Dynatrace Cryptographic Module

Certificate #4988

Webpage information

Status active
Validation dates 17.03.2025
Sunset date 16-03-2030
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
Description The Dynatrace Cryptographic Module is a cryptographic library embedded in the Dynatrace OneAgent application software. The Dynatrace Cryptographic Module supplies the cryptographic functionality for encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation in support of general data protection functionality and secure communications protocols, including TLS 1.2/1.3.
Tested configurations
  • Red Hat Enterprise Linux 8.2 running on a Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4214R with PAA
  • Red Hat Enterprise Linux 8.2 running on a Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4214R without PAA
Vendor Dynatrace LLC
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, CAST, CAST5, RC4, RC5, RC2, DES, TDES, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, ARIA, SM4, SEED, HMAC, CMAC
Asymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-2, SHA3, SHA-3, Blake2, MD4, MD5, RIPEMD, PBKDF2, PBKDF
Schemes
MAC, Key Agreement
Protocols
SSL, TLS, TLS v1.3, TLS 1.2, TLS 1.3, TLS v1.2
Randomness
DRBG, RNG, RBG
Elliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XEX, XTS

JavaCard API constants
SM2
Trusted Execution Environments
PSP

Security level
Level 1
Vulnerabilities
CVE-2023-3446, CVE-2023-3817, CVE-2024-4741

Standards
FIPS 140-3, FIPS186-4, FIPS PUB 186-4, FIPS PUB 198-1, FIPS PUB 180-4, NIST SP 800-38A, NIST SP 800-38C, NIST SP 800-38B, NIST SP 800-38D, NIST SP 800-38F, SP 800-38B, SP 800-38C, SP 800-38D, SP 800-38F, PKCS#1, RFC 8446, RFC 5246, RFC 5288, ISO/IEC 19790, ISO/IEC 24579, ISO/IEC 19790:2021

File metadata

Creation date D:20250303140447-05'00'
Modification date D:20250303140447-05'00'
Pages 44

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4988,
  "dgst": "7a6171f6389cbb70",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA2-224A3358",
        "ECDSA SigGen (FIPS186-4)A3358",
        "AES-CFB8A3358",
        "AES-CBCA3358",
        "AES-OFBA3358",
        "DSA KeyGen (FIPS186-4)A3358",
        "HMAC-SHA-1A3358",
        "TLS v1.3 KDFA3359",
        "Counter DRBGA3358",
        "DSA PQGVer (FIPS186-4)A3358",
        "HMAC-SHA2-384A3358",
        "SHA2-256A3358",
        "HMAC-SHA2-224A3358",
        "RSA KeyGen (FIPS186-4)A3358",
        "AES-ECBA3358",
        "AES-GCMA3358",
        "ECDSA KeyGen (FIPS186-4)A3358",
        "AES-KWA3358",
        "HMAC-SHA2-256A3358",
        "AES-CTRA3358",
        "HMAC-SHA2-512A3358",
        "AES-CMACA3358",
        "RSA SigGen (FIPS186-4)A3358",
        "SHA2-512A3358",
        "RSA SigVer (FIPS186-4)A3358",
        "ECDSA SigVer (FIPS186-4)A3358",
        "KAS-FFC-SSC Sp800-56Ar3A3358",
        "SHA-1A3358",
        "ECDSA KeyVer (FIPS186-4)A3358",
        "AES-KWPA3358",
        "KDF TLSA3358",
        "AES-GMACA3358",
        "DSA SigVer (FIPS186-4)A3358",
        "KAS-ECC-SSC Sp800-56Ar3A3358",
        "DSA PQGGen (FIPS186-4)A3358",
        "AES-CCMA3358",
        "AES-CFB128A3358",
        "DSA SigGen (FIPS186-4)A3358",
        "AES-CFB1A3358",
        "SHA2-384A3358"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDH": 16
          },
          "ECDSA": {
            "ECDSA": 39
          },
          "EdDSA": {
            "EdDSA": 1
          }
        },
        "FF": {
          "DH": {
            "DH": 21,
            "Diffie-Hellman": 2
          },
          "DSA": {
            "DSA": 44
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 5
        },
        "CCM": {
          "CCM": 4
        },
        "CFB": {
          "CFB": 2
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 5
        },
        "GCM": {
          "GCM": 41
        },
        "OFB": {
          "OFB": 3
        },
        "XEX": {
          "XEX": 1
        },
        "XTS": {
          "XTS": 1
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "TLS": {
          "SSL": {
            "SSL": 3
          },
          "TLS": {
            "TLS": 43,
            "TLS 1.2": 2,
            "TLS 1.3": 5,
            "TLS v1.2": 1,
            "TLS v1.3": 8
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 10
        },
        "MAC": {
          "MAC": 6
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 6,
          "B-233": 7,
          "B-283": 7,
          "B-409": 7,
          "B-571": 7,
          "K-163": 7,
          "K-233": 9,
          "K-283": 7,
          "K-409": 7,
          "K-571": 7,
          "P-192": 14,
          "P-224": 20,
          "P-256": 14,
          "P-384": 14,
          "P-521": 14
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-CBC4": 1,
          "AES-CMAC10": 1,
          "AES-CTR11": 1,
          "AES-GCM15": 1,
          "CVL26": 1,
          "DRBG 9": 1,
          "DRBG21": 1,
          "DSA22": 1,
          "HMAC SHA-1": 3,
          "PAA 2": 1,
          "PKCS#1": 8,
          "RSA27": 1,
          "SHA- 1": 1,
          "SHA-1": 16,
          "SHA-2": 1,
          "SHA-3": 1,
          "SHA2- 224": 2,
          "SHA2- 256": 3,
          "SHA2- 384": 1,
          "SHA2-224": 17,
          "SHA2-256": 30,
          "SHA2-384": 22,
          "SHA2-512": 22,
          "SHA3": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "BLAKE": {
          "Blake2": 3
        },
        "MD": {
          "MD4": {
            "MD4": 2
          },
          "MD5": {
            "MD5": 2
          }
        },
        "PBKDF": {
          "PBKDF": 2,
          "PBKDF2": 2
        },
        "RIPEMD": {
          "RIPEMD": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA-2": 1
          },
          "SHA3": {
            "SHA-3": 1,
            "SHA3": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "SM2": 2
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 47
        },
        "RNG": {
          "RBG": 2,
          "RNG": 4
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 17,
          "FIPS PUB 180-4": 5,
          "FIPS PUB 186-4": 13,
          "FIPS PUB 198-1": 5,
          "FIPS186-4": 29
        },
        "ISO": {
          "ISO/IEC 19790": 6,
          "ISO/IEC 19790:2021": 2,
          "ISO/IEC 24579": 2
        },
        "NIST": {
          "NIST SP 800-38A": 7,
          "NIST SP 800-38B": 2,
          "NIST SP 800-38C": 2,
          "NIST SP 800-38D": 6,
          "NIST SP 800-38F": 8,
          "SP 800-38B": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 2,
          "SP 800-38F": 2
        },
        "PKCS": {
          "PKCS#1": 4
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 1,
          "RFC 8446": 4
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 77
          },
          "CAST": {
            "CAST": 4,
            "CAST5": 3
          },
          "RC": {
            "RC2": 2,
            "RC4": 3,
            "RC5": 3
          }
        },
        "DES": {
          "3DES": {
            "TDES": 1
          },
          "DES": {
            "DES": 10
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 11,
            "HMAC": 33
          }
        },
        "djb": {
          "ChaCha": {
            "ChaCha20": 3
          },
          "Poly": {
            "Poly1305": 2
          }
        },
        "miscellaneous": {
          "ARIA": {
            "ARIA": 3
          },
          "Blowfish": {
            "Blowfish": 3
          },
          "Camellia": {
            "Camellia": 3
          },
          "IDEA": {
            "IDEA": 3
          },
          "SEED": {
            "SEED": 3
          },
          "SM4": {
            "SM4": 3
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 5
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {
        "CVE": {
          "CVE-2023-3446": 1,
          "CVE-2023-3817": 1,
          "CVE-2024-4741": 1
        }
      }
    },
    "policy_metadata": {
      "/CreationDate": "D:20250303140447-05\u002700\u0027",
      "/ModDate": "D:20250303140447-05\u002700\u0027",
      "pdf_file_size_bytes": 1027839,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "www.dynatrace.com",
          "https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/openshift/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/aix/",
          "http://www.dynatrace.com/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/deploy-oneagent-on-kubernetes-for-application-only-monitoring/",
          "https://www.dynatrace.com/support/help/technology-support/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35864",
          "http://csrc.nist.gov/groups/STM/cmvp",
          "http://www.corsec.com/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-cloud-platforms/google-cloud-platform/deploy-dynatrace-on-google-kubernetes-engine/",
          "https://www.dynatrace.com/support/help/technology-support/oneagent-platform-and-capability-support-matrix/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/linux/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/solaris/",
          "https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/windows/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15855",
          "https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search",
          "mailto:[email protected]",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15854"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 44
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "d7db71d22cd13fc6b16e5f2a3ceed797eccb0e3a308995fa07ef4279ca9f7bfb",
    "policy_txt_hash": "b1265d7c961d07d00c26032d8b0fa01e150c8081c2a229e1f7cc683fe4a92de4"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)",
    "certificate_pdf_url": null,
    "date_sunset": "2030-03-16",
    "description": "The Dynatrace Cryptographic Module is a cryptographic library embedded in the Dynatrace OneAgent application software. The Dynatrace Cryptographic Module supplies the cryptographic functionality for encryption and decryption, digital signature functions, hashing, message authentication, key establishment, and random number generation in support of general data protection functionality and secure communications protocols, including TLS 1.2/1.3.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Dynatrace Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "1.1",
    "tested_conf": [
      "Red Hat Enterprise Linux 8.2 running on a Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4214R with PAA",
      "Red Hat Enterprise Linux 8.2 running on a Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4214R without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-03-17",
        "lab": "Leidos Accredited Testing \u0026 Evaluation (AT\u0026E) Lab",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Dynatrace LLC",
    "vendor_url": "http://www.dynatrace.com"
  }
}