NetApp CryptoMod

Certificate #4731

Webpage information

Status active
Validation dates 19.07.2024
Sunset date 18-07-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat Interim validation. When installed, initialized and configured as specified in section 11 of the Security Policy
Exceptions
  • Physical security: N/A
  • Mitigation of other attacks: N/A
Description NetApp CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption services for NetApp’s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software-only cryptographic module.
Tested configurations
  • ONTAP 9.11.1 running on AFF A250 system with an Intel Xeon D-2164IT with PAA
  • ONTAP 9.11.1 running on AFF A250 system with an Intel Xeon D-2164IT without PAA
  • ONTAP 9.11.1 running on AFF A400 system with an Intel Xeon Silver 4210 with PAA
  • ONTAP 9.11.1 running on AFF A400 system with an Intel Xeon Silver 4210 without PAA
  • ONTAP 9.11.1 running on AFF A900 system with an Intel Xeon Platinum 8352Y with PAA
  • ONTAP 9.11.1 running on AFF A900 system with an Intel Xeon Platinum 8352Y without PAA
Vendor NetApp, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-, AES-256, HMAC, CMAC
Hash functions
SHA-1, SHA1, SHA-3, SHA3-256, PBKDF
Protocols
TLS, IPsec
Randomness
DRBG, RNG
Block cipher modes
ECB, CBC, CTR, GCM, CCM, XEX, XTS

Vendor
Microsoft

Security level
Level 1

Standards
FIPS 140-3, FIPS 197, FIPS 198-1, FIPS 202, FIPS 180-4, NIST SP 800-90B, RFC 5288, RFC 4106, ISO/IEC 24759

File metadata

Title Standard TR Template
Author IE CCS
Creation date D:20240719125608-04'00'
Modification date D:20240719125608-04'00'
Pages 27
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4731,
  "dgst": "d2c5ea6c63da5897",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "HMAC-SHA2-256A2640",
        "HMAC-SHA-1A2640",
        "AES-CBCA2640",
        "AES-CMACA2640",
        "AES-GMACA2640",
        "AES-CCMA2640",
        "SHA3-256A2640",
        "KDF SP800-108A2640",
        "Counter DRBGA2640",
        "AES-ECBA2640",
        "PBKDFA2640",
        "SHA-1A2640",
        "AES-XTS Testing Revision 2.0A2640",
        "HMAC-SHA2-512A2640",
        "SHA2-256A2640",
        "SHA2-512A2640",
        "AES-GCMA2640",
        "AES-KWPA2640"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 8
        },
        "CTR": {
          "CTR": 7
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 11
        },
        "XEX": {
          "XEX": 1
        },
        "XTS": {
          "XTS": 7
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IPsec": {
          "IPsec": 4
        },
        "TLS": {
          "TLS": {
            "TLS": 5
          }
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#2": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES- 256": 1,
          "AES-256": 1,
          "HMAC SHA-1": 2,
          "HMAC- SHA1": 2,
          "HMAC-SHA-1": 2,
          "SHA-1": 6,
          "SHA-3": 2,
          "SHA1": 2,
          "SHA2-256": 6,
          "SHA2-512": 8,
          "SHA3- 256": 1,
          "SHA3-256": 2
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 8
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 9
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 6,
            "SHA1": 2
          },
          "SHA3": {
            "SHA-3": 2,
            "SHA3-256": 3
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 29
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 20,
          "FIPS 180-4": 2,
          "FIPS 197": 4,
          "FIPS 198-1": 2,
          "FIPS 202": 2
        },
        "ISO": {
          "ISO/IEC 24759": 4
        },
        "NIST": {
          "NIST SP 800-90B": 1
        },
        "RFC": {
          "RFC 4106": 1,
          "RFC 5288": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 37,
            "AES-": 5,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 4,
            "HMAC": 13
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 1
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "IE CCS",
      "/CreationDate": "D:20240719125608-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20240719125608-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "Standard TR Template",
      "pdf_file_size_bytes": 421870,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
          "https://docs.netapp.com/us-en/cloud-volumes-ontap-relnotes/reference-configs-gcp.html",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
          "https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198-1_final.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
          "https://docs.netapp.com/us-en/cloud-volumes-ontap-relnotes/reference-configs-azure.html",
          "https://docs.netapp.com/",
          "https://docs.netapp.com/us-en/cloud-volumes-ontap-relnotes/reference-configs-aws.html",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E1_PublicUse.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf",
          "https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 27
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "8e429152daca1588ebca167b441eda6c5d5f993ad8865fa767cff708276f47de",
    "policy_txt_hash": "4498242105f13aef6681629d93faa3372df9ea3e7e77f5fe486f7a75d64f21fe"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "Interim validation. When installed, initialized and configured as specified in section 11 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
    "date_sunset": "2029-07-18",
    "description": "NetApp CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption services for NetApp\u2019s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel\uf0e2 processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software-only cryptographic module.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Mitigation of other attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "NetApp CryptoMod",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "3.0",
    "tested_conf": [
      "ONTAP 9.11.1 running on AFF A250 system with an Intel Xeon D-2164IT with PAA",
      "ONTAP 9.11.1 running on AFF A250 system with an Intel Xeon D-2164IT without PAA",
      "ONTAP 9.11.1 running on AFF A400 system with an Intel Xeon Silver 4210 with PAA",
      "ONTAP 9.11.1 running on AFF A400 system with an Intel Xeon Silver 4210 without PAA",
      "ONTAP 9.11.1 running on AFF A900 system with an Intel Xeon Platinum 8352Y with PAA",
      "ONTAP 9.11.1 running on AFF A900 system with an Intel Xeon Platinum 8352Y without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-07-19",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "NetApp, Inc.",
    "vendor_url": "http://www.netapp.com"
  }
}