This page was not yet optimized for use on mobile
devices.
Forcepoint Next Generation Firewall
Known vulnerabilities detected
Our automated heuristics have identified vulnerabilities that may be associated with this certificate. See the CVEs section for details.Certificate #3317
Webpage information
Security policy
Symmetric Algorithms
AES, DES, Triple-DES, TDES, HMAC, HMAC-SHA-224, HMAC-SHA-384, HMAC-SHA-256Asymmetric Algorithms
ECDH, ECDSA, Diffie-Hellman, DH, DSAHash functions
SHA-1, SHA-224, SHA-384, SHA-512, SHA-256, PBKDF2, PBKDFSchemes
Key Exchange, Key exchange, Key agreementProtocols
SSH, SSL, TLS, TLS v1.2, TLS 1.2, IKE, IKEv1, IKEv2, IPsec, VPNRandomness
DRBG, RNGLibraries
OpenSSLElliptic Curves
P-224, P-256, P-384, P-521, P-192Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCMTrusted Execution Environments
SESecurity level
Level 2, Level 1, Level 9Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 180-4, FIPS 198-1, NIST SP 800-67, NIST SP 800-56A, SP 800-90A, NIST SP 800-90A, SP 800-135, SP 800-108, SP 800-132, SP 800-133, SP 800-38F, SP 800-38D, PKCS 45, PKCS#1, RFC 5288, RFC 4106, X.509File metadata
| Title | Microsoft Word - 1B - Forcepoint NGFW Security Policy 20181024.docx |
|---|---|
| Creation date | D:20181024233616Z00'00' |
| Modification date | D:20181024233616Z00'00' |
| Pages | 53 |
| Creator | Word |
| Producer | Mac OS X 10.13.5 Quartz PDFContext |
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.CPE matches
Related CVEs
| ID | Links | Severity | CVSS Score | Published on | ||
|---|---|---|---|---|---|---|
| Base | Exploitability | Impact | ||||
| CVE-2019-6143 | CRITICAL | 9.1 | 5.2 | 20.08.2019 | ||
| CVE-2019-6147 | MEDIUM | 5.9 | 3.6 | 23.12.2019 | ||
| CVE-2021-41530 | HIGH | 7.5 | 3.6 | 04.10.2021 | ||
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3317,
"dgst": "e6d41d208672a4e5",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"Triple-DES#2774",
"RSA#2957",
"SHS#4427",
"AES#5513",
"CVL#1961",
"KTS#2778",
"DRBG#2181",
"KTS#2776",
"SHS#4426",
"HMAC#3429",
"ECDSA#1480",
"RSA#2958",
"KTS#3670",
"KTS#3668",
"SHS#4423",
"AES#5511",
"KTS#3672",
"HMAC#3672",
"HMAC#3670",
"KTS#3671",
"RSA#2959",
"AES#5515",
"KTS#3429",
"RSA#2777",
"CVL#1962",
"AES#5516",
"HMAC#3671",
"Triple-DES#2777",
"CVL#1957",
"AES#5514",
"KBKDF#231",
"ECDSA#1481",
"HMAC#3667",
"HMAC#3668",
"KTS#2779",
"AES#5168",
"ECDSA#1339",
"KTS#3667",
"HMAC#3669",
"Triple-DES#2778",
"SHS#4424",
"KBKDF#232",
"KTS#2632",
"KTS#3669",
"SHS#4422",
"CVL#1959",
"DRBG#1946",
"KTS#2775",
"Triple-DES#2632",
"KTS#2777",
"KTS#2774",
"CVL#1676",
"CVL#1958",
"CVL#1960",
"ECDSA#1482",
"Triple-DES#2779",
"Triple-DES#2776",
"SHS#4175",
"Triple-DES#2775",
"DRBG#2179",
"KBKDF#230",
"SHS#4425",
"AES#5512",
"DRBG#2180"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:a:forcepoint:next_generation_firewall:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:forcepoint:next_generation_firewall_security_management_center:6.4.1:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"6.4.1.20056"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": {
"_type": "Set",
"elements": [
"CVE-2021-41530",
"CVE-2019-6147",
"CVE-2019-6143"
]
},
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDH": {
"ECDH": 25
},
"ECDSA": {
"ECDSA": 29
}
},
"FF": {
"DH": {
"DH": 24,
"Diffie-Hellman": 19
},
"DSA": {
"DSA": 1
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CFB": {
"CFB": 2
},
"CTR": {
"CTR": 1
},
"ECB": {
"ECB": 5
},
"GCM": {
"GCM": 7
},
"OFB": {
"OFB": 1
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 18
}
},
"crypto_protocol": {
"IKE": {
"IKE": 25,
"IKEv1": 1,
"IKEv2": 3
},
"IPsec": {
"IPsec": 24
},
"SSH": {
"SSH": 2
},
"TLS": {
"SSL": {
"SSL": 38
},
"TLS": {
"TLS": 131,
"TLS 1.2": 18,
"TLS v1.2": 1
}
},
"VPN": {
"VPN": 107
}
},
"crypto_scheme": {
"KA": {
"Key agreement": 1
},
"KEX": {
"Key Exchange": 2,
"Key exchange": 1
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-192": 2,
"P-224": 14,
"P-256": 10,
"P-384": 8,
"P-521": 14
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 256": 1,
"AES 37": 1,
"AES-GCM 41": 1,
"CVL 1676": 3,
"CVL 1958": 2,
"CVL 1962": 2,
"HMAC 49": 2,
"HMAC-SHA-224": 2,
"HMAC-SHA-256": 2,
"HMAC-SHA-384": 2,
"PKCS 45": 2,
"PKCS#1": 4,
"RSA32": 1,
"SHA 48": 1,
"SHA-1": 1,
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1,
"SHA-512": 3,
"SHS 47": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 3,
"Level 9": 1
}
},
"hash_function": {
"PBKDF": {
"PBKDF": 3,
"PBKDF2": 5
},
"SHA": {
"SHA1": {
"SHA-1": 1
},
"SHA2": {
"SHA-224": 1,
"SHA-256": 1,
"SHA-384": 1,
"SHA-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 39
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 36,
"FIPS 180-4": 1,
"FIPS 186-4": 25,
"FIPS 197": 3,
"FIPS 198-1": 1
},
"NIST": {
"NIST SP 800-56A": 1,
"NIST SP 800-67": 2,
"NIST SP 800-90A": 2,
"SP 800-108": 6,
"SP 800-132": 7,
"SP 800-133": 3,
"SP 800-135": 4,
"SP 800-38D": 1,
"SP 800-38F": 5,
"SP 800-90A": 8
},
"PKCS": {
"PKCS 45": 1,
"PKCS#1": 2
},
"RFC": {
"RFC 4106": 1,
"RFC 5288": 1
},
"X509": {
"X.509": 4
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 27
}
},
"DES": {
"3DES": {
"TDES": 4,
"Triple-DES": 5
},
"DES": {
"DES": 7
}
},
"constructions": {
"MAC": {
"HMAC": 25,
"HMAC-SHA-224": 1,
"HMAC-SHA-256": 1,
"HMAC-SHA-384": 1
}
}
},
"tee_name": {
"IBM": {
"SE": 1
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20181024233616Z00\u002700\u0027",
"/Creator": "Word",
"/ModDate": "D:20181024233616Z00\u002700\u0027",
"/Producer": "Mac OS X 10.13.5 Quartz PDFContext",
"/Title": "Microsoft Word - 1B - Forcepoint NGFW Security Policy 20181024.docx",
"pdf_file_size_bytes": 2264186,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 53
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "1ed1e6bdd0c8cf4c1cc4cd33ec719acaec78e381b3f760ff034163fd0af59618",
"policy_txt_hash": "f0d5b4e1b4335b6d36cf52bb8578e1ada5861d171471a83353ec3e270fdfce63"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When configured as specified in the section 3 Secure Operation of the Security Policy with tamper evident labels SKU ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/Consolidated-Nov2018.pdf",
"date_sunset": null,
"description": "Forcepoint NGFW is a next generation firewall that blocks malicious attacks and prevents the theft of data and intellectual property while transforming infrastructure and increasing the efficiency of your operations. With Forcepoint NGFW, painlessly handle the rapid shift to encrypted transmissions for both incoming and outgoing traffic.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "6.4.1.20056.fips.8",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "1101, 2101, 2105, 3305, and 6205",
"level": 2,
"mentioned_certs": {},
"module_name": "Forcepoint Next Generation Firewall",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-11-01",
"lab": "atsec information security corporation",
"validation_type": "Initial"
}
],
"vendor": "Forcepoint",
"vendor_url": "http://www.forcepoint.com"
}
}