This page was not yet optimized for use on mobile devices.
NITROXIII CNN35XX-NFBE HSM Family
Certificate #4700
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES192, AES-, AES-256, CAST, DES, TDES, Triple-DES, HMAC, CMACAsymmetric Algorithms
RSA 1024, ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA1, SHA256, SHA-256, SHA-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA3, MD5, PBKDFSchemes
MAC, Key agreement, Key AgreementProtocols
SSH, SSL, TLS, TLS v1.2, TLS 1.2, TLSv1.0Randomness
DRBG, RBGLibraries
OpenSSLElliptic Curves
P-521, P-224, P-256, P-384, P-192, K-233, K-283, K-409, K-571, B-233, B-409, B-571, B-283, B-163, brainpoolP224r1, brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1, brainpoolP160r1, FRP256v1, Curve25519Block cipher modes
ECB, CBC, CTR, GCMTLS cipher suites
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384Trusted Execution Environments
PSP, SSCSecurity level
Level 3, Level 1Side-channel analysis
physical tamperingCertification process
out of scope, HSM. The LiquidSecurity Appliance is outside the module’s cryptographic boundary and therefore out of scope of this validation. CNN35XX-NFBE-G Firmware: CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-G SecureStandards
FIPS 140-3, FIPS 186-4, FIPS 202, FIPS 180-4, FIPS 198-1, FIPS PUB 186-4, FIPS PUB 140-3, SP 800-38B, SP 800-108, SP 800-38D, SP 800-38F, SP 800-56B, SP 800-90B, SP 800-90A, SP 800-132, SP 800-52, SP 800-38A, SP 800-38C, SP 800-38G, PKCS 1, PKCS #1, PKCS#1, RFC 5288, ISO/IEC 24759File metadata
| Creation date | D:20240509203024-04'00' |
|---|---|
| Modification date | D:20240509203024-04'00' |
| Pages | 120 |
References
Outgoing- 1311 - historical - NSA 3500
Heuristics ?
No heuristics are available for this certificate.
References ?
Updates ?
-
04.07.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4700,
"dgst": "b3fa8714038b8943",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA2-256C839",
"KAS-ECC-SSC Sp800-56Ar3A2161",
"KDA OneStep Sp800-56Cr1A1192",
"SHA2-224SHS 1780",
"ECDSA SigGen (FIPS186-4)C829",
"SHAKE-256A1197",
"KAS-ECC Sp800-56Ar3A1219",
"KDF ANS 9.63C825",
"RSA SigGen (FIPS186-2)C824",
"SHA-1SHS 1780",
"AES-ECBC839",
"PBKDFA1196",
"HMAC-SHA-1C839",
"HMAC-SHA2-384C839",
"AES-GMACC839",
"AES-KWPC1263",
"KAS-IFC-SSCA1193",
"ECDSA SigVer (FIPS186-4)C829",
"AES-CMACC839",
"AES-KWC1263",
"DSA KeyGen (FIPS186-4)C823",
"SHA3-256A1197",
"SHAKE-128A1197",
"HMAC-SHA2-512C839",
"DSA PQGGen (FIPS186-4)C823",
"RSA SigGen (FIPS186-4)A1199",
"HMAC-SHA2-224C839",
"DSA PQGVer (FIPS186-4)C823",
"DSA SigVer (FIPS186-4)C823",
"ECDSA KeyVer (FIPS186-4)C825",
"RSA SigVer (FIPS186-4)C824",
"SHA2-256SHS 1780",
"TDES-ECBTDES 1311",
"TDES-CBCTDES 1311",
"KDA HKDF Sp800-56Cr1A1192",
"Hash DRBGC830",
"KDA TwoStep Sp800-56Cr1A1192",
"KDF SP800-108C839",
"KDF TLSC840",
"SHA2-512SHS 1780",
"KTS-IFCA1194",
"Counter DRBGC821",
"RSA KeyGen (FIPS186-4)C824",
"RSA Decryption PrimitiveC839",
"TDES-KWC1263",
"ECDSA KeyGen (FIPS186-4)C825",
"KAS-ECC CDH-ComponentC829",
"SHA3-224A1197",
"AES-CCMC839",
"RSA Signature PrimitiveC839",
"SHA3-512A1197",
"AES-CTRC839",
"AES-CBCC839",
"AES-GCMC839",
"DSA SigGen (FIPS186-4)C823",
"SHA2-384SHS 1780"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"2.09",
"2.0",
"1.0",
"4.03",
"3.0"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": {
"_type": "Set",
"elements": [
"1311"
]
},
"indirectly_referenced_by": null,
"indirectly_referencing": {
"_type": "Set",
"elements": [
"1311"
]
}
},
"policy_prunned_references": {
"_type": "Set",
"elements": [
"1311"
]
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 15
},
"ECDH": {
"ECDH": 22
},
"ECDSA": {
"ECDSA": 79
}
},
"FF": {
"DH": {
"DH": 6,
"Diffie-Hellman": 1
},
"DSA": {
"DSA": 45
}
},
"RSA": {
"RSA 1024": 3
}
},
"certification_process": {
"OutOfScope": {
"HSM. The LiquidSecurity Appliance is outside the module\u2019s cryptographic boundary and therefore out of scope of this validation. CNN35XX-NFBE-G Firmware: CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-G Secure": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 7
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 10
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 16
}
},
"crypto_protocol": {
"SSH": {
"SSH": 1
},
"TLS": {
"SSL": {
"SSL": 4
},
"TLS": {
"TLS": 43,
"TLS 1.2": 3,
"TLS v1.2": 1,
"TLSv1.0": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 1,
"Key agreement": 7
},
"MAC": {
"MAC": 30
}
},
"device_model": {},
"ecc_curve": {
"ANSSI": {
"FRP256v1": 3
},
"Brainpool": {
"brainpoolP160r1": 1,
"brainpoolP224r1": 2,
"brainpoolP256r1": 2,
"brainpoolP320r1": 2,
"brainpoolP384r1": 2,
"brainpoolP512r1": 2
},
"Curve": {
"Curve25519": 1
},
"NIST": {
"B-163": 1,
"B-233": 8,
"B-283": 5,
"B-409": 4,
"B-571": 8,
"K-233": 8,
"K-283": 8,
"K-409": 8,
"K-571": 7,
"P-192": 6,
"P-224": 41,
"P-256": 46,
"P-384": 32,
"P-521": 40
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 2,
"#1311": 10,
"#1780": 22,
"#2": 2
}
},
"fips_certlike": {
"Certlike": {
"# C839": 1,
"# SHS": 11,
"AES 128, 192": 1,
"AES 256": 2,
"AES-256": 2,
"AES-CBC Encrypt/Decrypt; 128": 1,
"AES-CTR Encrypt/Decrypt 128": 1,
"AES-GCM Encrypt/Decrypt; 128": 2,
"AES192": 1,
"DES (192": 1,
"HMAC-SHA-1": 32,
"PKCS #1": 4,
"PKCS 1": 5,
"PKCS#1": 4,
"RSA 1024": 3,
"RSA PKCS 1": 1,
"SHA- 1": 1,
"SHA- 1, 224": 1,
"SHA-1": 35,
"SHA-1, 224": 3,
"SHA-256": 2,
"SHA-512": 2,
"SHA1": 1,
"SHA2- 224": 5,
"SHA2- 256": 6,
"SHA2- 384": 9,
"SHA2- 512": 10,
"SHA2-224": 52,
"SHA2-256": 61,
"SHA2-384": 49,
"SHA2-512": 53,
"SHA256": 1,
"SHA3": 1,
"SHA3-224": 3,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4,
"SHS #1780": 22,
"SHS 1780": 16,
"SHS#1780": 2
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 3": 7
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"PBKDF": {
"PBKDF": 12
},
"SHA": {
"SHA1": {
"SHA-1": 39,
"SHA1": 1
},
"SHA2": {
"SHA-256": 2,
"SHA-512": 2,
"SHA256": 1
},
"SHA3": {
"SHA3": 1,
"SHA3-224": 3,
"SHA3-256": 3,
"SHA3-384": 3,
"SHA3-512": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 123
},
"RNG": {
"RBG": 7
}
},
"side_channel_analysis": {
"FI": {
"physical tampering": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 7,
"FIPS 180-4": 112,
"FIPS 186-4": 158,
"FIPS 198-1": 55,
"FIPS 202": 13,
"FIPS PUB 140-3": 2,
"FIPS PUB 186-4": 1
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-108": 27,
"SP 800-132": 8,
"SP 800-38A": 31,
"SP 800-38B": 8,
"SP 800-38C": 4,
"SP 800-38D": 29,
"SP 800-38F": 28,
"SP 800-38G": 1,
"SP 800-52": 1,
"SP 800-56B": 1,
"SP 800-90A": 1,
"SP 800-90B": 4
},
"PKCS": {
"PKCS #1": 2,
"PKCS 1": 3,
"PKCS#1": 2
},
"RFC": {
"RFC 5288": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 64,
"AES-": 34,
"AES-256": 2,
"AES192": 1
},
"CAST": {
"CAST": 3
}
},
"DES": {
"3DES": {
"TDES": 8,
"Triple-DES": 30
},
"DES": {
"DES": 22
}
},
"constructions": {
"MAC": {
"CMAC": 13,
"HMAC": 29
}
}
},
"tee_name": {
"AMD": {
"PSP": 2
},
"IBM": {
"SSC": 14
}
},
"tls_cipher_suite": {
"TLS": {
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 2,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 2,
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384": 1,
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256": 1,
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256": 1,
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384": 1,
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384": 1
}
},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20240509203024-04\u002700\u0027",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ActionId": "2dea9a8f-9588-405c-8d92-d3aa0684778b",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ContentBits": "0",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Enabled": "true",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Method": "Standard",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Name": "Unrestricted",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SetDate": "2022-05-17T21:12:12Z",
"/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SiteId": "b64da4ac-e800-4cfc-8931-e607f720a1b8",
"/ModDate": "D:20240509203024-04\u002700\u0027",
"pdf_file_size_bytes": 1397196,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 120
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "ac150683387e12ffe16e6f78add356f218e16af0563cf50dfc21cd0f54624908",
"policy_txt_hash": "038297154e7120ba8cf11a5a2db9e16e81bf42cbb1a43477fe84130f3c9ab43f"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2024_030624_0800.pdf",
"date_sunset": "2029-05-29",
"description": "The NITROXIII CNN35XX-NFBE HSM Family module by Marvell (formerly Cavium Inc.) is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload. The module\u2019s functions are accessed over the PCIe interface via an API defined by the module.",
"embodiment": "Multi-Chip Embedded",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "CNN35XX-NFBE-FW-2.09-0702, CNN35XX-NFBE-SMW-2.09-0702, CNN35XX-UBOOT-4.03-03",
"historical_reason": null,
"hw_versions": "HW-1.0 (CNL3510-NFBE-G; CNL3510P-NFBE-G; CNL3530-NFBE-G; CNL3560-NFBE-G; CNL3560P-NFBE-G; CNN3510-NFBE-G; CNN3530-NFBE-G; CNN3560-NFBE-G; CNN3560P-NFBE-G); HW-2.0 (CNL3510-NFBE-2.0-G; CNL3510B-NFBE-2.0-G; CNL3510P-NFBE-2.0-G; CNL3510PB-NFBE-2.0-G; CNL3530-NFBE-2.0-G; CNL3530B-NFBE-2.0-G; CNL3560-NFBE-2.0-G; CNL3560B-NFBE-2.0-G; CNL3560P-NFBE-2.0-G; CNL3560PB-NFBE-2.0-G; CNN3505LP-NFBE-2.0-G; CNN3510-NFBE-2.0-G; CNN3510LP-NFBE-2.0-G; CNN3510LPB-NFBE-2.0-G; CNN3530-NFBE-2.0-G; CNN3560-NFBE-2.0-G; CNN3560P-NFBE-2.0-G); HW-3.0 (CNL3510-NFBE-3.0-G; CNL3510A-NFBE-3.0-G; CNL3510C-NFBE-3.0-G; CNL3510D-NFBE-3.0-G; CNL3510E-NFBE-3.0-G; CNL3510F-NFBE-3.0-G; CNL3510I-NFBE-3.0-G; CNL3510P-NFBE-3.0-G; CNL3530-NFBE-3.0-G; CNL3530A-NFBE-3.0-G; CNL3530B-NFBE-3.0-G; CNL3530C-NFBE-3.0-G; CNL3530D-NFBE-3.0-G; CNL3530E-NFBE-3.0-G; CNL3530F-NFBE-3.0-G; CNL3560-NFBE-3.0-G; CNL3560A-NFBE-3.0-G; CNL3560B-NFBE-3.0-G; CNL3560B-NFBE-3.0-G-FB; CNL3560C-NFBE-3.0-G; CNL3560D-NFBE-3.0-G; CNL3560E-NFBE-3.0-G; CNL3560F-NFBE-3.0-G; CNL3560P-NFBE-3.0-G; CNN3505LP-NFBE-3.0-G; CNN3505LPA-NFBE-3.0-G; CNN3505LPC-NFBE-3.0-G; CNN3505LPD-NFBE-3.0-G; CNN3505LPE-NFBE-3.0-G; CNN3505LPF-NFBE-3.0-G; CNN3510-NFBE-3.0-G; CNN3510A-NFBE-3.0-G; CNN3510C-NFBE-3.0-G; CNN3510D-NFBE-3.0-G; CNN3510E-NFBE-3.0-G; CNN3510F-NFBE-3.0-G; CNN3510LP-NFBE-3.0-G; CNN3510LPA-NFBE-3.0-G; CNN3510LPB-NFBE-3.0-G; CNN3510LPC-NFBE-3.0-G; CNN3510LPD-NFBE-3.0-G; CNN3510LPE-NFBE-3.0-G; CNN3510LPF-NFBE-3.0-G; CNN3530-NFBE-3.0-G; CNN3530A-NFBE-3.0-G; CNN3530C-NFBE-3.0-G; CNN3530D-NFBE-3.0-G; CNN3530E-NFBE-3.0-G; CNN3530F-NFBE-3.0-G; CNN3560-NFBE-3.0-G; CNN3560A-NFBE-3.0-G; CNN3560C-NFBE-3.0-G; CNN3560D-NFBE-3.0-G; CNN3560E-NFBE-3.0-G; CNN3560F-NFBE-3.0-G; CNN3560P-NFBE-3.0-G)",
"level": 3,
"mentioned_certs": {},
"module_name": "NITROXIII CNN35XX-NFBE HSM Family",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-05-30",
"lab": "LEIDOS CSTL",
"validation_type": "Initial"
}
],
"vendor": "Marvell Semiconductor, Inc.",
"vendor_url": "http://www.marvell.com"
}
}