This page was not yet optimized for use on mobile devices.

Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.

	Sophos Cryptographic Module	Sophos Cryptographic Module
cert_id	4100	4925
dgst	69898c7bb333c6ad	f4fc1ac61a9e62b9
heuristics/algorithms	AES#A1398, RSA#A1398, Triple-DES#A1398, DSA#A1398, DRBG#A1398, SHS#A1398, HMAC#A1398, ECDSA#A1398	{}
heuristics/cpe_matches	{}	{}
heuristics/direct_transitive_cves	{}	{}
heuristics/extracted_versions	-	-
heuristics/indirect_transitive_cves	{}	{}
heuristics/module_processed_references/directly_referenced_by	{}	{}
heuristics/module_processed_references/directly_referencing	{}	{}
heuristics/module_processed_references/indirectly_referenced_by	{}	{}
heuristics/module_processed_references/indirectly_referencing	{}	{}
heuristics/module_prunned_references	{}	{}
heuristics/policy_processed_references/directly_referenced_by	{}	{}
heuristics/policy_processed_references/directly_referencing	{}	210
heuristics/policy_processed_references/indirectly_referenced_by	{}	{}
heuristics/policy_processed_references/indirectly_referencing	{}	100, 147, 210
heuristics/policy_prunned_references	{}	210
heuristics/related_cves	{}	{}
heuristics/verified_cpe_matches	{}	{}
pdf_data/keywords/fips_cert_id		Cert: #210: 1
pdf_data/keywords/fips_security_level		Level: Level 1: 3
pdf_data/keywords/fips_certlike	Certlike: AES 128/192/256: 1 AES GCM3: 1 AES, 256: 1 AES-128: 1 AES-128 128: 1 AES-192: 1 AES-256: 1 AES-256 256: 1 DRBG1: 1 HMAC SHA-1: 1 HMAC-SHA-1: 6 HMAC-SHA1: 2 PKCS#1: 2 SHA-1: 8 SHA-1 128: 1 SHA-2: 4 SHA-2 (224: 2 SHA-224: 1 SHA-256: 5 SHA-384: 3 SHA-512: 2 SHA-512 256: 1	Certlike: PKCS 1: 4 SHA2: 1 SHA3: 1
pdf_data/keywords/vendor	Microsoft: Microsoft: 1
pdf_data/keywords/eval_facility
pdf_data/keywords/symmetric_crypto	AES_competition: AES: AES: 20 AES-: 1 AES-128: 2 AES-192: 2 AES-256: 2 DES: 3DES: TDEA: 1 Triple-DES: 10 constructions: MAC: CMAC: 16 HMAC: 6	AES_competition: AES: AES: 10 CAST: CAST: 73 constructions: MAC: CMAC: 6 HMAC: 19 KMAC: 7
pdf_data/keywords/asymmetric_crypto	ECC: ECC: ECC: 2 ECDH: ECDH: 1 ECDSA: ECDSA: 15 FF: DH: DH: 6 Diffie-Hellman: 5 DSA: DSA: 16	ECC: ECC: ECC: 8 ECDSA: ECDSA: 23 EdDSA: EdDSA: 4 FF: DH: DHE: 1 DSA: DSA: 23
pdf_data/keywords/pq_crypto
pdf_data/keywords/hash_function	SHA: SHA1: SHA-1: 9 SHA2: SHA-2: 6 SHA-224: 2 SHA-256: 5 SHA-384: 3 SHA-512: 3	PBKDF: PBKDF: 10 SHA: SHA2: SHA2: 1 SHA3: SHA3: 1 SHAKE: SHAKE128: 1 SHAKE256: 1
pdf_data/keywords/crypto_scheme	KA: Key Agreement: 1	AEAD: AEAD: 1 KA: Key Agreement: 1 Key agreement: 17 MAC: MAC: 16
pdf_data/keywords/crypto_protocol	TLS: TLS: TLS: 2	SSH: SSH: 4 TLS: TLS: TLS: 3 TLS 1.2: 1 TLS 1.3: 1 TLS v1.2: 4 TLS v1.3: 5
pdf_data/keywords/randomness	PRNG: DRBG: 19	PRNG: DRBG: 37 RNG: RBG: 3
pdf_data/keywords/cipher_mode	CBC: CBC: 3 CCM: CCM: 3 CFB: CFB: 1 CTR: CTR: 1 ECB: ECB: 3 GCM: GCM: 7 OFB: OFB: 1 XTS: XTS: 4	CCM: CCM: 1 CTR: CTR: 3 GCM: GCM: 3
pdf_data/keywords/ecc_curve	NIST: B-163: 5 B-233: 4 B-283: 4 B-409: 4 B-571: 4 K-163: 5 K-233: 5 K-283: 4 K-409: 4 K-571: 3 P-192: 10 P-224: 10 P-256: 8 P-384: 8 P-521: 8
pdf_data/keywords/crypto_engine
pdf_data/keywords/tls_cipher_suite
pdf_data/keywords/crypto_library		OpenSSL: OpenSSL: 10
pdf_data/keywords/vulnerability
pdf_data/keywords/side_channel_analysis		SCA: timing attacks: 2
pdf_data/keywords/device_model
pdf_data/keywords/tee_name		AMD: PSP: 12 IBM: SSC: 1
pdf_data/keywords/os_name
pdf_data/keywords/cplc_data
pdf_data/keywords/ic_data_group
pdf_data/keywords/standard_id	FIPS: FIPS 140-2: 10 FIPS 180-4: 2 FIPS 186-2: 5 FIPS 186-4: 8 FIPS 197: 2 FIPS 198: 1 FIPS 198-1: 1 NIST: SP 800-135: 1 SP 800-38A: 1 SP 800-38B: 3 SP 800-38C: 2 SP 800-38D: 3 SP 800-38E: 2 SP 800-56A: 1 SP 800-56C: 1 SP 800-89: 1 SP 800-90A: 1 PKCS: PKCS#1: 1 RFC: RFC 5246: 1 RFC 5288: 1	FIPS: FIPS 202: 6 ISO: ISO/IEC 19790:2012: 3 PKCS: PKCS 1: 2 RFC: RFC 5288: 1 RFC 5647: 1 RFC 8446: 1 RFC7627: 4 RFC8446: 1
pdf_data/keywords/javacard_version
pdf_data/keywords/javacard_api_const		curves: ED25519: 4 ED448: 4
pdf_data/keywords/javacard_packages
pdf_data/keywords/certification_process
pdf_data/policy_metadata	/Author: ehackleman /CreationDate: D:20210907202932-07'00' /Creator: Microsoft® Word for Microsoft 365 /ModDate: D:20210907202932-07'00' /Producer: Microsoft® Word for Microsoft 365 pdf_file_size_bytes: 565528 pdf_hyperlinks: about:blank pdf_is_encrypted: False pdf_number_of_pages: 15	/Author: Rachel Shelby /CreationDate: D:20241021161438-07'00' /Creator: PScript5.dll Version 5.2.2 /ModDate: D:20241021161438-07'00' /Producer: Acrobat Distiller 24.0 (Windows) /Title: Microsoft Word - Sophos FIPS 140-3 Security Policy_Output_TRD1_2024-10-21.docx pdf_file_size_bytes: 619089 pdf_hyperlinks: {} pdf_is_encrypted: False pdf_number_of_pages: 40
state/module_download_ok	True	True
state/module_extract_ok	True	True
state/policy_convert_garbage	False	False
state/policy_convert_ok	True	True
state/policy_download_ok	True	True
state/policy_extract_ok	True	True
state/policy_pdf_hash	Different	Different
state/policy_txt_hash	Different	Different
web_data/caveat	When operated in FIPS mode. No assurance of the minimum strength of generated keys.	No assurance of the minimum strength of generated SSPs (e.g., keys).
web_data/certificate_pdf_url	https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/December 2021_020122_0905_signed.pdf
web_data/date_sunset		10.07.2029
web_data/description	The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-2 validated cryptography for the protection of sensitive information.	The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-3 validated cryptography for the protection of sensitive information.
web_data/embodiment	Multi-Chip Stand Alone	Multi-Chip Stand Alone
web_data/exceptions	Roles, Services, and Authentication: Level 2, Physical Security: N/A, Design Assurance: Level 3, Mitigation of Other Attacks: N/A,	Physical security: N/A, Non-invasive security: N/A, Life-cycle assurance: Level 3, Documentation requirements: N/A, Cryptographic module security policy: N/A
web_data/fw_versions	[]	[]
web_data/historical_reason	Moved to historical list due to sunsetting
web_data/hw_versions	[]	[]
web_data/level	1	1
web_data/mentioned_certs
web_data/module_name	Sophos Cryptographic Module	Sophos Cryptographic Module
web_data/module_type	Software	Software
web_data/revoked_link	None	None
web_data/revoked_reason	None	None
web_data/standard	FIPS 140-2	FIPS 140-3
web_data/status	historical	active
web_data/sw_versions	1.0
web_data/tested_conf	Sophos Firewall Operating System (SFOS) 18.5 running on XGS 3100 with AMD Ryzen Embedded V1780B with PAA, Sophos Firewall Operating System (SFOS) 18.5 running on XGS 3100 with AMD Ryzen Embedded V1780B without PAA (single user mode)	[]
web_data/validation_history	date: 13.12.2021 lab: ACUMEN SECURITY, LLC validation_type: Initial	date: 18.12.2024 lab: DEKRA Certification, Inc. validation_type: Initial
web_data/vendor	Sophos Limited	Sophos Ltd.
web_data/vendor_url	http://www.sophos.com