This page was not yet optimized for use on mobile
devices.
FortiGate-1200D[1], FortiGate-1500D[2], FortiGate-2000E[3] and FortiGate-2500E[4]
Certificate #3227
Webpage information
Security policy
Symmetric Algorithms
AES-256, AES, Triple-DES, HMAC, HMAC-SHA-256Asymmetric Algorithms
ECDSA, Diffie-HellmanHash functions
SHA-1, SHA1, SHA-256, SHA-384, SHA-512, MD5Schemes
Key agreementProtocols
SSH, SSL, TLS 1.2, TLS, TLS 1.1, IKE, IKEv2, IPsec, VPNRandomness
DRBG, RBGElliptic Curves
P-256, P-384, P-521, secp256r1, secp384r1, secp521r1Block cipher modes
CBC, CTR, GCMSecurity level
Level 2Certification process
out of scope, the FortiGate-2000E and 2500E. Any firmware version that is not shown on the module certificate is out of scope of this validation and requires a separate FIPS 140-2 validation. Figures 1 to 4 are representativeStandards
FIPS 140-2, FIPS140-2, NIST SP 800-90A, NIST SP 800-133, SP 800-52, PKCS1, RFC 5246, RFC 5288File metadata
| Title | FortiOS 5.4 FIPS Level 2- 2U Security Policy |
|---|---|
| Author | Fortinet Technical Documentation |
| Creation date | D:20180522151224-04'00' |
| Modification date | D:20180522151224-04'00' |
| Pages | 38 |
| Producer | madbuild |
Heuristics
Automated inference - use with caution
All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3227,
"dgst": "fdc4dddb01a836f6",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES#4628",
"AES#4604",
"SHS#3777",
"SHS#3779",
"CVL#1329",
"ECDSA#1130",
"CVL#1287",
"HMAC#3063",
"RSA#2512",
"ECDSA#1137",
"SHS#3792",
"RSA#2526",
"HMAC#3052",
"CVL#1288",
"KTS#4628",
"AES#4602",
"DRBG#1543",
"RSA#2510",
"ECDSA#1129",
"CVL#1272",
"HMAC#3053",
"KTS#3063",
"HMAC#3050",
"SHS#3781",
"AES#4607"
]
},
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:h:fortinet:fortigate-1200d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortigate-1500d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortigate_2000e:-:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortigate_1500d:-:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"5.4"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECDSA": {
"ECDSA": 11
}
},
"FF": {
"DH": {
"Diffie-Hellman": 16
}
}
},
"certification_process": {
"OutOfScope": {
"out of scope": 1,
"the FortiGate-2000E and 2500E. Any firmware version that is not shown on the module certificate is out of scope of this validation and requires a separate FIPS 140-2 validation. Figures 1 to 4 are representative": 1
}
},
"cipher_mode": {
"CBC": {
"CBC": 6
},
"CTR": {
"CTR": 1
},
"GCM": {
"GCM": 8
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 26,
"IKEv2": 1
},
"IPsec": {
"IPsec": 26
},
"SSH": {
"SSH": 16
},
"TLS": {
"SSL": {
"SSL": 3
},
"TLS": {
"TLS": 10,
"TLS 1.1": 1,
"TLS 1.2": 1
}
},
"VPN": {
"VPN": 24
}
},
"crypto_scheme": {
"KA": {
"Key agreement": 2
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 12,
"P-384": 8,
"P-521": 8,
"secp256r1": 1,
"secp384r1": 1,
"secp521r1": 1
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1272": 3,
"#1287": 3,
"#3063": 1,
"#4628": 1
}
},
"fips_certlike": {
"Certlike": {
"AES Cert. #4628": 1,
"AES-256": 1,
"HMAC Cert. #3063": 2,
"HMAC SHA-1": 6,
"HMAC SHA-1 3050": 1,
"HMAC SHA-256": 9,
"HMAC SHA-256 3050": 1,
"HMAC SHA-384": 2,
"HMAC SHA-384 3050": 1,
"HMAC SHA-512": 2,
"HMAC SHA-512 3050": 1,
"HMAC-SHA-256": 2,
"PKCS1": 1,
"RSA PKCS1": 1,
"SHA- 1": 1,
"SHA-1": 9,
"SHA-1 3050": 1,
"SHA-1 3777": 1,
"SHA-256": 12,
"SHA-384": 5,
"SHA-512": 3,
"SHA-512 3050": 1,
"SHA-512 3777": 1,
"SHA1": 1
}
},
"fips_security_level": {
"Level": {
"Level 2": 6
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 1
}
},
"SHA": {
"SHA1": {
"SHA-1": 11,
"SHA1": 1
},
"SHA2": {
"SHA-256": 12,
"SHA-384": 5,
"SHA-512": 5
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 32
},
"RNG": {
"RBG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-2": 56,
"FIPS140-2": 1
},
"NIST": {
"NIST SP 800-133": 1,
"NIST SP 800-90A": 1,
"SP 800-52": 1
},
"PKCS": {
"PKCS1": 1
},
"RFC": {
"RFC 5246": 1,
"RFC 5288": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 26,
"AES-256": 1
}
},
"DES": {
"3DES": {
"Triple-DES": 2
}
},
"constructions": {
"MAC": {
"HMAC": 24,
"HMAC-SHA-256": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Fortinet Technical Documentation",
"/CreationDate": "D:20180522151224-04\u002700\u0027",
"/Keywords": "",
"/ModDate": "D:20180522151224-04\u002700\u0027",
"/Producer": "madbuild",
"/Subject": "",
"/Title": "FortiOS 5.4 FIPS Level 2- 2U Security Policy ",
"pdf_file_size_bytes": 2276800,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://fortiguard.com/",
"https://www.fortinet.com/support-and-training/training.html",
"http://forticast.fortinet.com/",
"http://fortiguard.com/",
"https://support.fortinet.com/",
"https://training.fortinet.com/",
"http://www.fortinet.com/contact",
"http://kb.fortinet.com/",
"http://cookbook.fortinet.com/",
"https://video.fortinet.com/",
"http://csrc.nist.gov/groups/STM/cmvp/index.html",
"https://www.fortinet.com/doc/legal/EULA.pdf",
"http://www.fortinet.com/support",
"http://cookbook.fortinet.com/how-to-work-with-fortinet-support/",
"https://docs.fortinet.com/",
"http://docs.fortinet.com/",
"http://www.fortinet.com/products",
"https://blog.fortinet.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 38
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "5c5700f5ac9f4912efe9a038218436428f3ed55da518981471526845999419ac",
"policy_txt_hash": "f735923b88fe55d82f03489cdc57c7a3e2f1017c774dedc59b332cc90997fed6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. No assurance of the minimum strength of generated keys",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/JulyConsolidatedCert.pdf",
"date_sunset": null,
"description": "The FortiOS is a firmware based operating system that runs exclusively on Fortinet\u0027s FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Cryptographic Module Ports and Interfaces: Level 3",
"Roles, Services, and Authentication: Level 3",
"Design Assurance: Level 3"
],
"fw_versions": "FortiOS 5.4, b9791, 170802 [1,2], FortiOS 5.4, b3145, 170602 [3,4]",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "C1AC57 [1], C1AA64 [2], C1AF49 [3] and C1AF51 [4] with Tamper Evident Seal Kits: FIPS-SEAL-RED",
"level": 2,
"mentioned_certs": {},
"module_name": "FortiGate-1200D[1], FortiGate-1500D[2], FortiGate-2000E[3] and FortiGate-2500E[4]",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2018-07-12",
"lab": "CGI Information Systems \u0026 Management Consultants Inc",
"validation_type": "Initial"
}
],
"vendor": "Fortinet, Inc.",
"vendor_url": "http://www.fortinet.com"
}
}