 5 –MPX 15xxx FIPS Ports and Interfaces (Back Panel).................................................................................. 15
Figure 6 – Front Cover of the MPX 89xx FIPS.......................................................................................................... 43
Figure 7 – Front Cover of the MPX 15xxx FIPS ........................................................................................................ 43
Figure 8 – Back Panel of the MPX 89xx FIPS............................................................................................................ 44
Figure 9 – Back Panel of the MPX 15xxx FIPS.......................................................................................................... 44
Figure 10 – Back Left of the MPX 89xx FIPS ............................................................................................................ 44
Figure 11 – Back Right of the MPX 89xx FIPS .......................................................................................................... 44
Figure 12 - Back left of the MPX 15xxx FIPS ............................................................................................................ 45
Figure 13 - Back Right of the MPX 15xxx FIPS ......................................................................................................... 45
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 4 of 54
1. Introduction
1.1 Purpose
This is a non-proprietary Cryptographic Module Security Policy for the Citrix ADC MPX from Citrix Systems, Inc.
(hereafter referred to as Citrix). This Security Policy describes how the Citrix ADC MPX meets the security
requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S.1
and
Canadian government requirements for cryptographic modules. More information about the FIPS 140-2 standard
and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is
maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber
Security (CCCS).
This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy
was prepared as part of the Level 2 FIPS 140-2 validation of the module. The Citrix ADC MPX is referred to in this
document as “MPX” or “the module”.
1.2 References
This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2
cryptographic module security policy. More information is available on the module from the following sources:
• The Citrix website (https://www.citrix.com) contains information on the full line of products from Citrix.
• The search page on the CMVP website (https://csrc.nist.gov/Projects/cryptographic-module-validation-
program/Validated-Modules/Search) can be used to locate and obtain vendor contact information for
technical or sales-related questions about the module.
1.3 Document Organization
The Security Policy document is organized into two (2) primary sections. Section 2 provides an overview of the
validated module. This includes a general description of the capabilities and the use of cryptography, as well as a
presentation of the validation level achieved in each applicable functional area of the FIPS standard. It also
provides high-level descriptions of how the module meets FIPS requirements in each functional area. Section 3
documents the guidance needed for the secure use of the module, including initial setup instructions and
management methods and policies.
This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc.
under contract to Citrix. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission
Package is proprietary to Citrix and is releasable only under appropriate non-disclosure agreements. For access to
these documents, please contact Citrix.
1 U.S. – United States
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 5 of 54
2. Citrix ADC MPX
2.1 Overview
The MPX product line optimizes delivery of applications over the Internet and private networks. MPX is an
application delivery controller (ADC) that performs application-specific traffic analysis to intelligently distribute,
optimize, and secure L4-L72
network traffic for web-applications. All these capabilities are combined into a single,
integrated appliance for increased productivity, with lower overall total cost of ownership.
The hardware-based MPX appliances employ a multi-core processor design and are available in a wide range of
appliance configurations, from sub gigabit throughput to 50 Gbps3
. Each leverages a fully hardened and secure
operating system.
The MPX appliances are installed in the data center between the clients and the internal customer network. All
client requests and server responses pass through it. The internal customer network hosts all load balancing and
authentication services, such as LDAP, Kerberos, and SAML4
. Figure 1 below is an illustration of a typical Citrix
MPX deployment. The MPX features are enabled, and the configured policies are then applied to incoming and
outgoing traffic. All configuration and management is done at the workstation through the MPX web-based GUI5
,
REST6
ful Nitro API7
, and CLI8
interfaces. The GUI includes a configuration utility for configuring the appliance and
a statistical utility, called Dashboard.
2
L4-L7 – Layer 4 – Layer 7
3 Gbps – Gigabits per second
4 SAML – Security Assurance Markup Language
5 GUI – Graphical User Interface
6 REST – Representational State Transfer
7
API – Application Programming Interface
8 CLI – Command Line Interface
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 6 of 54
Client
Internet
Citrix MPX
Server 1
Server 2
Server 3
Authentication Services
LDAP
SAML/DFA/
Oauth/OpenID
Kerberos
Internal Customer
Network
Figure 1 – Typical Citrix MPX Deployment
The MPX feature set can be broadly categorized as consisting of switching features, security and protection
features, and server-farm optimization features:
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 7 of 54
• Switching features – When deployed in front of application servers, the MPX ensures optimal distribution
of traffic by the way in which it directs client requests. Administrators can segment application traffic
according to information in the body of an HTTP9
or TCP10
request, and on the basis of L4–L7 header
information such as URL11
, application data type, or cookie. Numerous load balancing algorithms and
extensive server health checks improve application availability by ensuring that client requests are
directed to the appropriate servers.
• Security and protection features – MPX security and protection features protect web applications from
Application Layer attacks. The MPX allows legitimate client requests and can block malicious requests. It
provides built-in defenses against denial-of-service (DoS) attacks and supports features that protect
against legitimate surges in application traffic that would otherwise overwhelm the servers. An available
built-in firewall protects web applications from Application Layer attacks, including buffer overflow
exploits, SQL12
injection attempts, cross-site scripting attacks, and more. In addition, the firewall provides
identity theft protection by securing confidential corporate information and sensitive customer data.
• Optimization features – Optimization features offload resource-intensive operations, such as SSL 13
processing, data compression, client keep-alive, TCP buffering, and the caching of static and dynamic
content from servers. This improves the performance of the servers in the server farm and therefore
speeds up applications. The MPX supports several transparent TCP optimizations, which mitigate
problems caused by high latency and congested network links, accelerating the delivery of applications
while requiring no configuration changes to clients or servers.
The MPX hardware platform consists of a Control Plane processing function (providing all configuration and
management processing functions) and one to seven Data Plane(s), which provide data packet processing
functions.
The MPX is validated at the FIPS 140-2 Section levels shown in Table 1.
Table 1 – Security Level per FIPS 140-2 Section
Section Section Title Level
1 Cryptographic Module Specification 2
2 Cryptographic Module Ports and Interfaces 2
3 Roles, Services, and Authentication 3
4 Finite State Model 2
5 Physical Security 2
6 Operational Environment N/A14
7 Cryptographic Key Management 2
8 EMI/EMC15 2
9
HTTP – Hypertext Transfer Protocol
10 TCP – Transmission Control Protocol
11 URL – Universal Resource Locator
12 SQL – Structured Query Language
13 SSL – Secure Sockets Layer
14
N/A – Not Applicable
15 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 8 of 54
Section Section Title Level
9 Self-tests 2
10 Design Assurance 2
11 Mitigation of Other Attacks 2
2.2 Module Specification
The MPX is a hardware module with a multiple-chip standalone embodiment. The overall security level of the
module is 2. The cryptographic boundary is defined by the physical enclosure of the MPX and includes all internal
hardware as well as the MPX v12.1.55.180 application firmware. The module includes an Intel® Xeon Processor
E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset. The module leverages the Intel® 8955 for
cryptographic algorithm acceleration.
The module includes the following cryptographic libraries that provide basic cryptographic functionalities and
support secure networking protocols:
• Citrix ADC CP16
Cryptographic Library v4 (based on OpenSSL FOM17
)
• Citrix ADC DP18
Cryptographic Library v4 (modified OpenSSL library developed by Citrix)
• Intel Communication chipset 8955 hardware cryptographic accelerator
2.2.1 Approved and Non-Approved Algorithms
Table 2 lists the FIPS-Approved algorithms implemented in the module’s Control Plane.
Table 2 – Algorithm Certificate Numbers (Citrix ADC CP Cryptographic Library v4)
Certificate
Number
Algorithm Standard Mode / Method
Key Lengths /
Curves / Moduli
Use
C1920 AES19 FIPS PUB 197 CBC20, CTR21 128, 192, 256 encryption/decryption
NIST SP 800-38D GCM22 128, 256 encryption/decryption
Vendor
Affirmation
CKG23 NIST SP24 800-133 - - key generation
C1920
CVL25 NIST SP 800-56Arev3 ECC CDH26 Primitive P-224, P-256, P-384,
P-521
Shared secret computation
per SP 800- 56Arev3 and Key
Derivation per SP 800-135
(Certs. #C1563 and #C1921)
16
CP – Control Plane
17 FOM – FIPS Object Module
18 DP – Data Plane
19 AES – Advance Encryption Standard
20
CBC – Cipher Block Chaining
21 CTR – Counter
22 GCM – Galois Counter Mode
23 CKG – Cryptographic Key Generation
24 SP – Special Publication
25
CVL – Component Validation Listing
26 ECC CDH – Elliptical Curve Cryptography Cofactor Diffie-Hellman
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 9 of 54
Certificate
Number
Algorithm Standard Mode / Method
Key Lengths /
Curves / Moduli
Use
Vendor
Affirmed
KAS-SSC NIST SP800-56Arev3 ECDH27 P-224, P-256, P-384,
P-521
Key Agreement
Scheme - shared secret
computation per SP 800-
56Arev3 and Key Derivation
per SP 800-135 (Certs.
#C1563 and #C1921)
Vendor
Affirmed
KAS-SSC NIST SP800-56Arev3 DH
(Groups 14, 15, 16, 17, and 18)
112 – 200-bits
security strength
(MODP-2048,
MODP-3027,
MODP-4096,
MODP-6144,
MODP-8192)
Key agreement scheme -
shared secret computation
(KAS-SSC) per SP 800-
56Arev3 and Key Derivation
per SP 800-135 (Certs.
#C1561, #C1563, and
#C1921)
FFC28 DH29 Primitive
C1920 DRBG30 NIST SP 800-90Arev1 CTR-based - deterministic random bit
generation
C1920 ECDSA31 FIPS PUB 186-4 KPG32 P-224, P-256, P-384,
P-521
key pair generation
SIG(gen), SIG(ver) P-224, P-256, P-384,
P-521
digital signature generation
and verification
C1920 RSA33 FIPS PUB 186-4 KeyGen9.31 2048, 3072 key pair generation
SigGenPKCS341.5 2048, 3072 digital signature generation
SigVerPKCS1.5 2048, 3072 digital signature verification
C1920 HMAC35 FIPS PUB 198-1 SHA36-1, SHA-256, SHA-384,
SHA-512
160, 256, 384, 512 message authentication
The cryptographic library
supports the truncation of HMAC
SHA-1 to 96 bits according to
NIST SP 800-107rev1.
C1920 SHS37 FIPS PUB 180-4 SHA-1, SHA-256, SHA-384, SHA-
512
- message digest
C1920 Triple-DES38 NIST SP 800-67 CBC Keying Option 1 encryption/decryption
Vendor
Affirmation
PBKDF39 NIST SP 800-132 Option 1a with HMAC SHA-1,
Option 1a with HMAC SHA-256
- password-based key
derivation
27 ECDH – Elliptic Curve Diffie-Hellman
28 FFC – Finite Field Cryptography
29
DH – Diffie-Hellman
30 DBRG – Deterministic Random Bit Generator
31 ECDSA – Elliptic Curve Digital Signature Algorithm
32 KPG – Key Pair Generation
33
RSA – Rivest Shamir Adleman
34 PKCS – Public Key Cryptography Standard
35 HMAC – (keyed-) Hashed Message Authentication Code
36 SHA – Secure Hash Algorithm
37 SHS – Secure Hash Standard
38
DES – Data Encryption Standard
39 PBKDF – Password-based Key Derivation Function 2
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 10 of 54
The vendor affirms the following cryptographic security methods implemented by the Citrix ADC CP Cryptographic
Library v4:
• NIST SP 800-132 - the module uses PBKDF option 1 for KEK40
and PEM41
:
o The PBKDF for KEK establishment takes an input salt that is 128 bits in length with a
password/passphrase containing at least 8 characters and produces a random value of 256 bits.
In addition, the function has an iteration count of 2,048. The underlying pseudorandom function
used in this derivation is HMAC SHA-256.
o The PBKDF for PEM key establishment takes an input salt that is 128 bits in length with a
password/passphrase containing at least 8 characters and produces a random value of 256 bits
for AES keys and 192-bits for Triple-DES keys. In addition, the function has an iteration count of
2,048. The underlying pseudorandom function used in this derivation is HMAC SHA-1.
o The keys derived from these PBKDF functions are only used for storage applications.
• NIST SP 800-133 - the module uses the FIPS-Approved counter-based DRBG specified in NIST SP 800-90A
Revision 1 to generate cryptographic keys. The resulting symmetric key or generated seed is an
unmodified output from the DRBG.
• Key agreement scheme (shared secret computation) per NIST SP800-56Arev3:
o The module implements the DH key agreement scheme in compliance with all applicable sections
of NIST SP 800-56Arev3 for use of Approved cryptographic methods, key pair owner/recipient
assurances, and key pair management. The implementation uses the dhEphem scheme found in
section 6.1.2.1 of NIST SP 800-56Arev3. The vendor affirms the shared secret computation. This
primitive is used by the dhHybrid1, dhEphem, dhHybridOneFlow, dhOneFlow and dhStatic
schemes found in section 6 of that recommendation. The module generates the ephemeral key
pairs that it owns using an Approved method in section 5.6.1.1 of NIST SP 800-56Arev3. The
module receives ephemeral public keys generated for use in the dhEphem scheme, the module’s
key agreement scheme implements only Approved key derivation functions found in NIST SP 800-
135rev1.
o The module also implements an ECC CDH shared secret computation for its ECDH key agreement
scheme. The shared secret computation is compliant with section 5.7.1.2 of NIST SP 800-56Arev3.
This primitive is used by the Full Unified Model, Ephemeral Unified Model, One-Pass Unified
Model, One-Pass Diffie-Hellman, and Static Unified Model schemes found in section 6 of that
recommendation.
Per IG 7.14, The module generates cryptographic keys whose strengths are modified by available entropy.
Table 3 lists the FIPS-Approved algorithms implemented in the module’s Data Plane.
40
KEK – Key Encryption Key
41 PEM – Privacy-Enhanced Mail
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 11 of 54
Table 3 – Algorithm Certificate Numbers (Citrix ADC DP Cryptographic Library v4)
Certificate
Number
Algorithm Standard Mode / Method
Key Lengths / Curves /
Moduli
Use
C1922 AES FIPS PUB 197 CBC 128, 192, 256 encryption/decryption
NIST SP 800-38D GCM 128, 256 encryption/decryption
Vendor
Affirmation
CKG NIST SP 800-133 - - key generation
C1922 CVL NIST SP 800-56Arev3 ECC CDH42 Primitive P-224, P-256, P-384, P-
521
Shared secret computation
per SP 800- 56Arev3 and
Key Derivation per SP 800-
135 (Cert. #C1922)
Vendor
Affirmed
KAS-SSC43 NIST SP 800-56Arev3 ECDH P-224, P-256, P-384, P-
521
Key Agreement
Scheme - shared secret
computation per SP 800-
56Arev3 and Key Derivation
per SP 800-135 (Cert.
#C1922)
C1922 DRBG NIST SP 800-90Arev1 Hash-based - deterministic random bit
generation
C1922 ECDSA FIPS PUB 186-4 SIG(gen), SIG(ver) P-224, P-256, P-384, P-
521
digital signature generation
and verification
C1922 RSA FIPS PUB 186-4 SigGenPKCS1.5 2048, 3072 digital signature generation
SigVerPKCS1.5 1024, 2048, 3072 digital signature verification
A607 SigGenPKCS1.5 4096 digital signature generation
SigVerPKCS1.5 4096 digital signature verification
C1922 HMAC FIPS PUB 198-1 SHA-1, SHA-224, SHA-
256, SHA-384, SHA-
512
160, 224, 256, 384, 512 message authentication
C1922 SHS FIPS PUB 180-4 SHA-1, SHA-224, SHA-
256, SHA-384, SHA-
512
- message digest
The vendor affirms the following cryptographic security method implemented by the Citrix ADC DP Cryptographic
Library v4:
• NIST SP 800-133 - the module uses the FIPS-Approved hash-based DRBG specified in NIST SP 800-90A
Revision 1 to generate cryptographic keys. The resulting symmetric key or generated seed is an
unmodified output from the DRBG.
• Key agreement scheme (shared secret computation) per NIST SP800-56Arev3:
o The module also implements an ECC CDH shared secret computation for its ECDH key agreement
scheme. The shared secret computation is compliant with section 5.7.1.2 of NIST SP 800-56Arev3.
This primitive is used by the Full Unified Model, Ephemeral Unified Model, One-Pass Unified
42
ECC CDH – Elliptic Curve Cryptography Cofactor Diffie-Hellman
43 KAS-SSC – Key Agreement Scheme – Shared Secret Computation
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 12 of 54
Model, One-Pass Diffie-Hellman, and Static Unified Model schemes found in section 6 of that
recommendation.
Per IG 7.14, The module generates cryptographic keys whose strengths are modified by available entropy.
Table 4 lists the FIPS-Approved algorithms implemented in the Intel 8955 Chipset.
Table 4 – Algorithm Certificate Numbers (Intel Communication chipset 8955 hardware cryptographic accelerator)
Certificate
Number
Algorithm Standard Mode / Method
Key Lengths / Curves /
Moduli
Use
C1565 AES FIPS PUB 197 CBC 128, 256 encryption/decryption
NIST SP 800-38D GCM 128, 256 encryption/decryption
Vendor
Affirmation
CKG NIST SP 800-133 - - key generation
C1565 CVL NIST SP 800-56Arev3 ECC CDH44 Primitive P-224, P-256, P-384, P-
521
Shared secret computation
per SP 800- 56Arev3 and
Key Derivation per SP 800-
135 (Cert. #C1565)
Vendor
Affirmed
KAS-SSC45 NIST SP 800-56Arev3 ECDH P-224, P-256, P-384, P-
521
Key Agreement
Scheme - shared secret
computation per SP 800-
56Arev3 and Key Derivation
per SP 800-135 (Cert.
#C1565)
C1565 ECDSA FIPS PUB 186-4 SIG(gen), SIG(ver) P-224, P-256, P-384, P-
521
digital signature generation
and verification
C1565 RSA FIPS PUB 186-4 SigGenPKCS1.5 2048, 3072 digital signature generation
SigVerPKCS1.5 1024, 2048, 3072 digital signature verification
A393 SigGenPKCS1.5 4096 digital signature generation
SigVerPKCS1.5 4096 digital signature verification
C1565 HMAC FIPS PUB 198-1 SHA-1, SHA-256, SHA-
384, SHA-512
160, 256, 384, 512 message authentication
C1565 SHS FIPS PUB 180-4 SHA-1, SHA-224, SHA-
256, SHA-384, SHA-
512
message digest
The vendor affirms the following cryptographic security method implemented by the Intel Communication chipset
8955 hardware cryptographic accelerator:
• Key agreement scheme (shared secret computation) per NIST SP800-56Arev3:
o The module also implements an ECC CDH shared secret computation for its ECDH key agreement
scheme. The shared secret computation is compliant with section 5.7.1.2 of NIST SP 800-56Arev3.
This primitive is used by the Full Unified Model, Ephemeral Unified Model, One-Pass Unified
44
ECC CDH – Elliptic Curve Cryptography Cofactor Diffie-Hellman
45 KAS-SSC – Key Agreement Scheme – Shared Secret Computation
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 13 of 54
Model, One-Pass Diffie-Hellman, and Static Unified Model schemes found in section 6 of that
recommendation.
In addition, the module includes several protocol libraries that implement FIPS-Approved KDFs46
. The IKE47
KDFs
are implemented by the Citrix ADC CP IKE KDF Library v2 (based on the Racoon2 protocol library), the SSH48
KDF
is implemented by the Citrix ADC CP SSH KDF Library v2 (based on the open source OpenSSH protocol library), and
the SNMP49
v3 KDF is implemented by the Citrix ADC CP SNMP KDF Library v2 (a modified version of the Net-SNMP
protocol library). These libraries all link to the Citrix ADC CP Cryptographic Library v4 for their cryptographic
operations.
There are multiple TLS50 KDF implementations supported by the module. One is implemented by the Citrix ADC CP
TLS KDF Library v4 (based on the OpenSSL libssl protocol library) and uses the Citrix ADC CP Cryptographic Library
v4 for its cryptographic operations. A second is implemented by the Citrix ADC DP Cryptographic Library v4. A third
TLS KDF is implemented in the Intel Communication chipset 8955 hardware cryptographic accelerator.
The module implements the FIPS-Approved KDFs listed in Table 5 below.
Table 5 – CVL Certificate Numbers
Certificate
Number
Algorithm Specification Mode / Method
Key Lengths /
Curves / Moduli
Use Library
C1561
CVL
IKEv1/v2
NIST SP 800-
135rev1
- - key derivation
Citrix ADC CP IKE KDF
Library v2
C1562
CVL
SNMPv3 KDF
NIST SP 800-
135rev1
- - key derivation
Citrix ADC CP SNMP
KDF Library v2
C1563
CVL
SSH KDF
NIST SP 800-
135rev1
- - key derivation
Citrix ADC CP SSH
KDF Library v2
C1921
CVL TLS
v1.0/1.1/1.2
NIST SP 800-
135rev1
- - key derivation
Citrix ADC CP TLS KDF
Library v4
C1922
CVL TLS
v1.0./1.1/1.2
NIST SP 800-
135rev1
- - Key derivation
Citrix ADC DP
Cryptographic Library
v4
C1565
CVL TLS
v1.0/1.1/1.2
NIST SP 800-
135rev1
- - Key derivation
Intel Communication
chipset 8955
hardware
cryptographic
accelerator
Note: No parts of the SNMP, SSH, IKE, and TLS protocols, other than the KDFs, have been tested by the CAVP51.
The algorithm implementations shown in Table 6 below are allowed for use in a FIPS-Approved mode of operation.
46 KDF – Key Derivation Function
47 IKE – Internet Key Exchange
48 SSH – Secure Shell
49 SNMP – Simple Network Management Protocol
50
TLS – Transport Layer Security
51 CAVP – Cryptographic Algorithm Validation Program
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 14 of 54
Table 6 – Allowed Algorithm Implementations
Algorithm Caveat Use
RSA
key establishment methodology provides 112
or 128 bits of encryption strength
key transport
(Citrix ADC CP Cryptographic Library v4)
key establishment methodology provides 112
or 128 bits of encryption strength
key transport
(Citrix ADC DP Cryptographic Library v4)
key establishment methodology provides 112
or 128 bits of encryption strength
key transport
(Intel Communication chipset 8955 hardware
cryptographic accelerator)
MD552 - hashing passwords
NDRNG53
(FreeBSD
/dev/random)
- seeding for the control plane DRBG
NDRNG (Intel
RDRAND)
-
seeding for data plane hardware and firmware
DRBG
2.3 Module Interfaces
The MPX 89xx FIPS model is illustrated in Figure 2 and Figure 3 below.
Figure 2 –MPX 89xx FIPS Ports and Interfaces (Front Panel)
52
MD5 – Message Digest 5
53 NDRNG – Non-Deterministic Random Number Generator
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 15 of 54
Figure 3 –MPX 89xx FIPS Ports and Interfaces (Back Panel)
The MPX 15xxx-50G model is illustrated in Figure 4 and Figure 5 below.
Figure 4 –MPX 15xxx FIPS Ports and Interfaces (Front Panel)
Figure 5 –MPX 15xxx FIPS Ports and Interfaces (Back Panel)
The physical interfaces for the MPX are mapped to the FIPS 140-2 logical interfaces in Table 7 below.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 16 of 54
Table 7 – Mapping of FIPS 140-2 Logical Interfaces to MPX Interfaces
Physical Port/Interface
Quantity
Location Direction
FIPS 140-2
Interface
MPX
89xx
FIPS
MPX
15xxx
FIPS
RS-232 serial port 1 1 Front panel
Serial console port used as a connection
between the appliance and a computer,
allowing direct access to the appliance for
initial configuration or troubleshooting
• Control in
• Status out
10/100/1000Base-T
copper RJ45 Ethernet
port
1 1 Front panel
Ethernet LOM54 port used to remotely monitor
and manage the appliance independently of
the Citrix ADC firmware
• Control in
• Status out
10/100/1000Base-T
copper RJ45 Ethernet
port
1 2 Front panel
Ethernet Management ports used to connect
directly to the appliance for Citrix ADC
administration functions
• Control in
• Status out
10/100/1000Base-T
copper RJ45 Ethernet
port
6 - Front panel Ethernet data ports
• Data in
• Data out
• Control in
• Status out
10G SFP+55 Ethernet
port**
4 8 Front panel Ethernet data ports (fiber)
• Data in
• Data out
50G Ethernet port - 4 Front panel Ethernet data ports
• Data in
• Data out
• Control in
• Status out
LCD Keypad 1 1 Front panel • Control in
LCD 1 1 Front panel • Status out
Disable Alarm button 1 1 Back panel
Button used to stop the power alarm from
sounding
• Control in
NMI56 button 1 1 Back panel
Button used (at the request of Citrix Technical
Support) to initiate a core dump
• Control in
Power switch 1 1 Back panel
Switch used to turn power to the appliance on
or off
• Power in
*The Disable Alarm button is functional only if a second power supply is installed.
**1G copper transceivers are supported in 10G slots; 1G fiber transceivers are not supported.
54 LOM – Lights Out Management
55
SFP+ – Small Form Factor Pluggable Plus
56 NMI – Non-Maskable Interrupt
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 17 of 54
The module employs LEDs to provide status indications for several of the physical ports specified above. Table 8
below lists the module’s LEDs and the indications they provide. Note that the list is applicable to both the MPX
89xx FIPS and MPX 15xxx FIPS models.
Table 8 – LEDs and Status Indications
LED Type LED Function Description
FIPS 140-2
Logical
Interface
RJ45 Ethernet port
LEDs
Speed
• OFF: no connection
• GREEN: traffic rate of 100 Mbps
• AMBER: traffic rate of 1 Gbps
• Status out
Link/activity
• OFF: no link
• BLINKING GREEN: link is established; traffic is passing thru the port
• Status out
10G SFP+ Ethernet
port LEDs
Speed
• OFF: no connection
• BLUE: traffic rate of 10 Gbps
• Status out
Link/activity
• OFF: no link
• GREEN: link is established; no traffic is passing thru the port
• BLINKING GREEN: link is established; traffic is passing thru the port
• Status out
Power supply LED Status
• OFF: no power to any power supply in the appliance
• FLASHING RED: no power to this power supply
• RED: power supply failure
• FLASHING GREEN: power supply is in standby mode
• GREEN: power supply is functional
• [on the 15xxx-50G] FLASHING RED and GREEN: Warning
(OVP/UVP/OCP/OTP/Fan); OVP = Over Voltage Protection; UVP =
Under Voltage Protection; OCP = Over Current Protection; OTP =
Over Temperature Protection
• Status out
2.4 Roles and Services
The sections below describe the module’s roles and services and define any authentication methods employed.
2.4.1 Authorized Roles
An operator authenticates to the module with a unique username and password. These credentials are used to
identify the operator and determine their given role. Each role determines the functionality available to the
operator within the module. As required by FIPS 140-2, the module supports two roles that operators may assume:
• Crypto Officer (CO) – The CO role performs administrative services on the module, such as initialization,
configuration, and monitoring of the module. The CO role includes the privileges listed under the read-
only, operator, network, and sysadmin MPX command policies.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 18 of 54
• User – Users can view the current status of the module and employ the services of the module (including
IPsec57
, TLS, SSH, and SNMPv3 services). The User role includes the privileges listed under the read-only
MPX command policy.
Operators authenticate to the module using a username and password. Password complexities can be configured
by an operator with the Crypto Officer role. All operators are required to follow the complex password restrictions.
The password must contain:
• Between 4 and 127 characters
• At least one lowercase letter
• At least one uppercase letter
• At least one digit
• At least one special character (~, `, !, @, #, $, %, ^, &, *, -, _, =, +, {, }, [, ], |, \, :, <, >, /, ., ,, " ")
The minimum length of the password is eight characters, with 90 different case-sensitive alphanumeric characters
and symbols possible for usage. The chance of a random attempt falsely succeeding is:
• =1 per 908
possible passwords
• =1 per 4.3x1015
which is a lesser probability than 1 per 1,000,000 as required by FIPS 140-2.
For more information on the MPX command policies, refer to the Configuring users, user groups, and command
policies webpage on Citrix’s online product documentation portal.
Operators can also authenticate to the module through certificates associated with the selected protocol. The
module supports RSA digital certificate authentication of users during Web GUI/HTTPS (TLS) access. Using
conservative estimates and equating a 2048-bit RSA key to a 112-bit symmetric key, the probability for a random
attempt to succeed is:
• =1 per 2112
• =1 per 5.19 x 1033
which is a lesser probability than 1 per 1,000,000 as required by FIPS 140-2.
The fastest network connection supported by the module is 1000 Mbps . At most (1x109
bits/second × 60 seconds)
= 6x1010
= 60,000,000,000 bits of data can be transmitted in one minute. The minimum password is 64 bits (8 bits
per character x 8 characters), meaning 9.375x108
passwords can be passed to the module (assuming there is no
overhead). This equates to a 1:4,591,650 chance of a random attempt will succeed, or a false acceptance will occur
in a one-minute period, which is less than the required probability.
Given that there can be 60,000,000,000 bits of data transmitted to the module in one minute and that a certificate
contains a 2048-bit RSA key, then at most 60,000,000,000 / 2048 or 2.93x107
certificates can be passed to the
module in a one-minute period (assuming there is no overhead), meaning if one key has a 1:5.19x1033
chance of
57 IPsec – Internet Protocol Security
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 19 of 54
succeeding then in a one minute period there is a 2.93x107
:5.19x1033
, or 1:1.77x1026
chance of a random attempt
succeeding, which is less than the required probability.
2.4.2 Operator Services
Descriptions of the services available to the CO role and User role are provided in Table 9 below. Please note that
the keys and Critical Security Parameters (CSPs) listed in the table indicate the type of access required using the
following notation:
• R – Read: The CSP is read.
• W – Write: The CSP is established, generated, or modified.
• X – Execute: The CSP is used within an Approved or Allowed security function or authentication
mechanism.
• Z – Zeroized: The CSP is deleted.
Table 9 – Mapping of Module Services to Roles, CSPs, and Type of Access58
Service
Operator
Description Input Output CSP and Type of Access
CO User
Perform initial
network
configuration
✓ Set up initial network
configuration and MPX
licenses
Command and
parameters
Command
response/
status output
None
Create KEK ✓ Create system master
key
Command Status output KEK Passphrase – R/X
KEK – W
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
View system
information
✓ View system info and
statistics; view/end
system sessions
Command Status output None
58 For commands and parameters related to the listed services, refer to the Citrix ADC 12.1 webpage on Citrix’s online product documentation portal .
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 20 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Reboot ✓ Reboot the module Command Status output PEM Passphrase – Z
PEM Key – Z
AES GCM Key – Z
AES GCM IV – Z
DH/ECDH/RSA Private Key Component – Z
DH/ECDH/RSA Public Key Component – Z
SSH Shared Secret – Z
SSH Session Key – Z
SSH Authentication Key – Z
IKE/IPsec Shared Secret – Z
IKE/IPsec Session Key – Z
IKE/IPsec Authentication Key – Z
TLS Pre-Master Secret – Z
TLS Master Secret – Z
TLS Session Key – Z
TLS Authentication Key – Z
TLS Ticket Encryption Key – Z
TLS Authentication Key – Z
Hash DRBG Entropy – Z
Hash DRBG Seed – Z
Hash DRBG “V” Value” – Z
Hash DRBG “C” Value – Z
CTR DRBG Entropy – Z
CTR DRBG Seed – Z
CTR DRBG “V” Value – Z
CTR DRBG “Key” Value – Z
SNMPv3 Private Key – Z
SNMPv3 Authentication Key - Z
Configure
system settings
✓ Configure modes and
features, system settings,
and cloud parameters
Command and
parameters
Command
response/
status output
AES Key – W
KEK – X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
Configure HA59 ✓ Configure HA nodes,
route monitors, failover
interface set
Command and
parameters
Status output None
Manage NTP60
servers
✓ Add, edit, delete NTP
servers; configure NTP
parameters and
synchronization state
Command Status output None
Configure
system profiles
✓ Add, edit, delete system
profiles
Command and
parameters
Command
response/
status output
TLS Master Secret – R/W/X
TLS Ticket Encryption Key – R/W
TLS Ticket Authentication Key – R/W
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
KEK – X
59
HA – High Availability
60 NTP – Network Time Protocol
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 21 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Manage users ✓ Add, edit delete users,
groups, and command
policies; view user/group
partition bindings
Command Status output None
Configure
system auditing
✓ Add, edit, delete
syslog/nslog auditing
policies and servers; bind
classic/advanced global
policies
Command and
parameters
Command
response/
status output
None
View audit logs ✓ View authentication,
system, and event logs
Command Status output None
Configure
network settings
✓ Configure network
routing protocols
Command and
parameters
Command
response/
status output
ZebOS Router Password – R/W
KEK – X
Exchange
routing
information
✓ Exchange routing update
information using ZebOS,
authenticate source of
packets
Command Status output ZebOS Router Password – X
KEK – X
Configure SSH ✓ Configure SSH
authentication settings;
generate SSH keys
Command and
parameters
Command
response/
status output
SSH Private Key – W/X
SSH Public Key – W
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
Establish SSH
sessions
✓ ✓ Establish an SSH session Command Status output SSH Public Key – R/X
DH Private Key Component – W/X
DH Public Key Component – R/X
ECDH Private Key Component – W/X
ECDH Public Key Component – R/X
SSH Shared Secret – W/X
SSH Session Key – W/X
SSH Authentication Key – W/X
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
Configure
CloudBridge
✓ Configure IPsec profile;
configure CloudBridge
Connector settings,
network bridges, and IP
tunnels; view IP tunnel
details
Command and
parameters
Command
response/
status output
IKE/IPsec PSK61 – R/W
KEK – X
61 PSK – Pre-shared Key
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 22 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Configure
clustering
✓ Configure an appliance
to either be the cluster
coordinator or a node in
the cluster
Command and
parameters
Command
response/
status output
Cluster Password – R/W
Establish IPsec
session
✓ ✓ Establish an IPsec Session Command Status output DH Private Key Component – W/X
DH Public Key Component – R/X
IKE/IPsec Shared Secret – W/X
IKE/IPsec PSK – X
KEK – X
IKE/IPsec Session Key – W/X
IKE/IPsec Authentication Key – W/X
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
Backup and
restore
✓ Backup/import system
configuration files;
download and delete
backup files; restore
Command Status output None
Manage
encryption keys
✓ Add, edit, delete
encryption keys
Command Status output AES Key – R/W
KEK – X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
Manage HMAC
keys
✓ Add, edit, delete HMAC
keys
Command Status output HMAC Key – R/W
KEK – X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 23 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Configure traffic
management
✓ Configure TLS; Configure
load balancing, priority
load balancing, content
switching, and cache
redirection settings,
DNS62, GSLB63,
Subscriber, service
chaining, and user
protocol settings
Command and
parameters
Command
response/
status output
CA64 Public Key – R/W/X
TLS Private Key – R/W/X
TLS Public Key – R/W
Private DNS KSK65 – R/W/X
Public DNS KSK – R/W
Private DNS ZSK66 – R/W/X
Public DNS ZSK – R/W
SSH Private Key – R/W/X
SSH Public Key – R/W/X
PEM Passphrase – R/W/X
PEM Key – W/X
KEK – X
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
Establish TLS
session
✓ ✓ Establish a web session
using TLS protocol
Command Status output TLS Public Key – R/X
DH Private Key Component – W/X
DH Public Key Component – R/X
ECDH Private Key Component – W/X
ECDH Public Key Component – R/X
RSA Private Key Component – W/X
RSA Public Key Component – R/X
TLS Premaster Secret – R/W/X
TLS Master Secret – W/X
TLS Session Key – W/X
TLS Authentication Key – W/X
AES GCM IV67 – W/X
AES GCM Key – W/X
PEM Passphrase – R/X
PEM Key – W/X
KEK – X
CTR DRBG Entropy – R/X
CTR DRBG Seed – R/W/X
CTR DRBG 'V' Value – R/W/X
CTR DRBG 'Key' Value – R/W/X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
62 DNS – Domain Name System
63 GSLB – Global Server Load Balancing
64 CA – Certificate Authority
65 KSK – Key Signing Key
66
ZSK – Zone Signing Key
67 IV – Initialization Vector
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 24 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Resume TLS
session
✓ ✓ Resume a web session
using TLS protocol
Command Status output TLS Ticket Encryption Key – R/W/X
TLS Ticket Authentication Key – R/W/X
TLS Session Key – R/X
TLS Authentication Key – R/X
AES GCM IV – W/X
AES GCM Key – W/X
KEK – X
Hash DRBG Entropy – R/X
Hash DRBG Seed – R/W/X
Hash DRBG 'V' Value – R/W/X
Hash DRBG 'C' Value – R/W/X
Apply data
policies
✓ Apply data policies to
user data in transit
(according to
configuration)
Command Status output AES Key – X
HMAC Key – X
KEK – X
Configure
security
✓ Configure DNS security
profiles, application
firewall profiles and
policies, reputation
settings, protection
features, and content
inspection policies
Command and
parameters
Command
response/
status output
None
Configure Citrix
ADC Gateway
✓ Configure Gateway
global settings, virtual
servers, portal themes,
AAA68 groups and users,
policies, and resources
Command and
parameters
Command
response/
status output
RDP69 PSK – W
KEK – X
Establish Citrix
ADC Gateway
connection
✓ Establish Gateway
connection based on
global settings
Command and
parameters
Command
response/
status output
RDP70 PSK – R/X
KEK – X
Configure
external servers
for system, AAA,
and Gateway
authentication
✓ Configure LDAP71, Oauth,
OpenID, DFA72, Kerberos,
and SAML73 servers to be
used in system, AAA, or
Gateway authentication
Command and
parameters
Command
response/
status output
LDAP Admin Password – R/W
Oauth Client Secret – R/W
DFA Shared Secret – R/W
Kerberos CA Public Key – R/W
Kerberos User Public Key – R/W
Kerberos User Private Key – R/W
KEK – X
68 AAA – Authentication, Authorization, Accounting
69 RDP – Remote Desktop Protocol
70 RDP – Remote Desktop Protocol
71 LDAP – Lightweight Directory Access Protocol
72
DFA – Delegated Form Authentication
73 SAML – Security Assertion Markup Language
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 25 of 54
Service
Operator
Description Input Output CSP and Type of Access
CO User
Perform
Kerberos
functions
✓ ✓ Establish Kerberos
session; Access Kerberos
service; Perform
Kerberos negotiation
Command Status Output Kerberos CA Public Key – W/X
Kerberos User Public Key – W
Kerberos User Private Key – X
Kerberos Server Public Key - W
Kerberos DH Public Key – R/W/X
Kerberos DH Private Key – R/W/X
Kerberos Secret Key – W/X
Kerberos Client/TGS74 Session Key – R/X
Kerberos Client/Server Session Key – W, X
Configure
SNMPv3
✓ Configure SNMP
communities, traps,
managers, views, groups,
users, alarms, and engine
ID75; view SNMP OIDs76
Command and
parameters
Command
response/
status output
SNMPv3 Authentication Passphrase – R/W
SNMPv3 Privacy Passphrase – R/W
KEK – X
SNMPv3 traps ✓ ✓ Provides system
condition information
None Status Output SNMPv3 Authentication Passphrase – X
SNMPv3 Privacy Passphrase – X
SNMPv3 Privacy Key – W/X
SNMPv3 Authentication Key – W/X
Show status ✓ ✓ Show the system status Command Status output None
Zeroize KEK ✓ Zeroize KEK Command Status output KEK – W
Zeroize SSH
private keys
✓ Zeroize SSH private keys Command Status output SSH Private Key – W
2.4.3 Additional Services
The module provides a limited number of services for which the operator is not required to assume an authorized
role. Table 10 lists the services for which the operator is not required to assume an authorized role. None of these
services disclose or substitute cryptographic keys and CSPs or otherwise affect the security of the module.
74 TGS – Ticket Granting Service
75
ID – Identifier
76 OID – Object Identifier
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 26 of 54
Table 10 – Additional Services77
Service Description Input Output CSP and Type of Access
Zeroize Zeroize keys and CSPs Power cycle Status output
PEM Passphrase – Z
PEM Key – Z
AES GCM Key – Z
AES GCM IV – Z
DH/ECDH/RSA Private Key
Component – Z
DH/ECDH/RSA Public Key
Component – Z
SSH Shared Secret – Z
SSH Session Key – Z
SSH Authentication Key – Z
IKE/IPsec Shared Secret – Z
IKE/IPsec Session Key – Z
IKE/IPsec Authentication Key – Z
TLS Pre-Master Secret – Z
TLS Master Secret – Z
TLS Session Key – Z
TLS Authentication Key – Z
TLS Ticket Encryption Key – Z
TLS Authentication Key – Z
Hash DRBG Entropy – Z
Hash DRBG Seed – Z
Hash DRBG “V” Value” – Z
Hash DRBG “C” Value – Z
CTR DRBG Entropy – Z
CTR DRBG Seed – Z
CTR DRBG “V” Value – Z
CTR DRBG “Key” Value – Z
SNMPv3 Private Key – Z
SNMPv3 Authentication Key - Z
77
For commands and parameters related to the listed services, refer to the Ctrix ADC 12.1 Product Documentation located at https://docs.citrix.com/en-
us/citrix-adc/12-1.html.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 27 of 54
Service Description Input Output CSP and Type of Access
Perform On-Demand Self-Tests
Perform self-tests on
demand
Power cycle Status output
PEM Passphrase – Z
PEM Key – Z
AES GCM Key – Z
AES GCM IV – Z
DH/ECDH/RSA Private Key
Component – Z
DH/ECDH/RSA Public Key
Component – Z
SSH Shared Secret – Z
SSH Session Key – Z
SSH Authentication Key – Z
IKE/IPsec Shared Secret – Z
IKE/IPsec Session Key – Z
IKE/IPsec Authentication Key – Z
TLS Pre-Master Secret – Z
TLS Master Secret – Z
TLS Session Key – Z
TLS Authentication Key – Z
TLS Ticket Encryption Key – Z
TLS Authentication Key – Z
Hash DRBG Entropy – Z
Hash DRBG Seed – Z
Hash DRBG “V” Value” – Z
Hash DRBG “C” Value – Z
CTR DRBG Entropy – Z
CTR DRBG Seed – Z
CTR DRBG “V” Value – Z
CTR DRBG “Key” Value – Z
SNMPv3 Private Key – Z
SNMPv3 Authentication Key - Z
Authenticate operators
Used for operator logins
to the module
Command Status output
Operator Password - R
LDAP Admin Password – R/X
SSH Public Key – X
Oauth Client Secret – X
DFA Shared Secret – X
TLS Public Key – X
AES Key – X
AES GCM Key – X
AES GCM IV – X
KEK – X
2.5 Physical Security
The MPX is a multiple-chip standalone cryptographic module. The contents of the module, including hardware
components, firmware, plaintext keys, and CSPs are all protected by the module enclosure. The module enclosure
consists of a hard production-grade metal case that completely encloses all of its internal components.
In addition, all of the internal components of the module are production-grade and coated with commercial-
standard passivation.
The MPX enclosure has a removable front and back cover. Each cover is secured with screws and serialized tamper-
evident seals.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 28 of 54
2.6 Operational Environment
The module employs a non-modifiable operating environment. The MPX firmware is executed by the module’s
processor as indicated below:
• 8905 FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 8910 FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 8920 FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15020-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15030-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15040-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15060-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15080-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15100-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
• 15120-50G FIPS (Intel® Xeon Processor E5-2620 v4 with Intel® C612 Chipset and Intel® 8955 Chipset)
The module runs a customized operating system based on FreeBSD v8.4, which cannot be modified and does not
provide a general-purpose computing environment.
The module’s entropy source has a min-entropy over 80%. Thus, a request for 256 bits of entropy to seed the 256-
bit CTR and Hash DRBGs will result in more than the minimum FIPS requirement of 112 bits of entropy.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 29 of 54
2.7 Cryptographic Key Management
The module supports the CSPs listed below in Table 11.
Table 11 – Cryptographic Keys, Cryptographic Key Components, and CSPs
CSP CSP Type Generation / Input Output Storage Zeroization Use
KEK Passphrase Alphanumeric string Generated externally, input in
plaintext form via local console or
in encrypted form via SSH session
Never exits the module Plaintext in volatile
memory
N/A Derivation of KEK
KEK 256-bit AES key Generated internally via PBKDF Never exits the module Plaintext on disk CLI command Encryption and decryption of
passwords and passphrases
PEM Passphrase Alphanumeric string (8-31
characters)
Generated externally, input in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
encrypted form as part of
config backup file
Plaintext in volatile
memory or
encrypted on disk
(via KEK)
[for plaintext]
Reboot;
remove power
Derivation of PEM Key
PEM Key 256-bit AES key
192-bit Triple-DES key
Generated internally via PBKDF Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Encryption and decryption of
asymmetric private keys
AES key 128/192/256-bit AES key Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Encryption and decryption
AES GCM key 256-bit AES GCM key Generated internally via
Approved DRBG
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Encryption and decryption
AES GCM IV 96 and 128-bit IV Internally generated
deterministically in compliance
with TLS 1.2 GCM Cipher Suites
for TLS and Section 8.2.1 of NIST
SP 800-38D
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
IV for AES GCM
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 30 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
HMAC Key 160/224/256/384/512-bit
HMAC key
Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Message authentication with
SHS
CA Public Key 1024/2048/3072/4096-bit
RSA public key
P-224/P-256/P-384/P-521
ECDSA public key
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
plaintext form
Plaintext on disk N/A TLS certificate authentication
1024-bit RSA public keys are
used for signature
verification only
DH Private Key
Component
[for SSH sessions]
2048, 4096, 8192-bit DH
private key
[for TLS sessions]
2048, 3072, 4096-bit DH
private key
[for IKE sessions]
2048-bit DH private key
Generated internally via
Approved DRBG
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of SSH, TLS, and
IKE shared secrets
DH Public Key
Component
[for SSH sessions]
2048, 4096, 8192-bit DH
public key
[for TLS sessions]
2048, 3072, 4096-bit DH
public key
[for IKE sessions]
2048-bit DH public key
[for the module]
Generated internally via
Approved DRBG
[for a peer]
Input in plaintext form
[for the module] Exits the
module in plaintext form
[for a peer]
Never exits the module
Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of SSH, TLS, and
IKE shared secrets
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 31 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
ECDH Private Key
Component
Private key of ECDH
protocol
(P-224/P-256/P-384/P-521
curves)
Generated internally via
Approved DRBG
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of SSH and TLS
shared secrets
ECDH Public Key
Component
Public key of ECDH protocol
(P-224/P-256/P-384/P-521
curves)
[for the module]
Generated internally via
Approved DRBG
[for a peer]
Input in plaintext form
[for the module] Exits the
module in plaintext form
[for a peer]
Never exits the module
Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of SSH and TLS
shared secrets
RSA Private Key
Component
2048, 3072-bit RSA Private
Key
Generated internally via
Approved DRBG
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of TLS shared
secrets
RSA Public Key
Component
2048, 3072-bit RSA Public
Key
[for the module]
Generated internally via
Approved DRBG
[for a peer]
Input in plaintext form
[for the module] Exits the
module in plaintext form
[for a peer]
Never exits the module
Plaintext in volatile
memory
Reboot;
remove power;
session termination
Generation of TLS shared
secrets
SSH Public Key 2048/3072-bit
RSA public key
P-224/P-256/P-384/P-521
ECDSA public key
[for the module]
Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form
[for a peer]
Input in plaintext form
[for the module]
Exits the module in
plaintext form
[for a peer]
Never exits the module
[for the module]
Plaintext on disk
[for a peer]
Plaintext in volatile
memory
N/A Authentication during SSH
session negotiation; GSLB
configuration sync
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 32 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
SSH Private Key 2048/3072-bit
RSA private key
P-224/P-256/P-384/P-521
ECDSA public key
Generated internally via
Approved DRBG
Exits the module in
encrypted form as part of
config backup file
Plaintext on disk CLI command Authentication during SSH
session negotiation; RBA78
Authentication for LDAP;
GSLB configuration sync
SSH Shared Secret Shared secret Derived internally via DH/ECDH
shared secret computation
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Derivation of the SSH Session
Key and SSH Authentication
Key
SSH Session Key 128/192/256-bit AES key
(CBC and CTR mode)
192-bit Triple-DES key
Derived internally via SSH KDF Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Encryption and decryption of
SSH session packets
SSH Authentication Key 160/256/512-bit HMAC key Derived internally via SSH KDF Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Authentication of SSH session
packets
IKE/IPsec Shared Secret Shared secret Derived internally via DH shared
secret computation
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Derivation of the IKE/IPsec
Session Keys and IKE/IPsec
Authentication Keys
IKE/IPsec PSK Pre-shared key Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Authentication during
IKE/IPsec session negotiation
[IKEv1 Only]
Derivation of the IKE/IPsec
Session Keys and IKE/IPsec
Authentication Keys
IKE/IPsec Session Key 128/192/256-bit AES key Derived internally via IKE KDF Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Encryption and decryption of
IKE/IPsec session packets
IKE/IPsec
Authentication Key
160/256/384/512-bit
HMAC key
Derived internally via IKE KDF Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Authentication of IKE/IPsec
session packets
78 RBA – Role-based Authentication
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 33 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
TLS Public Key 1024/2048/3072/4096-bit
RSA public key
P-224/P-256/P-384/P-521
ECDSA public key
[for the module]
Generated internally via
Approved DRBG
(1024/2048/3072-bit)
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (1024/2048/3072/4096-
bit)
[for a peer]
Input in plaintext form as part of
TLS session negotiation
1024/2048/3072/4096-bit
[for the module]
Exits the module in
plaintext form
[for a peer]
Never exits the module
[for the module]
Plaintext on disk
[for a peer]
Plaintext in volatile
memory
N/A TLS authentication;
SAML authentication (RSA
only); OpenID authentication
(RSA only)
1024-bit RSA public keys are
used for signature
verification only
TLS Private Key 2048/3072/4096-bit
RSA private key
P-224/P-256/P-384/P-521
ECDSA public key
Generated internally via
Approved DRBG (2048/3072-bit)
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (2048/3072/4096-bit)
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via PEM key)
N/A TLS authentication;
SAML authentication (RSA
only); OpenID authentication
(RSA only)
TLS Pre-Master Secret [for RSA cipher suites]
384-bit random value
[for DH/ECDH cipher suites]
DH/ECDH shared secret
[for RSA cipher suites and module
acting as client] Generated
internally via FIPS-Approved
DRBG
[for RSA cipher suites and module
acting as server] Generated
externally, imported in encrypted
form via RSA key transport
[for DH/ECDH cipher suites]
Derived internally via DH/ECDH
shared secret computation
[for RSA cipher suites and
module acting as client]
Exits the module in
encrypted form via RSA
key transport
[for RSA cipher suites and
module acting as server]
Never exits the module
[for DH/ECDH cipher
suites] Never exits the
module
Plaintext in volatile
memory
Reboot;
remove power;
completion of TLS
Session Key and TLS
Authentication Key
derivation
Derivation of the TLS Master
Secret
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 34 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
TLS Master Secret 384-bit shared secret Derived internally using the TLS
Pre-Master Secret via TLS KDF
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Derivation of the TLS Session
Key and TLS Authentication
Key
TLS Session Key 128/256-bit AES key
128/256-bit AES GCM key
Derived internally using the TLS
Master Secret via TLS KDF
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Encryption and decryption of
TLS session packets
TLS Authentication Key 160/256/384-bit
HMAC key
Derived internally using the TLS
Master Secret via TLS KDF
Never exits the module Plaintext in volatile
memory
Reboot;
remove power;
session termination
Authentication of TLS session
packets
TLS Ticket
Encryption Key
128-bit AES key Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Never exits the module [for internally
generated keys]
Plaintext in volatile
memory
[for imported keys]
Encrypted on disk
(via KEK)
[for internally
generated keys]
Reboot;
remove power
Encryption and decryption of
TLS session tickets
TLS Ticket
Authentication Key
256-bit HMAC key Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Never exits the module [for internally
generated keys]
Plaintext in volatile
memory
[for imported keys]
Encrypted on disk
(via KEK)
[for internally
generated keys]
Reboot;
remove power
Computes the digest of TLS
session tickets
Hash DRBG Entropy 256-bit value Generated externally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Entropy input for Hash DRBG
Hash DRBG Seed 440-bit value Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Seed material for Hash DRBG
Hash DRBG ‘V’ Value Internal state value Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Internal state value used with
Hash DRBG
Hash DRBG ‘C’ Value Internal state value Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Internal state value used with
Hash DRBG
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 35 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
CTR DRBG Entropy 256-bit value Generated externally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Entropy input for CTR DRBG
CTR DRBG Seed 384-bit value Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Seed material for CTR DRBG
CTR DRBG ‘V’ Value 128-bit value Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Internal state value used with
CTR DRBG
CTR DRBG ‘Key’ Value 256-bit AES key Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Internal state value used with
CTR DRBG
SNMPv3 Privacy
Passphrase
Alphanumeric string Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Derivation of the SNMPv3
Privacy Key
SNMPv3 Authentication
Passphrase
Alphanumeric string Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Derivation of the SNMPv3
Authentication Key
SNMPv3 Privacy Key 128-bit AES key Derived internally via the SNMP
KDF
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Encryption and decryption of
SNMPv3 packets
SNMPv3 Authentication
Key
160-bit HMAC key Derived internally via the SNMP
KDF
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Authentication of SNMPv3
packets
LDAP Admin Password Alphanumeric string Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Used to bind to the LDAP
server
RDP PSK Shared secret Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Encryption and decryption of
RDP user and target
information
Oauth Client Secret Shared secret Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Oauth and Oauth IDP79
authentication to the module
DFA Shared Secret Shared secret Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A DFA authentication to the
module
79 IDP – Identity Provider
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 36 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
ZebOS Router Password Alphanumeric string Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via KEK)
N/A Router authentication
Public DNS KSK 2048/3072/4096-bit
RSA public key
Generated internally (2048/3072-
bit)
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (2048/3072/4096-bit)
Exits the module in
plaintext form as part of
config backup file
Plaintext on disk N/A Public DNS ZSK authentication
Private DNS KSK 2048/3072/4096-bit
RSA private key
Generated internally (2048/3072-
bit)
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (2048/3072/4096-bit)
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via PEM key)
N/A Public DNS ZSK signature
generation
Public DNS ZSK 2048/3072/4096-bit
RSA public key
Generated internally (2048/3072-
bit)
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (2048/3072/4096-bit)
Exits the module in
plaintext form as part of
config backup file
Plaintext on disk N/A DNS zone authentication
Private DNS ZSK 2048/3072/4096-bit
RSA private key
Generated internally (2048/3072-
bit
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session (2048/3072/4096-bit)
Exits the module in
encrypted form as part of
config backup file
Encrypted on disk
(via PEM key)
N/A DNS zone signature
generation
Kerberos CA Public Key 2048-bit RSA public key Generated externally, imported
into the module
[for a peer]
Input in plaintext form as part of
the Kerberos authentication
Exits the module in
plaintext
[for a peer]
Never exits the module
Plaintext on disk
[for a peer]
Plaintext in volatile
memory
Reboot;
remove power
Used in Kerberos
authentication
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 37 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
Kerberos User Public
Key
2048-bit RSA public key Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Exits the module in
plaintext
Plaintext on disk Reboot;
remove power
Used in Kerberos
authentication
Kerberos User Private
Key
2048-bit RSA private key Generated internally via
Approved DRBG
OR
Generated externally, imported in
plaintext form via local console or
in encrypted form via TLS or SSH
session
Never exits the module Encrypted on disk
(via PEM key)
Reboot;
remove power
Used to sign authentication
request
Kerberos Server Public
Key
2048-bit RSA public key Generated externally, imported
into the module in plaintext
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Used in Kerberos
authentication
Kerberos DH Public Key 2048-bit DH public key {For the module} Generated
internally
[For a peer] Generated externally,
imported into the module in
plaintext
Exits the module in
plaintext form
Plaintext in volatile
memory
Reboot;
remove power
Used to generate the
Kerberos secret key
Kerberos DH Private
Key
2048-bit DH private key Generated internally Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Used to generate the
Kerberos secret key
Kerberos Secret Key 256-bit AES key Generated internally using DH
components
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Used to encrypt the Kerberos
Client/TGS Session Key
Kerberos Client/TGS
Session Key
256-bit AES key Generated externally, imported
electronically in encrypted form
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Used in the Kerberos Client
Authentication. Used to
decrypt the Kerberos
Client/Server Session Key.
Kerberos Client/Server
Session Key
256-bit AES key Generated externally, imported
electronically in encrypted form
Never exits the module Plaintext in volatile
memory
Reboot;
remove power
Used to authenticate to the
Kerberos Service Server
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 38 of 54
CSP CSP Type Generation / Input Output Storage Zeroization Use
Cluster Password Alphanumeric string Input in plaintext form via local
console or in encrypted form via
TLS or SSH session
Exits the module in
encrypted form
Encrypted on disk
(via KEK)
N/A Used to connect nodes to the
cluster coordinator
Operator Password Alphanumeric string Input in plaintext form via TLS or
SSH session
Exists the module in
encrypted form
Plaintext in volatile
memory
Reboot; remove
power
Authenticate the operator to
the module via an external
authentication service
*Keys derived from the PBKDF function are only used for storage applications.
Notes:
All RSA and ECDSA keys at 2048 and 3072-bit modulus size are generated internally by the Citrix ADC CP Cryptographic Library v1. All RSA and ECDSA keys
at the 4096-bit modulus size are generated outside of the module and input either in plaintext form via local console or encrypted form via a TLS or SSH
session.
The AES-GCM IV is used in the following protocols:
• TLS - The AES-GCM IV is used in the TLS protocol. The TLS AES-GCM IV is generated in compliance with TLS v1.2 GCM cipher suites as
specified in RFC80
5288 and section 3.3.1 of NIST SP 800-52rev1. Per RFC 5246, when the nonce_explicit part of the IV exhausts the
maximum number of possible values for a given session key, the module will trigger a handshake to establish a new encryption key. The
AES-GCM IV is a random 96-bit value generated with available entropy provided by the available entropy source.
80 RFC – Request For Comment
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 39 of 54
2.8 EMI / EMC
The modules were tested and found conformant to the EMI/EMC requirements specified by 47 Code of Federal
Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (business use).
2.9 Self-Tests
Cryptographic self-tests are performed automatically by the module when the module is first powered up and
loaded into memory as well as conditionally. The following sections list the self-tests performed by the module,
their expected error status, and the error resolutions.
2.9.1 Power-Up Self-Tests
The MPX performs the following self-tests at power-up:
• Firmware integrity test (using RSA 2048 with SHA-512)
• Citrix ADC CP Cryptographic Library self-tests
o AES encrypt KAT81
o AES decrypt KAT
o AES GCM encrypt KAT
o AES GCM decrypt KAT
o Triple-DES encrypt KAT
o Triple-DES decrypt KAT
o SHA-1, SHA-256, SHA-512 KAT
o HMAC KAT with SHA-1, SHA-256, and SHA-512
o CTR DRBG KAT
o RSA sign/verify KAT
o ECDSA PCT82
(P-256)
o DH primitive “Z” computation test
o ECDH primitive “Z” computation test
• Citrix ADC DP Cryptographic Library self-tests
o AES encrypt KAT
o AES decrypt KAT
o AES GCM encrypt KAT
o AES GCM decrypt KAT
o SHA-1, SHA-256, SHA-512 KAT
o HMAC KAT with SHA-1, SHA-256, and SHA-512
o Hash DRBG KAT
o RSA sign/verify KAT
o ECDSA PCT (P-256)
o ECDH Primitive “Z” computation test
• Intel Communication chipset 8955 hardware cryptographic accelerator self-tests
o AES encrypt KAT
o AES decrypt KAT
81
KAT – Known Answer Test
82 PCT – Pairwise Consistency Test
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 40 of 54
o AES GCM encrypt KAT
o AES GCM decrypt KAT
o SHA-1, SHA-256, SHA-512 KAT
o HMAC KAT with SHA-256
o RSA sign/verify KAT
o ECDSA sign/verify PCT
o ECDH Primitive “Z” computation test
2.9.2 Conditional Self-Tests
The MPX performs the following conditional self-tests:
• Citrix ADC CP Cryptographic Library conditional self-tests
o CRNGT83
for NDRNG
o RSA PCT for sign/verify
o RSA PCT for encrypt/decrypt
o ECDSA PCT for sign/verify
• Citrix ADC DP Cryptographic Library conditional self-tests
o CRNGT for NDRNG
2.9.3 Critical Functions Self-Tests
MPX implements the SP 800-90A Hash DRBG and CTR DRBG as its random number generators. The SP 800-90A
specification requires that certain critical functions be tested to ensure the security of the DRBGs. Therefore, the
following power-up critical function tests are implemented by the cryptographic module for the Hash and CTR
DRBG:
• SP 800-90A Instantiate Critical Function Test
• SP 800-90A Generate Critical Function Test
• SP 800-90A Reseed Critical Function Test
2.9.4 Self-Test Failures
If any of the power-up self-tests fail, the module enters a critical error state and an error message is logged. In
this state, cryptographic operations are halted, and the module inhibits all data output from the module.
If the module enters the critical error state due to a failure of the integrity test, the boot sequence and entire
system is halted. The only action available from this state is to reboot the module to trigger the re-execution of
the integrity test. The error condition is considered to have been cleared if the module successfully passes the
integrity test and then all subsequent power-up self-tests. If the module continues to return to a halted state, the
module is considered to be malfunctioning or compromised, and Citrix Customer Support must be contacted.
If the module enters the critical error state due to a failure of any of the remaining power-up self-tests, the module
will automatically reboot to clear the error state and an error message will be logged. The CO must contact Citrix
Customer Support if this error occurs.
83 CRNGT – Continuous Random Number Generator Test
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 41 of 54
The successful completion or failure of the power-up self-tests can be verified by checking the log files. Successful
completion of the Citrix ADC DP Cryptographic Library v4 self-tests are indicated by “FIPS POST Successful” in
/var/log/ns.log and successful completion of the Citrix ADC CP Cryptographic Library v4 self-tests in indicated by
“POST Success” in /var/log/FIPS-post.log. Failure of the Citrix ADC DP Cryptographic Library v4 self-tests is
indicated by “FIPS Post Failed” in /var/log/ns.log and failure of the Citrix ADC CP Cryptographic Library v4 self-
tests is indicated by “POST Failed” in /var/log/FIPS-post.log (both messages indicate a critical error state).
If any of the conditional self-tests fail, the module goes through a soft error state and the following message is
displayed:
“Internal failure in SSL cert/key generation tool”
Once the message is displayed (and the error is logged), the module returns to an operational state. The user may
retry the service (which calls the conditional self-test again) or move to other operations. Successful completion
of the conditional self-test is indicated by the absence of an error message.
2.10 Mitigation of Other Attacks
The module’s firmware includes several features that provide defenses against a wide range of application and
web server DoS attacks. These features (including packet inspection, priority queuing, bypassing the cache, rate
limiting, and packet rejection) prevent the allocation of server resources for specific connections. Additionally, the
module mitigates SYN flood attacks by utilizing SYN cookies rather than maintaining half-open connections on
the system memory stack. DNS DoS attacks are mitigated using parameters that protect the DNS cache memory.
The module’s built-in Web App Firewall provides configurable security checks to detect and mitigate Web attacks
(including attacks on operating system and web server firmware vulnerabilities, SQL database vulnerabilities,
errors in the design and coding of web sites and web devices, and failures to secure sites that host or can access
sensitive information). Web requests or responses that violate security checks are blocked or transformed (making
the attack harmless). Specific attacks mitigated by the Web App Firewall include:
• HTML84
/XML85
Cross-Site Scripting (XSS) attacks
• HTML/XML SQL injection attacks
• HTML Cross-Site Request Forgery (CSRF) attacks
• HTML Form/hidden field and parameter manipulation
• XML DoS attacks
• Cookie or session poisoning
• Forceful browsing
• Buffer overflow attacks
• XML-based attacks using invalid or poorly-formed XML requests, content injection, or inconsistencies in
XML interoperability
The IP Reputation feature of the module protects against password cracking attacks (via botnets), Windows exploit
attacks, and phishing proxy attacks by identifying IP addresses that are sending unwanted request and rejecting
requests received from an IP with a bad reputation.
84
HTML – Hypertext Markup Language
85 XML – Extensible Markup Language
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 42 of 54
The module’s DNS Security Options feature and configurable DNS parameters are used to mitigate DNS-based
attacks. These attacks include random subdomain/NXDOMAIN/NODATA attacks, root referral amplification
attacks, cache poisoning, and Slowloris attacks. The attacks are mitigated by preventing the insertion of corrupt
data into the DNS cache, restricting access to root referrals for unrelated domains that are not configured or
cached, forcing DNS transactions to use TCP instead of UDP86
when clients send a flood of queries but cannot
handle responses, and dropping DNS queries that exceed a specified length or are split into multiple packets.
The module firmware includes defenses against TCP spoofing. TCP spoofing is mitigated by enabling configurable
parameters to respond to invalid sequence numbers with a corrective acknowledgement, and/or to drop invalid
SYN packets.
86 UDP – User Datagram Protocol
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 43 of 54
3. Secure Operation
The sections below describe how to place and keep the module in the FIPS-Approved mode of operation. Any
operation of the module without following the guidance provided below will result in non-compliant use and
is outside the scope of this Security Policy.
3.1 Installation and Setup
The module is shipped to the customer in a non-configured state. The CO is responsible for all initial setup activities,
including installing and configuring the MPX firmware. Prior to the installation, the CO should read the document
entries within the Getting Started with Citrix ADC webpage on Citrix’s online product documentation portal.
The following sections provide references to step-by-step instructions for the setup and installation of the MPX,
as well as the steps necessary to configure the module for its FIPS-Approved mode of operation.
3.1.1 Initial Tamper-Evident Seal Inspection
Tamper evident seals are applied at the factory to the modules to protect against unauthorized access to the
module. When the module is received, the operator must confirm placement of all tamper evident seals.
A tamper evident seal is placed on the front cover connecting the front and top of the enclosure. Evidence of the
cover being removed will also be visible by the disconnecting of a wire that connects the front cover to the
components inside. Figure 6 and Figure 7 below show the placement of the tamper evident seal on the front cover
of the MPX 89xx FIPS and MPX 15xxx FIPS.
Figure 6 – Front Cover of the MPX 89xx FIPS
Figure 7 – Front Cover of the MPX 15xxx FIPS
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 44 of 54
A single tamper evident seal is placed on the back of the enclosure connecting the back to the top. Figure 8 and
Figure 9 below show the placement of the tamper evident seal on the back panel of the MPX 89xx FIPS and MPX
15xxx FIPS.
Figure 8 – Back Panel of the MPX 89xx FIPS
Figure 9 – Back Panel of the MPX 15xxx FIPS
Tamper evident seals are placed on the left and right side of the enclosure. These seals connect the sides to the
top. Figure 10, Figure 11, Figure 12, and Figure 13 below show the placement of these seals.
Figure 10 – Back Left of the MPX 89xx FIPS
Figure 11 – Back Right of the MPX 89xx FIPS
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 45 of 54
Figure 12 - Back left of the MPX 15xxx FIPS
Figure 13 - Back Right of the MPX 15xxx FIPS
All tamper evident seals are required for the module to be considered operating in a FIPS-Approved mode of
operation. If any seals show signs of tampering, the CO must contact Citrix Customer Support immediately.
3.1.2 Installation
For detailed guidance regarding the installation of MPX, please see the Getting Started with Citrix ADC webpage
on Citrix’s online product documentation portal and refer to the following document entries:
• Citrix ADC MPX hardware-software compatibility matrix
• Prepare for Installation
• Install the Hardware
The above document entries include the MPX support matrix and usage guidelines, prerequisites for setting up
the MPX appliance, and MPX installation instructions. To install the required license files, the CO must follow the
instructions on the Citrix ADC licensing overview webpage on Citrix’s online product documentation portal. Once
the license files are installed, reboot the module so all licenses are applied.
3.1.3 General Configuration
After the MPX appliance has been setup, the CO is responsible for the general configuration of the module. The
Web GUI (configuration utility) or CLI can be used for the general configuration of the module. All general
configuration must be complete before performing configuration necessary to place the module in a FIPS-
Approved mode of operation.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 46 of 54
The general configuration requirements and instructions are described in the “Quick Start Installation and
Configuration” section of the Citrix ADC Deployment Guide found on Citrix’s online product documentation
portal.
3.1.4 FIPS-Approved Mode Configuration and Status
The CO is responsible for the security-relevant configuration of the module. To initialize the MPX for FIPS mode
of operation, the CO must:
• Enforce strong passphrase requirements
• Replace the default TLS certificate
• Disable HTTP access to the Web GUI
• Create the KEK master key
• Disable local authentication after initial configuration
To accomplish these tasks, the CO must follow the procedures detailed in the sections below (for more
information, please see the “Configuration Guidelines” section of the document entry Citrix ADC Deployment
Guide.
3.1.4.1 Enforce strong passphrase requirements
Passphrases are used to derive keys using PBKDF. The CO must enable strong passphrase requirements. This is
accomplished with the following steps from the MPX GUI:
1. In the Configuration navigation pane, go to System and click the Settings node.
2. In the Settings section, click the Change Global System Settings link.
3. In the Strong Password field, select Enable All.
4. In the Min Password Length field, type “8”.
5. Click OK.
3.1.4.2 Replace the default TLS certificate
By default, the MPX includes a factory-provisioned RSA certificate for TLS connections (ns-server.cert and
ns-server.key). This certificate is not intended for use in production deployments and must be replaced. The
CO must replace the default certificate with a newly-generated certificate after the initial installation.
To replace the default TLS certificate, the CO must follow these steps:
1. Run the following CLI command to set the hostname of the MPX:
set ns hostName [hostname]
2. From the MPX GUI, complete the following procedure to create a Certificate Signing Request (CSR):
• In the Configuration navigation pane, go to Traffic Management and click the SSL node.
• In the SSL Certificates section, click the Create Certificate Request link.
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 47 of 54
• Make sure to provide values for all the required fields marked with an “*” and then click Create. Note
that the Common Name field will contain the value of hostname created in step 1 above.
3. Submit the CSR file to a trusted CA. The CSR file is available in the /nsconfig/ssl directory.
4. After receiving the certificate from the trusted CA, copy the file to the /nsconfig/ssl directory.
5. From the MPX GUI, navigate to Traffic Management > SSL and choose ns-server-certificate.
6. Click Update.
7. In the Certificate File Name field, choose the certificate file that was received from the CA. Use
the Browse option to choose the file that you have received from CA after signing. Choose
the Browse > Local option if the file is saved on your workstation/local drive.
8. In the Private Key File Name field, specify the default private key file name (ns-server.key).
9. Select the No Domain Check option.
10. Click OK.
For more information, please refer to the Citrix Support Knowledge Center article CTX122521) on Citrix’s online
product documentation portal.
3.1.4.3 Disable HTTP access to the Web GUI
To protect traffic to the administrative interface and Web GUI, the MPX must be configured to use HTTPS87
. Once
the MPX has been configured to use new TLS and SSH certificates (see section 3.1.4.1 above), the CO must disable
HTTP access to the GUI management interface with the following CLI command:
set ns ip <NSIP> -gui SECUREONLY
3.1.4.4 Create the KEK Master Key
The KEK master key is used to encrypt passphrases and other sensitive information. To prevent the default KEK
from being used, the CO must create a new KEK. To create the KEK, the CO must follow these steps:
1. Run the following CLI command:
create system kek
2. When prompted, enter a strong passphrase (the KEK will be derived from this).
3.1.4.5 Disable local authentication
The nsroot account is a default account with root CLI access (superuser) privileges that is required for initial
configuration. During initial configuration, the CO shall disable local system authentication to block access to all
local accounts (including the nsroot account), and the CO shall ensure that superuser privileges are not assigned
to any user account. To disable local system authentication and enable external system authentication, the CO
must follow these steps:
1. Run the following CLI command to disable local authentication:
set system parameter -localauth disabled
87 HTTPS – Hypertext Transfer Protocol Secure
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 48 of 54
3.1.4.6 Enable External Authentication
Once the module is configured in FIPS-Approved mode and the nsroot account is disabled, then external
authentication must be configured. Follow the instructions on the Configuring external user authentication
webpage found on the Citrix online product documentation portal to configure external system authentication.
The CO must ensure the following before enabling external authentication:
• Ensure a secure connection is established with the external authentication service.
• Ensure shell access is disabled for all profiles on the external authentication service.
3.2 Crypto Officer Guidance
The CO is responsible for ensuring that the module is operating in the FIPS-Approved mode of operation. When
configured and operated according to the guidance in this Security Policy (including the previous instructions in
section 3.1.4), the module only runs in the FIPS-Approved mode of operation.
3.2.1 Management
Once installed and configured, the Crypto Officer is responsible for maintaining and monitoring the status of the
module to ensure that it is running in its FIPS-Approved mode. Please refer to sections 3.1.4, 3.2, and 3.4 for
guidance that the Crypto Officer must follow to ensure that the module is operating in a FIPS-Approved manner.
3.2.2 On-Demand Self-Tests
Although power-up self-tests are performed automatically during module power up, they can also be manually
launched on demand. Self-tests can be executed by power-cycling the module, using the reset button on the
platform (if applicable), the reboot CLI command, the reboot API method, or via the Web GUI by navigating
to Configuration > System > System Information and clicking the Reboot button.
3.2.3 Zeroization
There are many CSPs within the module’s cryptographic boundary including symmetric keys, private keys, public
keys, and passphrases. CSPs reside in multiple storage media including the RAM and system memory. All
ephemeral keys are zeroized on module reboot, power removal, or session termination.
The KEK is stored as plaintext in non-volatile memory. The zeroization of the KEK renders all passphrases and
passwords stored in the non-volatile memory unrecoverable, effectively zeroizing them. The KEK is zeroized via
the following CLI command:
rm system csps -type KEK
SSH private keys are stored as plaintext in non-volatile memory. SSH private keys are zeroized via the following
CLI command:
rm system csps -type SSH_HOST_KEYS
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 49 of 54
3.2.4 Monitoring Status
The CO shall be responsible for regularly monitoring the module’s status for the FIPS-Approved mode of operation.
When configured according to the CO’s guidance, the module only operates in the FIPS-Approved mode. Thus,
the current status of the module when operational is always in the FIPS-Approved mode.
An operator logged in via the CLI can view the operational status by using the following CLI commands:
• show ns info – shows details about the firmware, including firmware version, enabled and disabled
features, and configured network information.
• show ns version – shows version and build number of the appliance.
• show ns hardware – shows details of the appliance hardware and information such as the host ID88
and serial number.
The RESTful Nitro API can be used with the GET method to view the operational status by using the following URLs:
• https://<Citrix ADC-ip-address>/nitro/v4/config/nshardware
• https://< Citrix ADC-ip-address>/nitro/v4/config/nsversion
An operator logged in via the Web GUI can also view the operational status by navigating to Configuration >
System > System Information.
This will display general system and hardware information about the device, including the platform version, CPU
information, and appliance serial number. Additionally, the Web GUI’s dashboard includes a system overview
section with information such as system HA state, system master state, and system uptime.
3.3 User Guidance
The User role does not have the ability to configure sensitive information on the module. The User must be diligent
to select strong passwords and must not reveal their password to anyone. Additionally, User role operators should
be careful to protect any secret or private keys in their possession.
3.4 Additional Guidance and Usage Policies
This section notes additional policies below that must be followed by module operators:
• All private keys (except for SSH private keys) must be stored as PEM files in encrypted format using a FIPS-
Approved encryption algorithm listed in Table 2 or Table 3.
• Upon successful bootup of the module, the MPX is configured by default to use only SP800-52rev2
recommended cipher suites for TLS connections. If modified, the CO must ensure that only FIPS-Approved
cipher suites are configured while in the FIPS-Approved mode. It is recommended to use the list of
approved TLS cipher suites in section 3.3 of NIST SP 800-52 Revision 1 as guidance.
88 ID – Identifier
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 50 of 54
• The MPX must be configured to use PSK-based authentication for IPsec connections. The CO must provide
a PSK value when configuring IPsec profiles via the GUI, CLI, or API. Configuring digital certificate-based
authentication for IPsec connections is prohibited while in the FIPS-Approved mode of operation.
• The MPX supports Kerberos traffic management. The Crypto Officer is responsible for ensuring that the
module is only used with Kerberos servers that are configured to use PKINIT89
. Once configured the
module restricts Kerberos to using only FIPS-Approved ciphersuites. For details on configuring the
protocol to use PKINIT refer to Citrix ADC 12.1 – An Overview of Citrix ADC Kerberos SSO.
• The MPX supports client-side Kerberos. The CO must configure a password or keytab file to use
this feature. MPX will only accept packages using FIPS 140-2 encryption. For details on configuring
client-side Kerberos refer to Citrix ADC 12.1 – Configuring Kerberos Authentication on the Citrix
ADC Appliance.
• The MPX supports clustering. An MPX may either be the cluster coordinator or the cluster node. Once
appliances are clustered together, all configuration is done on the cluster coordinator and pushed to
nodes within the cluster. For details on configuring clusters, refer to Citrix ADC 12.1 – Clustering.
• The CO must ensure that communication between the module and the external authentication service is
secure.
• The CO must ensure that shell access is disabled for all profiles on the external authentication service.
• The CO must ensure that the “Key” and “AutoKey” authentication parameters are not set when adding
NTP servers via the GUI, CLI, or API.
• If the module’s power is lost and then restored, the module operator shall establish a new key for AES
GCM encryption.
• In compliance with IG A.13, the module operator shall ensure that the number of encryptions performed
by the TDES key is performed no more than 216
times by periodically rebooting the module.
• The MPX has built-in CA tools used to create self-signed certificates for testing purposes. While the
feature does include the generation of keys, because it's not being used for production purposes or true
protection of data, those keys are not considered CSPs. The CO must ensure that all certificates are
signed using a trusted CA and not by a self-signed certificate.
3.5 Non-FIPS-Approved Mode
When initialized, configured, and operated according to the guidance in this Security Policy, the module does not
support a non-FIPS-Approved mode of operation.
89 PKINIT – Public Key Cryptography for Initial Authentication in Kerberos – details for PKINIT in the Kerberos protocol are in RFC #4556
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 51 of 54
4. Acronyms
Table 12 provides definitions for the acronyms used in this document.
Table 12 – Acronyms
Acronym Definition
AAA Authentication, Authorization, Accounting
ADC Application Delivery Controller
AES Advanced Encryption Standard
API Application Programming Interface
AWS Amazon Web Services
CA Certificate Authority
CAVP Cryptographic Algorithm Validation Program
CBC Cipher Block Chaining
CCCS Canadian Centre for Cyber Security
CKG Cryptographic Key Generation
CLI Command Line Interface
CMVP Cryptographic Module Validation Program
CO Crypto Officer
CPU Central Processing Unit
CRNGT Continuous Random Number Generator Test
CSP Critical Security Parameter
CSR Certificate Signing Request
CSRF Cross-Site Request Forgery
CTR Counter
CVL Component Validation List
DES Data Encryption Standard
DFA Delegated Form Authentication
DH Diffie-Hellman
DNS Domain Name System
DoS Denial-of-Service
DRBG Deterministic Random Bit Generator
ECC CDH Elliptic Curve Cryptography Cofactor Diffie-Hellman
ECDH Elliptic Curve Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
EMI/EMC Electromagnetic Interference/Electromagnetic Compatibility
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 52 of 54
Acronym Definition
FIPS Federal Information Processing Standard
FOM FIPS Object Module
GCM Galois/Counter Mode
GCP Google Cloud Platform
GHz Gigahertz
GSLB Global Server Load Balancing
GUI Graphical User Interface
HA High Availability
HMAC (keyed-) Hash Message Authentication Code
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
ID Identifier
IDP Identity Provider
IKE Internet Key Exchange
IP Internet Protocol
IPsec Internet Protocol Security
IV Initialization Vector
KAT Known Answer Test
KDF Key Derivation Function
KEK Key Encryption Key
KPG Key Pair Generation
KSK Key Signing Key
KVM Kernel-based Virtual Machine
L4-L7 Layer 4 through Layer 7
LDAP Lightweight Directory Access Protocol
LED Light Emitting Diode
LTS Long Term Support
LTSR Long Term Service Release
MAC Media Access Control
MD5 Message Digest 5
N/A Not Applicable
NAT Network Address Translation
NDRNG Non-Deterministic Random Number Generator
NIST National Institute of Standards and Technology
NTP Network Time Protocol
FIPS 140-2 Non-Proprietary Security Policy, Version 0.2 8/5/2021
Citrix ADC MPX
©2021 Citrix Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 53 of 54
Acronym Definition
OID Object Identifier
OS Operating System
PBKDF Password-based Key Derivation Function
PCT Pairwise Consistency Test
PEM Privacy-Enhanced Mail
PKCS Public Key Cryptography Standard
PSK Pre-shared Key
RAM Random Access Memory
RBA Role-Based Authentication
RDP Remote Desktop Protocol
REST Representational State Transfer
RSA Rivest Shamir Adleman
SAML Security Assertion Markup Language
SHA Secure Hash Algorithm
SHS Secure Hash Standard
SNMP Simple Network Management Protocol
SP Special Publication
SQL Structured Query Language
SSH Secure Shell
SSL Secure Socket Layer
TCP Transmission Control Protocol
TLS Transport Layer Security
U2 Update 2
UDP User Datagram Protocol
URL Uniform Resource Locator
U.S. United States
XML Extensible Markup Language
XSS Cross-Site Scripting
ZSK Zone Signing Key
Prepared by:
Corsec Security, Inc.
13921 Park Center Road, Suite 460
Herndon, VA 20171
United States of America
Phone: +1 703 267 6050
Email: info@corsec.com
http://www.corsec.com