This page was not yet optimized for use on mobile devices.
Forcepoint Next Generation Firewall
Certificate #4867
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-, AES-128, AES-256, HMACAsymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, DH, Diffie-HellmanHash functions
SHA-1, SHA-3, SHA3-256, PBKDF, PBKDF2Schemes
MAC, Key AgreementProtocols
SSH, TLS, TLS 1.2, TLSv1.2, IKEv1, IKEv2, IKE, IPsec, VPNRandomness
DRBG, RNGElliptic Curves
P-224, P-256, P-521, P-384Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCMTLS cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384Trusted Execution Environments
SSCSecurity level
Level 2, level 2, Level 1Side-channel analysis
physical probingStandards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS 140, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-38C, SP 800-108, SP 800-132, SP 800-90B, NIST SP 800-107, NIST SP 800-135, SP 800-140F, PKCS #1, RFC 5288, RFC 4106, RFC 7296, ISO/IEC 24759, ISO/IEC 19790:2012File metadata
| Creation date | D:20241028164750-05'00' |
|---|---|
| Modification date | D:20241028164750-05'00' |
| Pages | 79 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
12.11.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4867,
"dgst": "af93a06c80895edf",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA KeyVer (FIPS186-4)A2155",
"ECDSA SigVer (FIPS186-4)A2155",
"RSA SigVer (FIPS186-4)A2155",
"SHA3-256A2167",
"RSA KeyGen (FIPS186-4)A2155",
"Counter DRBGA2155",
"SHA2-256A2166",
"HMAC-SHA-1A2166",
"SHA2-512A2166",
"ECDSA KeyGen (FIPS186-4)A2155",
"AES-CFB128A2209",
"RSA SigGen (FIPS186-4)A2155",
"SHA2-384A2166",
"AES-CBCA2166",
"TLS v1.2 KDF RFC7627A2155",
"HMAC-SHA2-224A2166",
"KDF SP800-108A2209",
"PBKDFA2209",
"HMAC-SHA2-512A2166",
"HMAC-SHA2-256A2166",
"AES-KWPA2155",
"Safe Primes Key VerificationA2155",
"KAS-FFC-SSC Sp800-56Ar3A2155",
"SHA-1A2166",
"AES-ECBA2209",
"KAS-ECC-SSC Sp800-56Ar3A2155",
"KDF IKEv2A2155",
"KDF IKEv1A2155",
"Safe Primes Key GenerationA2155",
"ECDSA SigGen (FIPS186-4)A2155",
"HMAC-SHA2-384A2166",
"AES-GCMA2166",
"SHA2-224A2166"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"6.10.3.26158"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDH": {
"ECDH": 50
},
"ECDSA": {
"ECDSA": 85
}
},
"FF": {
"DH": {
"DH": 42,
"Diffie-Hellman": 10
}
},
"RSA": {
"RSA 2048": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 1
},
"CFB": {
"CFB": 2
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 7
},
"OFB": {
"OFB": 2
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 41,
"IKEv1": 11,
"IKEv2": 13
},
"IPsec": {
"IPsec": 40
},
"SSH": {
"SSH": 2
},
"TLS": {
"TLS": {
"TLS": 188,
"TLS 1.2": 15,
"TLSv1.2": 2
}
},
"VPN": {
"VPN": 103
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 3
},
"MAC": {
"MAC": 4
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 16,
"P-256": 6,
"P-384": 4,
"P-521": 10
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES-128": 2,
"AES-256": 5,
"HMAC SHA-1": 1,
"HMAC- SHA-1": 1,
"HMAC-SHA-1": 8,
"PKCS #1": 2,
"RSA 2048": 3,
"SHA-1": 12,
"SHA-3": 2,
"SHA2- 256": 1,
"SHA2- 512": 1,
"SHA2-224": 8,
"SHA2-256": 14,
"SHA2-384": 8,
"SHA2-512": 16,
"SHA3- 256": 1,
"SHA3-256": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3,
"level 2": 1
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 7,
"PBKDF2": 3
},
"SHA": {
"SHA1": {
"SHA-1": 12
},
"SHA3": {
"SHA-3": 2,
"SHA3-256": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 61
},
"RNG": {
"RNG": 6
}
},
"side_channel_analysis": {
"SCA": {
"physical probing": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-3": 17,
"FIPS 180-4": 2,
"FIPS 186-4": 23,
"FIPS 197": 3,
"FIPS 198-1": 2,
"FIPS 202": 1
},
"ISO": {
"ISO/IEC 19790:2012": 1,
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-107": 1,
"NIST SP 800-135": 1,
"SP 800-108": 1,
"SP 800-132": 6,
"SP 800-140F": 1,
"SP 800-38A": 3,
"SP 800-38C": 1,
"SP 800-38D": 3,
"SP 800-38F": 4,
"SP 800-90A": 4,
"SP 800-90B": 3
},
"PKCS": {
"PKCS #1": 1
},
"RFC": {
"RFC 4106": 1,
"RFC 5288": 1,
"RFC 7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 35,
"AES-": 1,
"AES-128": 2,
"AES-256": 5
}
},
"constructions": {
"MAC": {
"HMAC": 31
}
}
},
"tee_name": {
"IBM": {
"SSC": 28
}
},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 1,
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 2,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20241028164750-05\u002700\u0027",
"/ModDate": "D:20241028164750-05\u002700\u0027",
"pdf_file_size_bytes": 3395552,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14673",
"https://support.forcepoint.com/Login",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14662",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14716",
"http://www.forcepoint.com/",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14674",
"https://help.forcepoint.com/docs/ngfw/v610/install/ngfw_6100_ig_a_en-us.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 79
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "80b8d0550eb6620a79c7e59da51cf18fdc2eba0c98993a510799259c47500024",
"policy_txt_hash": "5a96428afee38e53bd6cebc2e319bd2cc4a09ba2686b7b4f364bcc04bac552af"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 11.1 of the Security Policy. The tamper evident seals ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy",
"certificate_pdf_url": null,
"date_sunset": "2029-11-05",
"description": "The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "6.10.3.26158",
"historical_reason": null,
"hw_versions": "[2201, 2205, 2210, 3401 and 3410] with Forcepoint NGFW FIPS Kit ACFIPS3",
"level": 2,
"mentioned_certs": {},
"module_name": "Forcepoint Next Generation Firewall",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-11-06",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
}
],
"vendor": "Forcepoint",
"vendor_url": "http://www.forcepoint.com"
}
}