Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
Forcepoint Next Generation Firewall
Forcepoint Next Generation Firewall
cert_id 4867 3317
dgst af93a06c80895edf e6d41d208672a4e5
heuristics/algorithms Safe Primes Key VerificationA2155, HMAC-SHA2-512A2166, SHA2-384A2166, ECDSA SigGen (FIPS186-4)A2155, RSA SigVer (FIPS186-4)A2155, KAS-ECC-SSC Sp800-56Ar3A2155, HMAC-SHA-1A2166, ECDSA KeyVer (FIPS186-4)A2155, SHA2-512A2166, AES-GCMA2166, AES-ECBA2209, SHA3-256A2167, HMAC-SHA2-384A2166, TLS v1.2 KDF RFC7627A2155, KDF IKEv1A2155, KDF SP800-108A2209, KAS-FFC-SSC Sp800-56Ar3A2155, AES-CBCA2166, RSA KeyGen (FIPS186-4)A2155, HMAC-SHA2-256A2166, KDF IKEv2A2155, HMAC-SHA2-224A2166, Counter DRBGA2155, Safe Primes Key GenerationA2155, ECDSA KeyGen (FIPS186-4)A2155, SHA2-256A2166, SHA2-224A2166, AES-CFB128A2209, SHA-1A2166, ECDSA SigVer (FIPS186-4)A2155, RSA SigGen (FIPS186-4)A2155, PBKDFA2209, AES-KWPA2155 ECDSA#1339, Triple-DES#2774, DRBG#1946, CVL#1961, KTS#3670, SHS#4427, DRBG#2179, RSA#2777, KTS#3671, HMAC#3669, KTS#2778, KTS#3669, Triple-DES#2776, SHS#4423, Triple-DES#2632, KTS#2779, KTS#3668, HMAC#3667, ECDSA#1480, KTS#2775, SHS#4424, KBKDF#232, DRBG#2181, ECDSA#1482, CVL#1958, HMAC#3672, AES#5515, AES#5516, CVL#1962, HMAC#3429, SHS#4426, Triple-DES#2775, KTS#3672, AES#5513, CVL#1959, ECDSA#1481, CVL#1957, KBKDF#230, SHS#4425, Triple-DES#2778, SHS#4175, DRBG#2180, AES#5511, RSA#2959, KTS#2774, HMAC#3670, AES#5512, RSA#2957, AES#5168, KTS#3429, HMAC#3671, KTS#2632, Triple-DES#2777, SHS#4422, KTS#2777, HMAC#3668, KTS#2776, CVL#1960, Triple-DES#2779, CVL#1676, KBKDF#231, RSA#2958, KTS#3667, AES#5514
heuristics/cpe_matches {} cpe:2.3:a:forcepoint:next_generation_firewall_security_management_center:6.4.1:*:*:*:*:*:*:*, cpe:2.3:a:forcepoint:next_generation_firewall:6.4.1:*:*:*:*:*:*:*
heuristics/extracted_versions 6.10.3.26158 6.4.1.20056
heuristics/related_cves {} CVE-2021-41530, CVE-2019-6147, CVE-2019-6143
pdf_data/keywords/fips_security_level
  • Level:
    • Level 1: 1
    • Level 2: 3
    • level 2: 1
  • Level:
    • Level 1: 1
    • Level 2: 3
    • Level 9: 1
pdf_data/keywords/fips_certlike
  • Certlike:
    • AES-128: 2
    • AES-256: 5
    • HMAC SHA-1: 1
    • HMAC- SHA-1: 1
    • HMAC-SHA-1: 8
    • PKCS #1: 2
    • RSA 2048: 3
    • SHA-1: 12
    • SHA-3: 2
    • SHA2- 256: 1
    • SHA2- 512: 1
    • SHA2-224: 8
    • SHA2-256: 14
    • SHA2-384: 8
    • SHA2-512: 16
    • SHA3- 256: 1
    • SHA3-256: 2
  • Certlike:
    • AES 256: 1
    • AES 37: 1
    • AES-GCM 41: 1
    • CVL 1676: 3
    • CVL 1958: 2
    • CVL 1962: 2
    • HMAC 49: 2
    • HMAC-SHA-224: 2
    • HMAC-SHA-256: 2
    • HMAC-SHA-384: 2
    • PKCS 45: 2
    • PKCS#1: 4
    • RSA32: 1
    • SHA 48: 1
    • SHA-1: 1
    • SHA-224: 1
    • SHA-256: 1
    • SHA-384: 1
    • SHA-512: 3
    • SHS 47: 1
pdf_data/keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 35
      • AES-: 1
      • AES-128: 2
      • AES-256: 5
  • constructions:
    • MAC:
      • HMAC: 31
  • AES_competition:
    • AES:
      • AES: 27
  • DES:
    • 3DES:
      • TDES: 4
      • Triple-DES: 5
    • DES:
      • DES: 7
  • constructions:
    • MAC:
      • HMAC: 25
      • HMAC-SHA-224: 1
      • HMAC-SHA-256: 1
      • HMAC-SHA-384: 1
pdf_data/keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 1
    • ECDH:
      • ECDH: 50
    • ECDSA:
      • ECDSA: 85
  • FF:
    • DH:
      • DH: 42
      • Diffie-Hellman: 10
  • RSA:
    • RSA 2048: 3
  • ECC:
    • ECDH:
      • ECDH: 25
    • ECDSA:
      • ECDSA: 29
  • FF:
    • DH:
      • DH: 24
      • Diffie-Hellman: 19
    • DSA:
      • DSA: 1
pdf_data/keywords/hash_function
  • PBKDF:
    • PBKDF: 7
    • PBKDF2: 3
  • SHA:
    • SHA1:
      • SHA-1: 12
    • SHA3:
      • SHA-3: 2
      • SHA3-256: 3
  • PBKDF:
    • PBKDF: 3
    • PBKDF2: 5
  • SHA:
    • SHA1:
      • SHA-1: 1
    • SHA2:
      • SHA-224: 1
      • SHA-256: 1
      • SHA-384: 1
      • SHA-512: 3
pdf_data/keywords/crypto_scheme
  • KA:
    • Key Agreement: 3
  • MAC:
    • MAC: 4
  • KA:
    • Key agreement: 1
  • KEX:
    • Key Exchange: 2
    • Key exchange: 1
pdf_data/keywords/crypto_protocol
  • IKE:
    • IKE: 41
    • IKEv1: 11
    • IKEv2: 13
  • IPsec:
    • IPsec: 40
  • SSH:
    • SSH: 2
  • TLS:
    • TLS:
      • TLS: 188
      • TLS 1.2: 15
      • TLSv1.2: 2
  • VPN:
    • VPN: 103
  • IKE:
    • IKE: 25
    • IKEv1: 1
    • IKEv2: 3
  • IPsec:
    • IPsec: 24
  • SSH:
    • SSH: 2
  • TLS:
    • SSL:
      • SSL: 38
    • TLS:
      • TLS: 131
      • TLS 1.2: 18
      • TLS v1.2: 1
  • VPN:
    • VPN: 107
pdf_data/keywords/randomness
  • PRNG:
    • DRBG: 61
  • RNG:
    • RNG: 6
  • PRNG:
    • DRBG: 39
  • RNG:
    • RNG: 1
pdf_data/keywords/cipher_mode
  • CBC:
    • CBC: 1
  • CFB:
    • CFB: 2
  • CTR:
    • CTR: 1
  • ECB:
    • ECB: 2
  • GCM:
    • GCM: 7
  • OFB:
    • OFB: 2
  • CBC:
    • CBC: 4
  • CFB:
    • CFB: 2
  • CTR:
    • CTR: 1
  • ECB:
    • ECB: 5
  • GCM:
    • GCM: 7
  • OFB:
    • OFB: 1
pdf_data/keywords/ecc_curve
  • NIST:
    • P-224: 16
    • P-256: 6
    • P-384: 4
    • P-521: 10
  • NIST:
    • P-192: 2
    • P-224: 14
    • P-256: 10
    • P-384: 8
    • P-521: 14
pdf_data/keywords/tls_cipher_suite
  • TLS:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 1
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 1
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 1
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 1
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 1
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 1
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 1
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 2
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 1
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 1
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 1
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 1
pdf_data/keywords/crypto_library
  • OpenSSL:
    • OpenSSL: 18
pdf_data/keywords/side_channel_analysis
  • SCA:
    • physical probing: 1
pdf_data/keywords/tee_name
  • IBM:
    • SSC: 28
  • IBM:
    • SE: 1
pdf_data/keywords/standard_id
  • FIPS:
    • FIPS 140: 2
    • FIPS 140-3: 17
    • FIPS 180-4: 2
    • FIPS 186-4: 23
    • FIPS 197: 3
    • FIPS 198-1: 2
    • FIPS 202: 1
  • ISO:
    • ISO/IEC 19790:2012: 1
    • ISO/IEC 24759: 2
  • NIST:
    • NIST SP 800-107: 1
    • NIST SP 800-135: 1
    • SP 800-108: 1
    • SP 800-132: 6
    • SP 800-140F: 1
    • SP 800-38A: 3
    • SP 800-38C: 1
    • SP 800-38D: 3
    • SP 800-38F: 4
    • SP 800-90A: 4
    • SP 800-90B: 3
  • PKCS:
    • PKCS #1: 1
  • RFC:
    • RFC 4106: 1
    • RFC 5288: 1
    • RFC 7296: 1
  • FIPS:
    • FIPS 140-2: 36
    • FIPS 180-4: 1
    • FIPS 186-4: 25
    • FIPS 197: 3
    • FIPS 198-1: 1
  • NIST:
    • NIST SP 800-56A: 1
    • NIST SP 800-67: 2
    • NIST SP 800-90A: 2
    • SP 800-108: 6
    • SP 800-132: 7
    • SP 800-133: 3
    • SP 800-135: 4
    • SP 800-38D: 1
    • SP 800-38F: 5
    • SP 800-90A: 8
  • PKCS:
    • PKCS 45: 1
    • PKCS#1: 2
  • RFC:
    • RFC 4106: 1
    • RFC 5288: 1
  • X509:
    • X.509: 4
pdf_data/policy_metadata
  • /CreationDate: D:20181024233616Z00'00'
  • /Creator: Word
  • /ModDate: D:20181024233616Z00'00'
  • /Producer: Mac OS X 10.13.5 Quartz PDFContext
  • /Title: Microsoft Word - 1B - Forcepoint NGFW Security Policy 20181024.docx
  • pdf_file_size_bytes: 2264186
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 53
state/policy_pdf_hash Different Different
state/policy_txt_hash Different Different
web_data/caveat When installed, initialized and configured as specified in Section 11.1 of the Security Policy. The tamper evident seals ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy When configured as specified in the section 3 Secure Operation of the Security Policy with tamper evident labels SKU ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy.
web_data/certificate_pdf_url https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/Consolidated-Nov2018.pdf
web_data/date_sunset 05.11.2029
web_data/description The NGFW appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN, IPS, anti-evasion, TLS inspection, SD-WAN, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network. Forcepoint NGFW is a next generation firewall that blocks malicious attacks and prevents the theft of data and intellectual property while transforming infrastructure and increasing the efficiency of your operations. With Forcepoint NGFW, painlessly handle the rapid shift to encrypted transmissions for both incoming and outgoing traffic.
web_data/exceptions Operational environment: N/A, Non-invasive security: N/A, Mitigation of other attacks: N/A, Documentation requirements: N/A, Cryptographic module security policy: N/A Mitigation of Other Attacks: N/A, , , ,
web_data/fw_versions 6, ., 1, 0, ., 3, ., 2, 6, 1, 5, 8, , , , , , 6, ., 4, ., 1, ., 2, 0, 0, 5, 6, ., f, i, p, s, ., 8
web_data/historical_reason SP 800-56Arev3 transition
web_data/hw_versions [, 2, 2, 0, 1, ,, , 2, 2, 0, 5, ,, , 2, 2, 1, 0, ,, , 3, 4, 0, 1, , a, n, d, , 3, 4, 1, 0, ], , w, i, t, h, , F, o, r, c, e, p, o, i, n, t, , N, G, F, W, , F, I, P, S, , K, i, t, , A, C, F, I, P, S, 3 1, 1, 0, 1, ,, , 2, 1, 0, 1, ,, , 2, 1, 0, 5, ,, , 3, 3, 0, 5, ,, , a, n, d, , 6, 2, 0, 5, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
web_data/standard FIPS 140-3 FIPS 140-2
web_data/status active historical
web_data/validation_history
  • date: 06.11.2024
  • lab: LEIDOS CSTL
  • validation_type: Initial
  • date: 01.11.2018
  • lab: ATSEC INFORMATION SECURITY CORP
  • validation_type: Initial