This page was not yet optimized for use on mobile
devices.
FortiGate-6301F/6501F
Certificate #3654
Webpage information
Security policy
Symmetric Algorithms
AES-256, AES, AES-, DES, HMAC, HMAC-SHA-256Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, Diffie-Hellman, DHHash functions
SHA-1, SHA1, SHA-256, SHA-384, SHA-512, MD5Schemes
Key agreementProtocols
SSH, SSL, TLS 1.1, TLS, IKE, IKEv2, IPsec, VPNRandomness
DRBG, RBGElliptic Curves
P-256, P-384, P-521, secp256r1, secp384r1, secp521r1Block cipher modes
CBC, CTR, GCMSecurity level
Level 2Certification process
out of scope, of the validated firmware. Any firmware version that is not shown on the module certificate is out of scope of this validation and requires a separate FIPS 140-2 validation. Figure 1 is representative of theStandards
FIPS 140-2, FIPS140-2, NIST SP 800-90A, NIST SP 800-135, SP 800-52, SP 800-133, SP 800-90A, PKCS 1, RFC 5246, RFC 5288File metadata
| Title | FortiOS 5.6 FG-6000-Series FIPS 140-2 Level 2 Security Policy |
|---|---|
| Author | Fortinet Technical Documentation |
| Creation date | D:20200506160300-04'00' |
| Modification date | D:20200507104637-04'00' |
| Pages | 31 |
| Producer | madbuild |
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3654,
"dgst": "bda2e18e9c4f23df",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA#C531",
"CVL#C599",
"AES#C644",
"RSA#C531",
"SHS#C644",
"RSA#C644",
"DRBG#C613",
"CVL#C644",
"AES#C599",
"HMAC#C599",
"ECDSA#C599",
"SHS#C599",
"CVL#C531",
"HMAC#C644",
"SHS#C531",
"AES#C531",
"KTS#C644",
"HMAC#C531",
"ECDSA#C644"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"5.6"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 4
},
"ECDSA": {
"ECDSA": 11
}
},
"FF": {
"DH": {
"DH": 4,
"Diffie-Hellman": 20
}
},
"RSA": {
"RSA 2048": 2
}
},
"certification_process": {
"OutOfScope": {
"of the validated firmware. Any firmware version that is not shown on the module certificate is out of scope of this validation and requires a separate FIPS 140-2 validation. Figure 1 is representative of the": 1,
"out of scope": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 10
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 31,
"IKEv2": 2
},
"IPsec": {
"IPsec": 29
},
"SSH": {
"SSH": 16
},
"TLS": {
"SSL": {
"SSL": 3
},
"TLS": {
"TLS": 19,
"TLS 1.1": 3
}
},
"VPN": {
"VPN": 24
}
},
"crypto_scheme": {
"KA": {
"Key agreement": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 12,
"P-384": 8,
"P-521": 8,
"secp256r1": 1,
"secp384r1": 1,
"secp521r1": 1
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES (128": 9,
"AES 128": 2,
"AES 256": 2,
"AES-256": 1,
"DRBG 128": 1,
"HMAC SHA-1": 7,
"HMAC SHA-256": 10,
"HMAC SHA-384": 3,
"HMAC SHA-512": 3,
"HMAC-SHA-256": 2,
"PKCS 1": 1,
"RSA 2048": 2,
"RSA PKCS 1": 1,
"SHA-1": 13,
"SHA-256": 12,
"SHA-384": 5,
"SHA-512": 5,
"SHA1": 1,
"SHA2-256": 2,
"SHA2-384": 1,
"SHA2-512": 1
}
},
"fips_security_level": {
"Level": {
"Level 2": 6
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 3
}
},
"SHA": {
"SHA1": {
"SHA-1": 13,
"SHA1": 1
},
"SHA2": {
"SHA-256": 12,
"SHA-384": 5,
"SHA-512": 5
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 36
},
"RNG": {
"RBG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 50,
"FIPS140-2": 1
},
"NIST": {
"NIST SP 800-135": 1,
"NIST SP 800-90A": 1,
"SP 800-133": 1,
"SP 800-52": 1,
"SP 800-90A": 1
},
"PKCS": {
"PKCS 1": 1
},
"RFC": {
"RFC 5246": 1,
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 28,
"AES-": 1,
"AES-256": 1
}
},
"DES": {
"DES": {
"DES": 1
}
},
"constructions": {
"MAC": {
"HMAC": 25,
"HMAC-SHA-256": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Fortinet Technical Documentation",
"/CreationDate": "D:20200506160300-04\u002700\u0027",
"/Keywords": "",
"/ModDate": "D:20200507104637-04\u002700\u0027",
"/Producer": "madbuild",
"/Subject": "",
"/Title": "FortiOS 5.6 FG-6000-Series FIPS 140-2 Level 2 Security Policy",
"pdf_file_size_bytes": 1179090,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://docs.fortinet.com/",
"http://forticast.fortinet.com/",
"http://www.fortinet.com/products",
"https://video.fortinet.com/",
"https://fortiguard.com/",
"https://docs.fortinet.com/",
"https://www.fortinet.com/doc/legal/EULA.pdf",
"http://csrc.nist.gov/groups/STM/cmvp/index.html",
"mailto:[email protected]",
"https://blog.fortinet.com/",
"http://www.fortinet.com/support",
"https://support.fortinet.com/",
"https://training.fortinet.com/",
"https://www.fortinet.com/corporate/about-us/privacy.html",
"http://www.fortinet.com/contact",
"http://kb.fortinet.com/",
"http://fortiguard.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 31
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "a0776dc0cf7362d881b5a3d47585fd7605b5f04f9e9e8b3932ffc7f1ed5f8877",
"policy_txt_hash": "5e2b8d507f9d3960ec1bfa7aa47ba58b09e77a0175c582c402ea5e26c8c27f8a"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals and entropy token installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2020_010620_1115.pdf",
"date_sunset": null,
"description": "The FortiGate-6301F and FortiGate-6501F are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Roles, Services, and Authentication: Level 3",
"Design Assurance: Level 3"
],
"fw_versions": "FortiOS 5.6, build4265,190820",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "C1AG85, C1AG83 with Tamper Evident Seal Kits: FIPS-SEAL-RED",
"level": 2,
"mentioned_certs": {},
"module_name": "FortiGate-6301F/6501F",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2020-05-19",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
}
],
"vendor": "Fortinet, Inc.",
"vendor_url": "http://www.fortinet.com"
}
}