NetApp CryptoMod

Certificate #4144

Webpage information

Status active
Validation dates 03.02.2022
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat None
Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Description CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption for NetApp’s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software only cryptographic module.
Tested configurations
  • (single-user mode)
  • ONTAP 9.7P6 running on AFF A800 system with an Intel® Xeon® Platinum 8160 with PAA
  • ONTAP 9.7P6 running on AFF A800 system with an Intel® Xeon® Platinum 8160 without PAA
  • ONTAP 9.7P6 running on FAS2650 system with an Intel® Xeon® D-1528 with PAA
  • ONTAP 9.7P6 running on FAS2650 system with an Intel® Xeon® D-1528 without PAA
  • ONTAP 9.7P6 running on FAS8300 system with an Intel® Xeon® Silver 4210 with PAA
  • ONTAP 9.7P6 running on FAS8300 system with an Intel® Xeon® Silver 4210 without PAA
Vendor NetApp, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.
Certificate
Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms
AES, AES-256, HMAC, HMAC-SHA-256
Hash functions
SHA-1, SHA-256, SHA-512, PBKDF2
Schemes
MAC
Randomness
DRBG
Block cipher modes
ECB, CBC, CTR, GCM, CCM, XTS

Vendor
Microsoft

Security level
Level 1, level 1

Standards
FIPS 140-2, FIPS 198-1, FIPS 180-4, FIPS 197, NIST SP 800-90A, NIST SP 800-133, SP 800-132, SP 800-38E, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-108, SP 800-133

File metadata

Title Technical Report Template 2013
Author mcnulty
Creation date D:20210913085244-04'00'
Modification date D:20210913085244-04'00'
Pages 18
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates

  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate data changed.
  • The certificate was first processed.

Raw data 

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4144,
  "dgst": "fbc1f6898b3fd1d2",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "DRBG#C1884",
        "KBKDF#C1884",
        "AES#C1885",
        "SHS#C1884",
        "KTS#C1884",
        "AES#C1884",
        "KTS#C1885",
        "SHS#C1885",
        "HMAC#C1884",
        "DRBG#C1885",
        "HMAC#C1885",
        "KBKDF#C1885"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {},
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CCM": {
          "CCM": 8
        },
        "CTR": {
          "CTR": 4
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 11
        },
        "XTS": {
          "XTS": 6
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (128": 2,
          "AES CBC 128, 256": 1,
          "AES GCM (128": 1,
          "AES-256": 2,
          "DRBG 128": 1,
          "DRBG 2": 1,
          "HMAC 160": 2,
          "HMAC SHA-1": 3,
          "HMAC SHA-256": 1,
          "HMAC SHA-512": 2,
          "HMAC SHA-512 15": 1,
          "HMAC-SHA-256": 2,
          "SHA-1": 5,
          "SHA-256": 4,
          "SHA-512": 4,
          "SHA-512 15": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3,
          "level 1": 1
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF2": 10
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA2": {
            "SHA-256": 5,
            "SHA-512": 4
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 22
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 20,
          "FIPS 180-4": 2,
          "FIPS 197": 1,
          "FIPS 198-1": 2
        },
        "NIST": {
          "NIST SP 800-133": 1,
          "NIST SP 800-90A": 2,
          "SP 800-108": 1,
          "SP 800-132": 2,
          "SP 800-133": 1,
          "SP 800-38A": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 1,
          "SP 800-38E": 2,
          "SP 800-38F": 1,
          "SP 800-90A": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 34,
            "AES-256": 2
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 14,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 1
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "mcnulty",
      "/CreationDate": "D:20210913085244-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20210913085244-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "Technical Report Template 2013",
      "pdf_file_size_bytes": 360207,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf",
          "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
          "https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198-1_final.pdf",
          "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
          "https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
          "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 18
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "a1b1062587fb67a1078848913031489dd58a467960e9527925cea49d0f6d2354",
    "policy_txt_hash": "67d2f61da5ea30a9499529f7f2d6cea1e2efcb35cc6fcaee995f158802ef6b5c"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "None",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/February 2022_010322_0121_Signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "CryptoMod is a software cryptographic module whose purpose is to provide encryption/decryption for NetApp\u2019s ONTAP Operating System (OS) kernel. The CryptoMod module makes use of the AES-NI instruction set in Intel processors. Since CryptoMod can support non-PAA implementations as well as PAA implementations of the pertinent cryptographic algorithms, CryptoMod is designated as a software only cryptographic module.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "NetApp CryptoMod",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "v2.2",
    "tested_conf": [
      "(single-user mode)",
      "ONTAP 9.7P6 running on AFF A800 system with an Intel\u00ae Xeon\u00ae Platinum 8160 with PAA",
      "ONTAP 9.7P6 running on AFF A800 system with an Intel\u00ae Xeon\u00ae Platinum 8160 without PAA",
      "ONTAP 9.7P6 running on FAS2650 system with an Intel\u00ae Xeon\u00ae D-1528 with PAA",
      "ONTAP 9.7P6 running on FAS2650 system with an Intel\u00ae Xeon\u00ae D-1528 without PAA",
      "ONTAP 9.7P6 running on FAS8300 system with an Intel\u00ae Xeon\u00ae Silver 4210 with PAA",
      "ONTAP 9.7P6 running on FAS8300 system with an Intel\u00ae Xeon\u00ae Silver 4210 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2022-02-03",
        "lab": "Lightship Security, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "NetApp, Inc.",
    "vendor_url": "http://www.netapp.com"
  }
}