This page was not yet optimized for use on mobile devices.
ExtraHop Cryptographic Module
Certificate #4561
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, CAST, CAST5, RC4, RC5, RC2, DES, Triple-DES, TDES, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, ARIA, SM4, SEED, HMAC, CMACAsymmetric Algorithms
ECDH, ECDSA, EdDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA3-224, SHA3-384, SHA3-256, SHA3-512, SHA-3, Blake2, MD4, MD5, RIPEMD, PBKDF, PBKDF2Schemes
MAC, Key Agreement, Key agreementProtocols
SSH, TLS, TLS v1.2, TLS v1.3, TLS 1.2, TLS 1.3Randomness
DRBG, RNG, RBGElliptic Curves
P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XEX, XTSJavaCard API constants
SM2Trusted Execution Environments
PSP, SSCVendor
MicrosoftSecurity level
Level 1Standards
FIPS 140-3, FIPS PUB 186-4, FIPS PUB 198-1, FIPS PUB 197, FIPS PUB 202, FIPS PUB 180-4, NIST SP 800-38A, NIST SP 800-38B, NIST SP 800-38C, NIST SP 800-38D, NIST SP 800-38E, NIST SP 800-38F, NIST SP 800-132, NIST SP 800-67, SP 800-38A, SP 800-38B, NIST SP 800-52, PKCS#1, PKCS #1, RFC25, RFC 8446, RFC 5288, RFC 5246, ISO/IEC 19790, ISO/IEC 24579, ISO/IEC 19790:2012, ISO/IEC 19790:2021File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | Corsec Security, Inc. |
| Creation date | D:20230712104617-04'00' |
| Modification date | D:20230712104617-04'00' |
| Pages | 39 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
12.02.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The status property was set to
revoked. - The historical_reason property was set to
None. - The revoked_reason property was set to
Non-conformance to the FIPS 140-3 standard identified.
- The status property was set to
-
02.01.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The status property was set to
historical. - The historical_reason property was set to
Non-conformance to the FIPS 140-3 standard identified. - The date_sunset property was set to
None.
- The status property was set to
-
18.09.2023 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name ExtraHop Cryptographic Module was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4561,
"dgst": "315ef9b31f21c15d",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA KeyGen (FIPS186-4)A2293",
"TDES-OFBA2293",
"ECDSA SigVer (FIPS186-4)A2293",
"TDES-CBCA2293",
"AES-OFBA2293",
"SHA3-512A2293",
"AES-GCMA2293",
"RSA SigVer (FIPS186-4)A2293",
"HMAC-SHA3-256A2293",
"TDES-CMACA2293",
"AES-GMACA2293",
"AES-CCMA2293",
"SHAKE-256A2293",
"HMAC-SHA3-224A2293",
"HMAC-SHA2-224A2293",
"TDES-CFB64A2293",
"TDES-CFB1A2293",
"SHAKE-128A2293",
"Counter DRBGA2293",
"KAS-ECC-SSC Sp800-56Ar3A2293",
"AES-CMACA2293",
"DSA SigVer (FIPS186-4)A2293",
"KDF TLSA2293",
"SHA-1A2293",
"TLS v1.2 KDF RFC7627A2293",
"AES-CTRA2293",
"HMAC-SHA-1A2293",
"SHA3-256A2293",
"SHA3-224A2293",
"SHA3-384A2293",
"AES-CFB8A2293",
"AES-CFB128A2293",
"ECDSA KeyVer (FIPS186-4)A2293",
"AES-KWA2293",
"KDA HKDF SP800-56Cr2A2293",
"DSA KeyGen (FIPS186-4)A2293",
"DSA PQGVer (FIPS186-4)A2293",
"AES-CBCA2293",
"SHA2-256A2293",
"HMAC-SHA3-512A2293",
"SHA2-224A2293",
"AES-KWPA2293",
"TDES-CFB8A2293",
"AES-ECBA2293",
"AES-XTSA2293",
"AES-CFB1A2293",
"KAS-FFC-SSC Sp800-56Ar3A2293",
"KDF SSHA2293",
"RSA KeyGen (FIPS186-4)A2293",
"HMAC-SHA3-384A2293",
"DSA PQGGen (FIPS186-4)A2293",
"PBKDFA2293",
"HMAC-SHA2-256A2293",
"TDES-ECBA2293",
"SHA2-512A2293",
"RSA SigGen (FIPS186-4)A2293",
"TLS v1.3 KDFA2294",
"HMAC-SHA2-512A2293",
"SHA2-384A2293",
"HMAC-SHA2-384A2293"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 3
},
"ECDH": {
"ECDH": 11
},
"ECDSA": {
"ECDSA": 26
},
"EdDSA": {
"EdDSA": 3
}
},
"FF": {
"DH": {
"DH": 12,
"Diffie-Hellman": 2
},
"DSA": {
"DSA": 25
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 8
},
"CCM": {
"CCM": 3
},
"CFB": {
"CFB": 3
},
"CTR": {
"CTR": 5
},
"ECB": {
"ECB": 9
},
"GCM": {
"GCM": 37
},
"OFB": {
"OFB": 8
},
"XEX": {
"XEX": 2
},
"XTS": {
"XTS": 4
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 18
},
"TLS": {
"TLS": {
"TLS": 34,
"TLS 1.2": 3,
"TLS 1.3": 1,
"TLS v1.2": 3,
"TLS v1.3": 2
}
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 3,
"Key agreement": 2
},
"MAC": {
"MAC": 11
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"B-163": 2,
"B-233": 4,
"B-283": 4,
"B-409": 4,
"B-571": 4,
"K-163": 4,
"K-233": 6,
"K-283": 4,
"K-409": 4,
"K-571": 4,
"P-192": 8,
"P-224": 14,
"P-256": 8,
"P-384": 8,
"P-521": 8
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"Certificate6": 4
}
},
"fips_certlike": {
"Certlike": {
"AES GCM encrypt KAT50": 1,
"AES-CMAC 128": 1,
"AES-GCM 128": 1,
"CVL23": 1,
"DRBG 9": 1,
"DRBG27": 1,
"DSA28": 1,
"HMAC 128": 2,
"PKCS #1": 2,
"PKCS#1": 6,
"RSA39": 1,
"SHA-1": 13,
"SHA-256": 1,
"SHA-3": 1,
"SHA2- 256": 6,
"SHA2- 384": 4,
"SHA2- 512": 5,
"SHA2-224": 13,
"SHA2-256": 17,
"SHA2-384": 11,
"SHA2-512": 11,
"SHA3- 224": 1,
"SHA3- 256": 1,
"SHA3- 384": 1,
"SHA3- 512 112": 1,
"SHA3-224": 3,
"SHA3-256": 4,
"SHA3-384": 3,
"SHA3-512": 3,
"SHS42": 1
}
},
"fips_security_level": {
"Level": {
"Level 1": 3
}
},
"hash_function": {
"BLAKE": {
"Blake2": 3
},
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 2
}
},
"PBKDF": {
"PBKDF": 6,
"PBKDF2": 5
},
"RIPEMD": {
"RIPEMD": 2
},
"SHA": {
"SHA1": {
"SHA-1": 13
},
"SHA2": {
"SHA-256": 1
},
"SHA3": {
"SHA-3": 1,
"SHA3-224": 3,
"SHA3-256": 4,
"SHA3-384": 3,
"SHA3-512": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {
"curves": {
"SM2": 2
}
},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 45
},
"RNG": {
"RBG": 2,
"RNG": 4
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 20,
"FIPS PUB 180-4": 1,
"FIPS PUB 186-4": 5,
"FIPS PUB 197": 2,
"FIPS PUB 198-1": 1,
"FIPS PUB 202": 1
},
"ISO": {
"ISO/IEC 19790": 6,
"ISO/IEC 19790:2012": 1,
"ISO/IEC 19790:2021": 1,
"ISO/IEC 24579": 4
},
"NIST": {
"NIST SP 800-132": 2,
"NIST SP 800-38A": 1,
"NIST SP 800-38B": 2,
"NIST SP 800-38C": 2,
"NIST SP 800-38D": 6,
"NIST SP 800-38E": 2,
"NIST SP 800-38F": 2,
"NIST SP 800-52": 1,
"NIST SP 800-67": 2,
"SP 800-38A": 1,
"SP 800-38B": 1
},
"PKCS": {
"PKCS #1": 1,
"PKCS#1": 3
},
"RFC": {
"RFC 5246": 1,
"RFC 5288": 1,
"RFC 8446": 1,
"RFC25": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 98
},
"CAST": {
"CAST": 4,
"CAST5": 3
},
"RC": {
"RC2": 2,
"RC4": 3,
"RC5": 3
}
},
"DES": {
"3DES": {
"TDES": 1,
"Triple-DES": 20
},
"DES": {
"DES": 5
}
},
"constructions": {
"MAC": {
"CMAC": 23,
"HMAC": 26
}
},
"djb": {
"ChaCha": {
"ChaCha20": 3
},
"Poly": {
"Poly1305": 2
}
},
"miscellaneous": {
"ARIA": {
"ARIA": 3
},
"Blowfish": {
"Blowfish": 3
},
"Camellia": {
"Camellia": 3
},
"IDEA": {
"IDEA": 3
},
"SEED": {
"SEED": 3
},
"SM4": {
"SM4": 3
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 1
}
},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Corsec Security, Inc.",
"/CreationDate": "D:20230712104617-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20230712104617-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 886586,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://csrc.nist.gov/groups/STM/cmvp",
"http://www.corsec.com/",
"http://www.extrahop.com/",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search",
"mailto:[email protected]",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34903",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14787",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14786"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 39
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "2caf156a884d9abcacc495f4696817b3e9f5cb2231adfbb5148525d9df60342c",
"policy_txt_hash": "ecb6c157586183204affae508d27f00080dde87ff63a895d0a8954df3ca89dd6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When operated in approved mode. No assurance of the minimum strength of generated keys",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf",
"date_sunset": null,
"description": "The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "ExtraHop Cryptographic Module",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": "Non-conformance to the FIPS 140-3 standard identified",
"standard": "FIPS 140-3",
"status": "revoked",
"sw_versions": "1.0",
"tested_conf": [
"ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA",
"ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA",
"ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA",
"ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2023-08-28",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
}
],
"vendor": "ExtraHop Networks, Inc.",
"vendor_url": "http://www.extrahop.com"
}
}