| cert_id |
4565 |
3646 |
| dgst |
0969af623440c92e |
283f3aceea5cb2cb |
| heuristics/algorithms |
CVL#C803, HMAC#A3741, RSA#A3741, KTS#A3741, KTS#A3742, ECDSA#C803, ECDSA#A3741, SHS#A3741, DRBG#A3741, RSA#C803, CVL#A3741, DSA#C803, DRBG#C803, HMAC#C803, SHS#C803, AES#C804, AES#A3742, KTS#C803, Triple-DES#C803, AES#C803, AES#A3741, KTS#C804, Triple-DES#A3741, DSA#A3741 |
CVL#C803, RSA#C803, ECDSA#C803, AES#C804, KTS#C803, DSA#C803, Triple-DES#C803, DRBG#C803, AES#C803, HMAC#C803, KTS#C804, SHS#C803 |
| heuristics/cpe_matches |
cpe:2.3:o:amazon:linux_2:-:*:*:*:*:*:*:* |
cpe:2.3:o:amazon:linux_2:-:*:*:*:*:*:*:* |
| heuristics/direct_transitive_cves |
{} |
{} |
| heuristics/extracted_versions |
2 |
2 |
| heuristics/indirect_transitive_cves |
{} |
{} |
| heuristics/module_processed_references/directly_referenced_by |
4593 |
3652, 3709 |
| heuristics/module_processed_references/directly_referencing |
{} |
{} |
| heuristics/module_processed_references/indirectly_referenced_by |
4593 |
3652, 3709 |
| heuristics/module_processed_references/indirectly_referencing |
{} |
{} |
| heuristics/module_prunned_references |
{} |
{} |
| heuristics/policy_processed_references/directly_referenced_by |
4593 |
3652, 3709 |
| heuristics/policy_processed_references/directly_referencing |
{} |
{} |
| heuristics/policy_processed_references/indirectly_referenced_by |
4593 |
3566, 2606, 2958, 3652, 3709, 2605 |
| heuristics/policy_processed_references/indirectly_referencing |
{} |
{} |
| heuristics/policy_prunned_references |
{} |
{} |
| heuristics/related_cves |
{} |
{} |
| heuristics/verified_cpe_matches |
{} |
{} |
| pdf_data/keywords/fips_cert_id |
- Cert:
- #11: 1
- #12: 1
- #5: 1
- #7: 1
|
- Cert:
- #11: 1
- #12: 1
- #5: 1
- #7: 1
|
| pdf_data/keywords/fips_security_level |
|
|
| pdf_data/keywords/fips_certlike |
- Certlike:
- AES-256: 1
- Cert# AES: 1
- HMAC-SHA-1: 2
- HMAC-SHA-224: 2
- HMAC-SHA-256: 2
- HMAC-SHA-384: 2
- HMAC-SHA-512: 2
- PKCS #11: 2
- PKCS #12: 2
- PKCS #5: 2
- PKCS #7: 2
- PKCS#1: 2
- PKCS#11: 4
- SHA- 256: 1
- SHA-1: 9
- SHA-224: 12
- SHA-256: 23
- SHA-384: 15
- SHA-512: 11
- SHA-512 1024: 1
- SHA-512 112: 1
- SHA-512 2048 and 3072: 1
- SHA-512 4096: 1
|
- Certlike:
- AES-256: 1
- Cert# AES: 1
- HMAC-SHA-1: 2
- HMAC-SHA-224: 2
- HMAC-SHA-256: 2
- HMAC-SHA-384: 2
- HMAC-SHA-512: 2
- PKCS #11: 2
- PKCS #12: 2
- PKCS #5: 2
- PKCS #7: 2
- PKCS#1: 2
- PKCS#11: 4
- SHA- 256: 1
- SHA-1: 9
- SHA-224: 12
- SHA-256: 23
- SHA-384: 15
- SHA-512: 11
- SHA-512 1024: 1
- SHA-512 112: 1
- SHA-512 2048 and 3072: 1
- SHA-512 4096: 1
|
| pdf_data/keywords/vendor |
|
|
| pdf_data/keywords/eval_facility |
|
|
| pdf_data/keywords/symmetric_crypto |
- AES_competition:
- DES:
- constructions:
- MAC:
- HMAC: 29
- HMAC-SHA-224: 1
- HMAC-SHA-256: 1
- HMAC-SHA-384: 1
- HMAC-SHA-512: 1
- miscellaneous:
|
- AES_competition:
- DES:
- constructions:
- MAC:
- HMAC: 30
- HMAC-SHA-224: 1
- HMAC-SHA-256: 1
- HMAC-SHA-384: 1
- HMAC-SHA-512: 1
- miscellaneous:
|
| pdf_data/keywords/asymmetric_crypto |
- ECC:
- FF:
- DH:
- DH: 2
- DHE: 1
- Diffie-Hellman: 6
- DSA:
|
- ECC:
- FF:
- DH:
- DH: 1
- DHE: 1
- Diffie-Hellman: 19
- DSA:
|
| pdf_data/keywords/pq_crypto |
|
|
| pdf_data/keywords/hash_function |
- MD:
- SHA:
- SHA1:
- SHA2:
- SHA-224: 12
- SHA-256: 23
- SHA-384: 15
- SHA-512: 15
|
- MD:
- SHA:
- SHA1:
- SHA2:
- SHA-224: 12
- SHA-256: 23
- SHA-384: 15
- SHA-512: 15
|
| pdf_data/keywords/crypto_scheme |
|
|
| pdf_data/keywords/crypto_protocol |
|
|
| pdf_data/keywords/randomness |
|
|
| pdf_data/keywords/cipher_mode |
|
|
| pdf_data/keywords/ecc_curve |
- NIST:
- P-256: 12
- P-384: 10
- P-521: 10
|
- NIST:
- P-256: 16
- P-384: 14
- P-521: 14
|
| pdf_data/keywords/crypto_engine |
|
|
| pdf_data/keywords/tls_cipher_suite |
|
|
| pdf_data/keywords/crypto_library |
|
|
| pdf_data/keywords/vulnerability |
|
|
| pdf_data/keywords/side_channel_analysis |
- SCA:
- Timing Attacks: 4
- Timing attack: 1
- timing attacks: 1
|
- SCA:
- Timing Attacks: 4
- Timing attack: 1
- timing attacks: 1
|
| pdf_data/keywords/device_model |
|
|
| pdf_data/keywords/tee_name |
|
|
| pdf_data/keywords/os_name |
|
|
| pdf_data/keywords/cplc_data |
|
|
| pdf_data/keywords/ic_data_group |
|
|
| pdf_data/keywords/standard_id |
- FIPS:
- FIPS 140: 2
- FIPS 140-2: 60
- FIPS 186-4: 5
- FIPS PUB 140-2: 1
- FIPS140-2: 1
- FIPS180-4: 2
- FIPS186-2: 1
- FIPS186-4: 4
- FIPS197: 3
- FIPS198-1: 2
- NIST:
- NIST SP 800-90A: 1
- SP 800-90A: 1
- PKCS:
- PKCS #11: 1
- PKCS #12: 1
- PKCS #5: 1
- PKCS #7: 1
- PKCS#1: 1
- PKCS#11: 2
- RFC:
- RFC3711: 1
- RFC4347: 1
- RFC4357: 1
- RFC5246: 1
- RFC5288: 1
- RFC5764: 1
- X509:
|
- FIPS:
- FIPS 140: 2
- FIPS 140-2: 59
- FIPS 186-4: 7
- FIPS PUB 140-2: 1
- FIPS140-2: 1
- FIPS180-4: 2
- FIPS186-2: 1
- FIPS186-4: 5
- FIPS197: 3
- FIPS198-1: 2
- NIST:
- NIST SP 800-135: 1
- NIST SP 800-90A: 1
- PKCS:
- PKCS #11: 1
- PKCS #12: 1
- PKCS #5: 1
- PKCS #7: 1
- PKCS#1: 1
- PKCS#11: 2
- RFC:
- RFC3711: 1
- RFC4347: 1
- RFC4357: 1
- RFC5246: 1
- RFC5288: 1
- RFC5764: 1
- X509:
|
| pdf_data/keywords/javacard_version |
|
|
| pdf_data/keywords/javacard_api_const |
|
|
| pdf_data/keywords/javacard_packages |
|
|
| pdf_data/keywords/certification_process |
|
|
| pdf_data/policy_metadata |
- /Author: Marcos Portnoi
- /CreationDate: D:20240305220547+00'00'
- /Creator: Microsoft Word
- /ModDate: D:20240305220547+00'00'
- /Title: FIPS 140-2 Non-Proprietary Security Policy
- pdf_file_size_bytes: 779963
- pdf_hyperlinks: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf, https://tools.ietf.org/html/rfc4357, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16284, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf, https://tools.ietf.org/html/rfc5246, http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, http://www.cryptography.com/timingattack/, http://www.daemonology.net/papers/htt.pdf, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11157, https://tools.ietf.org/html/rfc3711, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16285, https://tools.ietf.org/rfc/rfc8017.txt, https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf, https://tools.ietf.org/html/rfc5288, https://tools.ietf.org/html/rfc5764, https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips140-2/FIPS1402IG.pdf, http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf, http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf, https://tools.ietf.org/html/rfc4347, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11158, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, https://www.oasis-open.org/standards#pkcs11-base-v2.40, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
- pdf_is_encrypted: False
- pdf_number_of_pages: 44
|
- /Author: Marcos Portnoi
- /CreationDate: D:20200330174354-05'00'
- /Creator: Microsoft® Word for Office 365
- /ModDate: D:20200330174354-05'00'
- /Producer: Microsoft® Word for Office 365
- /Title: FIPS 140-2 Non-Proprietary Security Policy
- pdf_file_size_bytes: 837606
- pdf_hyperlinks: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf, https://tools.ietf.org/html/rfc4357, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf, https://tools.ietf.org/html/rfc5246, http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, http://www.cryptography.com/timingattack/, http://www.daemonology.net/papers/htt.pdf, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11157, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf, https://tools.ietf.org/html/rfc3711, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-67r2.pdf, https://tools.ietf.org/rfc/rfc8017.txt, https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf, https://tools.ietf.org/html/rfc5288, https://tools.ietf.org/html/rfc5764, https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips140-2/FIPS1402IG.pdf, http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf, http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf, https://tools.ietf.org/html/rfc4347, http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11158, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, https://www.oasis-open.org/standards#pkcs11-base-v2.40, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
- pdf_is_encrypted: False
- pdf_number_of_pages: 43
|
| state/module_download_ok |
True |
True |
| state/module_extract_ok |
True |
True |
| state/policy_convert_garbage |
False |
False |
| state/policy_convert_ok |
True |
True |
| state/policy_download_ok |
True |
True |
| state/policy_extract_ok |
True |
True |
| state/policy_pdf_hash |
Different |
Different |
| state/policy_txt_hash |
Different |
Different |
| web_data/caveat |
When operated in FIPS mode. When installed, initialized and configured as specified in Section 10.2 of the Security Policy. |
When operated in FIPS mode. When installed, initialized and configured as specified in Section 10.2 of the Security Policy. |
| web_data/certificate_pdf_url |
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf |
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/April 2020_010520_0717.pdf |
| web_data/date_sunset |
19.04.2025 |
|
| web_data/description |
The Amazon Linux 2 NSS Cryptographic Module is a set of libraries designed to support cross-platform development of security-enabled applications. These applications may support the TLS protocol, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards supporting FIPS 140-2 validated cryptographic algorithms. |
The Amazon Linux 2 NSS Cryptographic Module is a set of libraries designed to support cross-platform development of security-enabled applications. These applications may support the TLS protocol, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards supporting FIPS 140-2 validated cryptographic algorithms. |
| web_data/embodiment |
Multi-Chip Stand Alone |
Multi-Chip Stand Alone |
| web_data/exceptions |
Roles, Services, and Authentication: Level 2, Physical Security: N/A |
Roles, Services, and Authentication: Level 2, Physical Security: N/A |
| web_data/fw_versions |
[] |
[] |
| web_data/historical_reason |
None |
SP 800-56Arev3 transition - replaced by certificate #4565 |
| web_data/hw_versions |
[] |
[] |
| web_data/level |
1 |
1 |
| web_data/mentioned_certs |
|
|
| web_data/module_name |
Amazon Linux 2 NSS Cryptographic Module |
Amazon Linux 2 NSS Cryptographic Module |
| web_data/module_type |
Software |
Software |
| web_data/revoked_link |
None |
None |
| web_data/revoked_reason |
None |
None |
| web_data/standard |
FIPS 140-2 |
FIPS 140-2 |
| web_data/status |
active |
historical |
| web_data/sw_versions |
1.0 |
1.0 |
| web_data/tested_conf |
Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 with PAA, Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 without PAA (single-user mode), Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 with PAA, Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 without PAA |
Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 with PAA, Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5 without PAA (single-user mode), None, None |
| web_data/validation_history |
- date: 30.08.2023
- lab: ATSEC INFORMATION SECURITY CORP
- validation_type: Initial
|
- date: 20.04.2020
- lab: ATSEC INFORMATION SECURITY CORP
- validation_type: Initial
|
| web_data/vendor |
Amazon Web Services, Inc. |
Amazon Web Services, Inc. |
| web_data/vendor_url |
http://aws.amazon.com |
http://aws.amazon.com |