Trellix FIPS Provider

Certificate #4492

Webpage information ?

Status active
Validation dates 27.04.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat No assurance of the minimum strength of generated keys.
Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
Description The Trellix FIPS Provider is a software library providing a C-language application program interface (API) for use by applications using OpenSSL that require cryptographic functionality.
Tested configurations
  • Custom Ubuntu Linux 18.04 running on Akamai X8 system with Intel Xeon D1541 with PAA
  • Debian 10 running on Fujitsu CX400 Blade with Intel Xeon Silver 4116 with PAA
  • FreeBSD stable/13 running on NetApp HCI H700E with Intel Xeon E5-2695v4 with PAA
  • macOS 11.5.2 running on Apple i5 Mac Mini with Intel i7 with PAA
  • macOS 11.5.2 running on Apple i5 Mac Mini with Intel i7 without PAA
  • macOS 11.5.2 running on Apple M1 Mac Mini with M1 with PAA
  • macOS 11.5.2 running on Apple M1 Mac Mini with M1 without PAA
  • Oracle Solaris 11.4 running on Oracle SPARC T8-1 with Oracle SPARC M8-1 with PAA
  • PhotonOS 4.0 on ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Gold 6230R with PAA
  • Ubuntu Linux 20.04.1 Server running on Dell Inspiron 7573 with Intel i7 with PAA
  • Windows 10 running on Dell Inspiron 7591 with Intel i7 with PAA
  • Windows Server 2019 on ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Gold 6230R with PAA (single-user mode)
Vendor Trellix
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES128, AES192, AES256, AES-128, AES-192, AES-256, Triple-DES, TDES, TDEA, HMAC, HMAC-SHA-256, KMAC, CMAC
Asymmetric Algorithms
RSA-OAEP, ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-224, SHA-256, SHA-2, SHA-3, SHA-3-224, SHA3-224, SHA-3-256, Keccak, PBKDF2, PBKDF
Schemes
Key Agreement
Protocols
TLS 1.2, TLS 1.3, TLS v1.3, TLS, TLS v1.2
Randomness
DRBG
Libraries
OpenSSL
Elliptic Curves
P-224, P-192, P-256, K-233, B-233, K-163, B-163, Ed25519, Ed448
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTS

JavaCard API constants
X25519, X448
Vendor
Microsoft, Microsoft Corporation

Security level
Level 1
Side-channel analysis
side-channel, timing attacks

Standards
FIPS 140-2, FIPS 140, FIPS 197, FIPS 186-4, FIPS 202, FIPS 180-4, FIPS 198-1, SP 800-135, SP 800-38A, SP 800-38B, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-38E, SP 800-132, SP 800-108, SP 800-185, SP 800-90A, SP 800-90, NIST SP 800-133, NIST SP 800-38D, PKCS 1, PKCS#1, RFC 8446, RFC 5288, RFC 5246

File metadata

Author Ryan Thomas
Creation date D:20230405100806-07'00'
Modification date D:20230405100806-07'00'
Pages 38
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 18.05.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4492,
  "dgst": "cb850da6bf12d5c4",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "SHA-3#A1938",
        "KTS#A1938",
        "ECDSA#A1938",
        "PBKDF#A1938",
        "CVL#A1938",
        "DSA#A1938",
        "KMAC#A1938",
        "KBKDF#A1938",
        "DRBG#A1938",
        "KTS-RSA#A1938",
        "SHS#A1938",
        "KAS-RSA-SSC#A1938",
        "AES#A1938",
        "Triple-DES#A1938",
        "KAS-SSC#A1938",
        "KDA#A1938",
        "HMAC#A1938",
        "RSA#A1938"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 17
          },
          "EdDSA": {
            "EdDSA": 1
          }
        },
        "FF": {
          "DH": {
            "DH": 16,
            "Diffie-Hellman": 3
          },
          "DSA": {
            "DSA": 17
          }
        },
        "RSA": {
          "RSA-OAEP": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 4
        },
        "CCM": {
          "CCM": 3
        },
        "CFB": {
          "CFB": 3
        },
        "CTR": {
          "CTR": 3
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 9
        },
        "OFB": {
          "OFB": 1
        },
        "XTS": {
          "XTS": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 7
        }
      },
      "crypto_protocol": {
        "TLS": {
          "TLS": {
            "TLS": 4,
            "TLS 1.2": 3,
            "TLS 1.3": 3,
            "TLS v1.2": 1,
            "TLS v1.3": 3
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 6
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Edwards": {
          "Ed25519": 2,
          "Ed448": 2
        },
        "NIST": {
          "B-163": 2,
          "B-233": 4,
          "K-163": 2,
          "K-233": 5,
          "P-192": 4,
          "P-224": 12,
          "P-256": 2
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "# A1938": 1,
          "AES 128/192/256": 1,
          "AES-128": 1,
          "AES-192": 1,
          "AES-256": 1,
          "AES128": 1,
          "AES192": 1,
          "AES256": 1,
          "HMAC-SHA-1": 4,
          "HMAC-SHA-256": 8,
          "PKCS 1": 4,
          "PKCS#1": 4,
          "SHA-1": 14,
          "SHA-1, 224": 1,
          "SHA-1, 256": 1,
          "SHA-2": 2,
          "SHA-224": 5,
          "SHA-256": 3,
          "SHA-3": 6,
          "SHA-3-224": 1,
          "SHA-3-256": 1,
          "SHA2-224": 9,
          "SHA2-256": 2,
          "SHA2-512": 1,
          "SHA3-224": 5
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 4
        }
      },
      "hash_function": {
        "Keccak": {
          "Keccak": 1
        },
        "PBKDF": {
          "PBKDF": 1,
          "PBKDF2": 4
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA-2": 4,
            "SHA-224": 5,
            "SHA-256": 3
          },
          "SHA3": {
            "SHA-3": 6,
            "SHA-3-224": 1,
            "SHA-3-256": 1,
            "SHA3-224": 5
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "X25519": 10,
          "X448": 10
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 16
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "side-channel": 1,
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140": 1,
          "FIPS 140-2": 20,
          "FIPS 180-4": 2,
          "FIPS 186-4": 6,
          "FIPS 197": 2,
          "FIPS 198-1": 2,
          "FIPS 202": 2
        },
        "NIST": {
          "NIST SP 800-133": 1,
          "NIST SP 800-38D": 2,
          "SP 800-108": 2,
          "SP 800-132": 3,
          "SP 800-135": 4,
          "SP 800-185": 1,
          "SP 800-38A": 2,
          "SP 800-38B": 2,
          "SP 800-38C": 2,
          "SP 800-38D": 2,
          "SP 800-38E": 1,
          "SP 800-38F": 2,
          "SP 800-90": 2,
          "SP 800-90A": 1
        },
        "PKCS": {
          "PKCS 1": 2,
          "PKCS#1": 2
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 2,
          "RFC 8446": 4
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 30,
            "AES-128": 1,
            "AES-192": 1,
            "AES-256": 1,
            "AES128": 1,
            "AES192": 1,
            "AES256": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 5,
            "Triple-DES": 7
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 12,
            "HMAC": 11,
            "HMAC-SHA-256": 4,
            "KMAC": 5
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 1,
          "Microsoft Corporation": 1
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Ryan Thomas",
      "/CreationDate": "D:20230405100806-07\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230405100806-07\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 711943,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf",
          "https://datatracker.ietf.org/doc/html/rfc5288",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
          "https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198-1_final.pdf",
          "https://www.rfc-editor.org/info/rfc3447",
          "https://www.openssl.org/docs/manmaster/man1/openssl-fipsinstall.html",
          "https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf",
          "https://datatracker.ietf.org/doc/html/rfc8446",
          "https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-38b.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
          "https://www.openssl.org/source/openssl-3.0.0.tar.gz",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 38
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "eb97551fb7587bc219345a232ed67ec08324ce1a4b74afdc34d17a1cf87a73c8",
    "policy_txt_hash": "2b6d236966619f28272a1fe4023310df3613370262bf7236f074874a9c0766aa"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated keys.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/April 2023_010523_0646.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Trellix FIPS Provider is a software library providing a C-language application program interface (API) for use by applications using OpenSSL that require cryptographic functionality.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Design Assurance: Level 3"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Trellix FIPS Provider",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "3.0.0a",
    "tested_conf": [
      "Custom Ubuntu Linux 18.04 running on Akamai X8 system with Intel Xeon D1541 with PAA",
      "Debian 10 running on Fujitsu CX400 Blade with Intel Xeon Silver 4116 with PAA",
      "FreeBSD stable/13 running on NetApp HCI H700E with Intel Xeon E5-2695v4 with PAA",
      "macOS 11.5.2 running on Apple i5 Mac Mini with Intel i7 with PAA",
      "macOS 11.5.2 running on Apple i5 Mac Mini with Intel i7 without PAA",
      "macOS 11.5.2 running on Apple M1 Mac Mini with M1 with PAA",
      "macOS 11.5.2 running on Apple M1 Mac Mini with M1 without PAA",
      "Oracle Solaris 11.4 running on Oracle SPARC T8-1 with Oracle SPARC M8-1 with PAA",
      "PhotonOS 4.0 on ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Gold 6230R with PAA",
      "Ubuntu Linux 20.04.1 Server running on Dell Inspiron 7573 with Intel i7 with PAA",
      "Windows 10 running on Dell Inspiron 7591 with Intel i7 with PAA",
      "Windows Server 2019 on ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Gold 6230R with PAA (single-user mode)"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-04-27",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Trellix",
    "vendor_url": "http://www.trellix.com"
  }
}