FIPS 140-2 Non-Proprietary Security Policy Apricorn FIPS 140-2 Encryption System Gen 2 Author: Victor Nguyen Date: 09/27/2022 Document Issue: 2.3 This document may be copied without the author’s permission, provided that it is copied in its entirety without any modification. Apricorn is a trademark or a registered trademark of Apricorn in certain countries. All Apricorn product names and logos are trademarks or registered trademarks of Apricorn in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 2 of 17 Table of Contents 1. References................................................................................................................. 3 2. Target Audience ........................................................................................................ 3 3. Introduction ............................................................................................................... 4 3.1 Purpose of the Security Policy.............................................................................................. 4 3.2 Cryptographic Module Description ...................................................................................... 4 4. Security Levels.......................................................................................................... 7 5. Interfaces and Ports.................................................................................................. 7 6. Cryptographic Key and CSP Management.............................................................. 8 6.1 AES Master Key ................................................................................................................... 8 6.2 PIN Access Codes................................................................................................................. 8 6.3 Random Number Generation ................................................................................................ 8 6.4 EC DH Key Establishment ................................................................................................... 8 7. Identification and Authentication Policy ................................................................. 9 7.1 Roles ..................................................................................................................................... 9 7.2 Authentication..................................................................................................................... 10 8. Access Control Policy ............................................................................................ 11 9. Physical Security Policy......................................................................................... 13 10. Regulatory Compliance ........................................................................................ 13 11. Security Rules ....................................................................................................... 14 11.1 Initialization Period of the Cryptographic Module........................................................... 14 11.2 FIPS Approved Mode ....................................................................................................... 15 12. Mitigation of Other Attacks Policy....................................................................... 17 13. Acronyms............................................................................................................... 17 Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 3 of 17 Revision History 2.0 Original Release 2.1 Revalidation Submission 2.2 Updates for SP 800 56Ar3 Conformance Table 1 – Revision History 1. References Author Title NIST FIPS PUB 140-2: Security Requirements For Cryptographic Modules, December, 2002 NIST Derived Test Requirements for FIPS PUB 140-2, January, 2011 NIST Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program, August, 2020 NIST FIPS 197 NIST FIPS 180-4 NIST SP 800-90A Revision 1 NIST SP 800-38E NIST SP 800-56Ar3 NIST SP 800-56Cr2 NIST SP 800-133 Revision 2 Table 2 - References 2. Target Audience • NIST, CCCS, Accredited Laboratory and the FIPS 140-2 Validation Group • Developers Working on the Release • Product Verification • Documentation • Product and Development Managers • Security Assurance • Administrator and General User Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 4 of 17 3. Introduction This security policy document contains a description of the Apricorn FIPS 140-2 Encryption System Gen 2 (also referred to herein as the cryptographic module, or simply the module). This document contains a specification of the security rules under which the module must operate as derived from the requirements of FIPS 140-2. 3.1 Purpose of the Security Policy There are three major reasons that this security policy is defined for, and must be followed by, the cryptographic module: • This document is required for FIPS 140-2 validation. • This document allows individuals and organizations to determine whether the cryptographic module, as implemented, satisfies the stated security policy. • This document describes the capabilities, protection, and access rights provided by the cryptographic module, allowing individuals and organizations to determine whether it will meet their security requirements. 3.2 Cryptographic Module Description The Apricorn FIPS 140-2 Encryption System Gen 2 is a multi-chip embedded cryptographic module. Specifically, the module is a USB 3.1 to Data Storage Memory Module which implements hardware encryption dependent on operator authentication. The module provides secure encrypted (AES-XTS 256) storage, ensuring that only authorized operators have access to the protected data. Access is granted by use of an alpha-numeric keypad whereby the authorized operator inputs a personal identification number (PIN) to access and unlock the secured data. Electronic components containing all critical security parameters (CSPs) are encapsulated within a hard, opaque, tamper-evident, production-grade epoxy. This software-free, embedded authentication approach allows the module to work with any mass storage compliant operating system whether it has a keyboard or not, and never shares any CSPs with the host. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 5 of 17 The cryptographic module is designed to meet FIPS 140-2 Level 2 cryptographic module requirements for the storage of user credentials and file systems. The module will only operate in the “FIPS Approved” mode of operation. It must be configured according to the initial setup instructions in Section 11.1 before being operational. A non-Approved FIPS mode is not supported. The Apricorn FIPS 140-2 Encryption System Gen 2 (Figure 1 below) represents the physical boundary of the device and the cryptographic boundary as outlined by the red marking. The module’s cryptographic boundary is defined by the area enclosed by the epoxy fence placed onto the PCB, extending downward through and inclusive of the PCB and all traces within the silhouette of the epoxy fence. All security relevant components are contained within this boundary. Figure 1 - Apricorn FIPS 140-2 Encryption System Gen 2 Apricorn FIPS 140-2 Encryption System Gen 2 Firmware Version 2.2 Part Numbers / Hardware Versions AFESG2-1 Rev A2 AFESG2-2 Rev A2 AFESG2-3 Rev A2 Table 3 – Cryptographic Module Versions Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 6 of 17 List of All Approved Security Functions: The cryptographic module offers FIPS Approved cryptographic security functions including the following: CAVP Cert. Algorithm Standard Mode / Method Key Lengths, Curves or Moduli Use C1597 AES SP 800-38A SP 800-38E ECB XTS 256-bits Data Encryption / Decryption Note: This mode is only approved for storage applications, and AES-XTS- 128 is NOT supported by the cryptographic module. C877 AES SP 800-38A CBC 256-bits Data Decryption Vendor Affirmed CKG SP 800-133 Rev 2 Non-modified output Key Generation Sections 5.2 Key Pairs for Key Establishment, 6.1 “Direct Generation” of Symmetric Keys, 6.2.1 Symmetric Keys Generated Using Key- Agreement Schemes C884 DRBG SP 800-90A Revision 1 HASH_Based DRBG (SHA-256) Security strength is 256 bits Deterministic Random Bit Generation C885 ECDSA FIPS 186-4 KeyGen, PKV P-256 Prerequisite to KAS N/A KAS SP 800-56Ar3 and SP 800- 56Cr2 ECC and One Step KDF P-256 KAS (KAS-SSC Cert. #A2243 and KDA Cert. #A2243) Provides a security strength of 128 bits per SP800-57 Part 1. A2243 KAS-SSC SP 800-56Ar3 ECC P-256 Key Agreement A2243 KDA SP 800-56Cr2 One Step KDF 256-bits Key Derivation C883 SHS FIPS 180-4 SHA-256 Message Digest Table 4 – List of All Approved Security Functions List of All non-Approved but Allowed Security Functions: Algorithm Use Hardware NDRNG Seeding for the HASH DRBG with 256 bits of security. A 1024-bit seed is used. Table 5 – List of All non-Approved but Allowed Security Functions Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 7 of 17 4. Security Levels The cryptographic module meets an overall security of FIPS 140-2 Level 2. The FIPS 140-2 specification defines security requirements that are grouped into Security Requirement Areas. These areas are tested individually for a specific level of achievement. The table below defines the targeted level in each section for the module. FIPS 140-2 Security Requirement Target Level Cryptographic Module Specification Level 2 Cryptographic Module Ports and Interfaces Level 2 Roles, Services and Authentication Level 2 Finite State Model Level 2 Physical Security Level 2 Operational Environment N/A Cryptographic Key Management Level 2 EMI/EMC Level 3 Self-Tests Level 2 Design Assurance Level 3 Mitigation of Other Attacks N/A Table 6 – FIPS Security Levels 5. Interfaces and Ports There are four physical ports on the cryptographic module: a SuperSpeed Universal Serial Bus (USB 3.1), a Keypad Input, a SATA connector and signals to drive three external status LEDs. Physical Port Description Logical Interface SuperSpeed Universal Serial Bus (USB 3.1) SuperSpeed Universal Serial Bus Signals (USB 3.1) Data Input/ Data Output/ Power/ Control Input/ Status Output Keypad Input Keypad Input Signals Control Input / Data Input SATA SATA Signals Data Input/ Data Output/ Power/ Control Input/ Status Output LEDs output Output LED Signals Status Output Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 8 of 17 Table 7 – Interfaces and Ports 6. Cryptographic Key and CSP Management 6.1 AES Master Key The cryptographic module uses an AES Master Key (an AES-XTS 256-bit key) to encrypt/decrypt protected data. The AES-XTS 256-bit key is generated using the FIPS Approved deterministic random bit generator. 6.2 PIN Access Codes On the cryptographic module, each personal identification number (PIN) has a minimum of seven (7) digits and maximum of sixteen digits. The module supports one Admin PIN, four User PINs, one Self-Destruct PIN, and four Recovery PINs. The Admin PIN is used by the cryptographic officer to administer the device or access the storage area. The User PIN is used to access the storage area. The Recovery PIN is used to create a new User PIN. The Self-Destruct PIN zeroizes all PINs and the AES Master Key, then resets to a new AES Master Key and new Admin PIN. 6.3 Random Number Generation The cryptographic module contains a non-deterministic hardware random number generator (NDRNG) that uses an internal, unpredictable physical source of entropy that is outside of human control. Random numbers generated by the NDRNG are used as seeding values for the FIPS Approved Deterministic Random Bit Generator. Continuous RNG tests are performed on the outputs of the NDRNG. The HASH DRBG Internal State (V and C) is the DRBG’s working state. The HASH DRBG Seed is used to seed the DRBG. The seed is 1024 bits and includes the Entropy Input and Nonce. 6.4 EC DH Key Establishment AES-CBC Decryption Key (AES-256) is used to decrypt the data sent from the host. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 9 of 17 ECDH Public Key (P-256) is the module’s SP 800-56A public key component and is used to create secure communication with the host. ECDH Private Key (P-256) is the module’s SP 800-56A private key component and is used to create secure communication with the host. ECDH Shared Secret "Z" is generated using SP 800-56A and is fed into the SP 800-56A key derivation function to create the AES-CBC Decryption Key. Host ECDH Public Key (P-256) is the host PC’s SP 800-56A public key component and is used to create secure communication with the module. 7. Identification and Authentication Policy 7.1 Roles The cryptographic module performs role-based authentication via verification of the PIN code for the Administrator role and General User role. Alternatively, the Administrator role may authenticate using the Configurator service, which utilizes EC Diffie-Hellman. The individual that takes physical possession of the module and initializes the PIN for the first time is the Administrator. The first-time user of the Configurator tool is also considered the Administrator. The Administrator role is the Cryptographic Officer role as defined in the FIPS 140-2 standard. The Administrator role is responsible for the overall security of the module. The Administrator can change his/her own personal identification number (PIN) and can access all the data stored within the device, set or modify all device settings, as well as add and erase a General User. The General User role is the User role as defined in the FIPS 140-2 standard. The General User role has limited privileges and access to limited services of the module. The General User can change his/her own personal identification number (PIN) and access all the data stored within the storage device. The cryptographic module supports up to five (5) authenticated operators; that is one Administrator and up to four (4) Users. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 10 of 17 7.2 Authentication The cryptographic module requires a minimum of seven (7) digits and maximum of sixteen (16) digits for a personal identification number (PIN). When the module is powered on, it will allow a maximum of ten (10) attempts to correctly enter the PIN code. The individual that takes physical possession of the module, or uses the Configurator service, and initializes the PIN for the first time is the Administrator. Upon a total of ten (10) consecutive failed authentication attempts (as described above), the module will lock the keypad and require a pre-defined command sequence to be entered to allow the Administrator or General User another ten (10) attempts at entering the correct PIN code depending on the settings controlled by the Administrator when the device is set up. Brute Force setting is programmable between 4 - 20 consecutive failed attempts. If the module does not receive the correct PIN code within the maximum of twenty (20) attempts (described above), all critical security parameters will be actively zeroized. In such a case, any encrypted data remaining on the external storage device(s) will be useless (unrecoverable). Role Type of Authentication Authentication Data Administrator (Cryptographic Officer) Role-based Personal Identification Number (PIN) Role-based EC Diffie-Hellman (Configurator Service) General User (User) Role-based Personal Identification Number (PIN) Table 8 - Roles and Required Authentication Authentication Mechanism Strength of Mechanism PIN code verification A minimum seven-digit PIN is used, with each digit selected from ten (10) possible characters. There are 10^7 (ten million) possible PIN combinations. Therefore, the probability of a random attempt to authenticate to the module is 1/10,000,000 which is much less than 1/1,000,000. The probability of multiple consecutive attempts to authenticate to the module during a one-minute period is 20/10,000,000 which is much less than 1/100,000. EC Diffie-Hellman Since EC Diffie-Hellman with P-256 is used, the probability that a random attempt to authenticate to the module is 1/(2^128) which is much less than 1/1,000,000. One authentication attempt is allowed before a User reset must be performed which takes approximately 30 seconds to complete the procedure, therefore there could be ~2 attempts per minute. Given this, the probability of multiple consecutive attempts to authenticate to the module during a one-minute period is 2/(2^128) which is much less than 1/100,000. Table 9 – Strengths of Authentication Mechanisms Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 11 of 17 8. Access Control Policy The cryptographic module supports two roles: Administrator and General User. The types of services corresponding to each of the supported roles are described below. Administrator General User Unauthenticated Service Description X X Login/Unlock Authenticates the operator to the module. X X Logout/Lock De-authenticates the operator and locks the module. X X Write Data Receives plaintext data from the host and AES XTS encrypts the data to internal storage. X X Read Data AES XTS decrypts data from internal storage and outputs plaintext data to the host. X X Establish User PIN Establishes a User PIN if to create a general user role X X Change PIN Updates the PIN. X Set Self-Destruct Enables the self-destruct feature X X Set Self-Destruct PIN Prepares the module for duress event. X X Self-Destruct Reinitializes the module. X Delete All User PINs Overwrites and supersedes all PINs. X Set Unattended Auto Lock Sets idle timeout value in minutes. X X Set Read Only When set, does not allow writing of data to the storage. If the Admin sets the device to read only, the user is prevented from overriding this setting. X Set Lock Override Sets the device to ignore re-enumeration over the USB bus. X Create Recovery PINs Admin sets a PIN used to create a recovery PIN. X X Use Recovery PIN Creates a new User PIN after using the recovery PIN. X Setup Forced Enrollment Admin sets the drive to require a PIN setup on the next use. X Set Minimum PIN length Admin setting for minimum digit length of PINs. X Set LED Flicker LED to flash when buttons are pressed. X* Configurator Send configuration data to device. X X X Run Diagnostic Mode Verifies proper keypad function and checks firmware version. X Set Brute Force Attempts Sets the number of tries before the drive will lock. X X X Self-Test Performs required power-up self-tests. X X X Get Status Status outputs. X* Zeroize Destroys all CSPs except the ECDH Private Key. X X X User Reset (FIPS Zeroize) Resets the module and zeroize all CSPs. X Provision Lock Allows a User Reset (FIPS Zeroize) to be performed by the Administrator only. *Note: This Admin service uses the EC Diffie-Hellman authentication scheme. All others use the PIN. Table 10 – Roles and Services Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 12 of 17 The table below shows the how CSPs and Public Keys are accessed by the module’s services. The modes of access shown in the table are defined as: • G = Generate: The service generates or derives the CSP. • I = Input: The service inputs the CSP from outside of the module. • O = Output: The service outputs the CSP to outside of the module. • E = Execute: The service uses the CSP. • S = Store: The service stores the CSP persistently. • Z = Zeroize: The service zeroizes the CSP. Service CSPs and Public Keys AES Master Key User PIN Admin PIN Recovery PIN Self-Destruct PIN HASH DRBG Internal State HASH DRBG Seed AES-CBC Decryption Key ECDH Public Key ECDH Private Key ECDH Shared Secret "Z" Host ECDH Public Key Login/Unlock E IE IE - - - - - - - - - Logout/Lock - - - - - - - - - - - - Write Data E - - - - - - - - - - - Read Data E - - - - - - - - - - - Establish User PIN - IGES IGES - - - - - - - - - Change PIN - ZIGES ZIGES - - - - - - - - - Set Self-Destruct - - - - Z - - - - - - - Set Self-Destruct PIN - - - - IGES - - - - - - - Self-Destruct ZGES Z ZGS Z ZIE Z - - - - - - Delete All User PINs - Z - Z Z - - - - - - - Set Unattended Auto Lock - - - - - - - - - - - - Set Read Only - - - - - - - - - - - - Set Lock Override - - - - - - - - - - - - Create Recovery PINs - - - IS - - - - - - - - Use Recovery PIN - ZIGS - IEZ - - - - - - - - Setup Forced Enrollment - - - - - - - - - - - - Set Minimum PIN Length - - - - - - - - - - - - Set LED Flicker - - - - - - - - - - - - Configurator - IS IS IS IS GE G GE GEO E GE EI Run Diagnostic Mode - - - - - - - - - - - - Set Brute Force Attempts - - - - - - - - - - - - Self-Test - - - - - - - - - - - - Get Status - - - - - - - - - - - - Zeroize Z Z Z Z Z Z Z Z Z - Z - User Reset (FIPS Zeroize) ZGS Z Z Z Z ZGE ZG Z Z ZG Z - Provision Lock - - - - - - - - - - - - Table 11 – CSP and Public Key Access by Service Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 13 of 17 9. Physical Security Policy Epoxy coating The module incorporates a hard, opaque, tamper-evident, production-grade epoxy coating encapsulating all electrical components containing critical security parameters. Attempts to remove the epoxy will cause damage to these components. Note: The module hardness testing was only performed at an ambient, single temperature (i.e. 73.4° F) and no assurance is provided for Level 2 hardness conformance at any other temperature. Physical Security Mechanisms Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Hard, opaque, tamper-evident, production-grade epoxy coating. In accordance with the Administrator’s organizational policy or every 3 months. Inspect the cryptographic boundary for scratches, gouges, scrapes, deformations, and any other suspicious signs of malice and tampering. If any evidence of tampering exists, the Administrator role is required to cease use of the cryptographic module immediately. Table 12 – Physical Security 10. Regulatory Compliance The cryptographic module has been tested for and passes the following: EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 14 of 17 11. Security Rules 11.1 Initialization Period of the Cryptographic Module The Administrator role is responsible for the overall security of the module and initializing the cryptographic module into the FIPS Approved mode of operation. The Administrator shall perform one (1) of the following two (2) procedures to set the initial Admin PIN and initialize the module into FIPS mode: 1. Wake up the module by plugging the device into a USB port to power up. The BLUE and GREEN LEDs will glow solidly. a. Press UNLOCK + 9 at the same time. The BLUE LED will glow solidly, and the GREEN LED will be blinking. b. Enter the series of numbers used for the Admin PIN and press the UNLOCK button. c. Re-enter that same PIN and press the UNLOCK button again. The GREEN LED will illuminate for one second followed by the BLUE LED glowing solidly by itself. d. Push the Lock button. 2. Execute the “Configurator” service to perform the initialization of the module with the following settings: a. Amount of brute-force attempts of incorrect authentication data before the module locks: maximum of ten (10) attempts b. Minimum PIN length: seven (7) digits The Configurator GUI application is outside of the module’s FIPS 140-2 validation scope. It resides on the host PC used by the Cryptographic Officer during module initialization. Upon completion of the initialization period, the module’s LED status will indicate a solid RED LED. The cryptographic module only supports a FIPS Approved mode of operation, therefore a non-compliant configuration is out of scope for this validation. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 15 of 17 11.2 FIPS Approved Mode • The cryptographic module always runs in a FIPS Approved mode of operation (i.e., non-FIPS mode is not supported). It is possible to determine that the module is in FIPS mode by powering up the module (automatically invoking the self-tests) and observing LED status as follows: RED LED is solid on to indicate self-tests completed successfully; RED LED is flashing to indicate an error state, including failure of a power-up self-test as well as failure of a conditional self-test. • Power on self-tests are run automatically when the device is powered. This can happen when power is applied through the USB port. • The firmware revision can be determined by the following procedure: 1. Push the Unlock button to bring the module out of a sleep state or plug into a powered USB port. 2. Push the Lock + 1 keys at the same time and release. 3. Push and hold the 0 key, the LEDs will flash Red and Blue for 5 seconds then all the LEDs will come on for 1 second. Release the 0 key. 4. The LEDs will flash the firmware revision: Example: a. 2 Blue LED blinks = 2 b. Then 1 Red blink = . (period) c. Then 1 Blue blinks = 2 d. Then Blue LED on solid = end of sequence This firmware revision shows 2.2 • The hardware P/N and version can be determined by checking whether one of the below containing products are in use: o Aegis Fortress - 4TRES37 REV B (contains AFESG2-1 Rev A2) o Aegis Padlock SSD - PLSSD37 REV C (contains AFESG2-2 Rev A2) o Aegis Padlock DT FIPS - APLDT37 REV B (contains AFESG2-3 Rev A2) • The cryptographic module enforces separation of all data inputs, data outputs, control inputs, status outputs via defined ports and interfaces. • The cryptographic module receives power via its defined power interface. • The cryptographic module does not support a maintenance interface or bypass capability. • The cryptographic module does not support the output of any secret keys, private keys, or CSPs in any form. • During error states, the cryptographic module enforces the inhibition of all data outputs, ceases to provide any cryptographic or otherwise security relevant services, and provides non-security relevant error status. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 16 of 17 • The cryptographic module supports role-based authentication. • The Administrator and General User roles are explicitly prohibited from sharing PINs with any other operator. In the event that the Administrator role shares his or her PIN, the cryptographic module is deemed non-compliant and unfit for service to protect sensitive but unclassified data. • The cryptographic module provides a hard, opaque, tamper-evident, production- grade epoxy encapsulating all electrical components containing CSPs. • The cryptographic module enforces a non-modifiable operational environment. • The cryptographic module protects all critical security parameters from unauthorized disclosure, modification, and substitution. • The cryptographic module provides a non-Approved non-deterministic hardware random number generator strictly for the purpose of seeding the Approved deterministic random bit generator. • The cryptographic module does not support manual key entry. • The cryptographic module supports zeroization to destroy all critical security parameters. All CSPs are destroyed with the User Reset (FIPS Zeroize) service. • The cryptographic module conforms to applicable EMI/EMC requirements. • The cryptographic module generates cryptographic keys whose strengths are up to 256 bits of security. • As per IG A.9, the AES-XTS implementation verifies that Key_1 ≠ Key_2, before the keys are to be used. • The cryptographic module performs all required self-tests: o Power-up Self-tests 1. SHA-256 KAT 2. SP 800-90A HASH DRBG KAT and Health Check 3. AES-XTS Encrypt KAT (AES Cert. #C1597) 4. AES-XTS Decrypt KAT (AES Cert. #C1597 5. AES-CBC Decrypt KAT (AES Cert. #C877) 6. KAS-ECC KAT, inclusive of SSC and KDA 7. Firmware integrity test (16-bit EDC) o Conditional Self-tests 1. NDRNG Continuous Test 2. ECDH Pairwise Consistency Test 3. SP 800-56A-rev3 Conditional Tests 4. DRBG Continuous Test: N/A as allowed by IG 9.8 5. Firmware load test: N/A 6. Manual key entry test: N/A 7. Bypass test: N/A • The operator may invoke self-tests on demand by power cycling the cryptographic module. Apricorn FIPS 140-2 Encryption System Gen 2 Cryptographic Module Security Policy © Apricorn 2.3 Page 17 of 17 12. Mitigation of Other Attacks Policy The module is not designed to mitigate any specific attacks outside the scope of FIPS 140-2. Other Attacks Mitigation Mechanism Specific Limitations Not applicable Not applicable Not applicable Table 13 – Mitigation of Other Attacks 13. Acronyms - AES: Advanced Encryption Standard - CBC: Cipher Block Chaining - CCCS: Canadian Centre for Cyber Security - CMVP: Cryptographic Module Validation Program - CSP: Critical Security Parameters - DRBG: Deterministic Random Bit Generator - EC DH: Elliptic Curve Diffie-Hellman - EDC: Error Detection Code - EMI/EMC: Electromagnetic Interference/Electromagnetic Compatibility - FIPS: Federal Information Processing Standards - KAT: Known Answer Test - LED: Light Emitting Diode - NIST: National Institute of Standards and Technology - NDRNG: Non-Deterministic Random Number Generator - N/A: Not Applicable - PCB: Printed Circuit Board - PIN: Personal Identification Numbers - RNG: Random Number Generator - SHA: Secure Hashing Algorithm - USB: Universal Serial Bus - XTS: XEX Tweakable Block Cipher with Ciphertext Stealing