This page was not yet optimized for use on mobile devices.

Sophos Cryptographic Module

Certificate #4925

Webpage information ?

Status	active
Validation dates	18.12.2024
Sunset date	10-07-2029
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	No assurance of the minimum strength of generated SSPs (e.g., keys).
Exceptions	Physical security: N/A Non-invasive security: N/A Life-cycle assurance: Level 3 Documentation requirements: N/A Cryptographic module security policy: N/A
Description	The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-3 validated cryptography for the protection of sensitive information.
Vendor	Sophos Ltd.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Webpage

Security policy ?

Security target PDF TXT

Symmetric Algorithms

AES, CAST, HMAC, KMAC, CMAC

Asymmetric Algorithms

ECDSA, EdDSA, ECC, DHE, DSA

Hash functions

SHA2, SHA3, SHAKE128, SHAKE256, PBKDF

Schemes

MAC, Key agreement, Key Agreement, AEAD

Protocols

SSH, TLS v1.2, TLS v1.3, TLS 1.3, TLS, TLS 1.2

Randomness

DRBG, RBG

Libraries

OpenSSL

Block cipher modes

CTR, GCM, CCM

JavaCard API constants

ED25519, ED448

Trusted Execution Environments

PSP, SSC

Security level

Level 1

Side-channel analysis

timing attacks

Standards

FIPS 202, PKCS 1, RFC7627, RFC 5288, RFC 5647, RFC 8446, RFC8446, ISO/IEC 19790:2012

File metadata

Title	Microsoft Word - Sophos FIPS 140-3 Security Policy_Output_TRD1_2024-10-21.docx
Author	Rachel Shelby
Creation date	D:20241021161438-07'00'
Modification date	D:20241021161438-07'00'
Pages	40
Creator	PScript5.dll Version 5.2.2
Producer	Acrobat Distiller 24.0 (Windows)

References

Outgoing

210 - historical - VPN 3000 Concentrator Series

Heuristics ?

No heuristics are available for this certificate.

References ?

Updates ?

23.12.2024 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4925,
  "dgst": "f4fc1ac61a9e62b9",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": {
        "_type": "Set",
        "elements": [
          "210"
        ]
      },
      "indirectly_referenced_by": null,
      "indirectly_referencing": {
        "_type": "Set",
        "elements": [
          "147",
          "100",
          "210"
        ]
      }
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": [
        "210"
      ]
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 8
          },
          "ECDSA": {
            "ECDSA": 23
          },
          "EdDSA": {
            "EdDSA": 4
          }
        },
        "FF": {
          "DH": {
            "DHE": 1
          },
          "DSA": {
            "DSA": 23
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 3
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 10
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 4
        },
        "TLS": {
          "TLS": {
            "TLS": 3,
            "TLS 1.2": 1,
            "TLS 1.3": 1,
            "TLS v1.2": 4,
            "TLS v1.3": 5
          }
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 17
        },
        "MAC": {
          "MAC": 16
        }
      },
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#210": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "PKCS 1": 4,
          "SHA2": 1,
          "SHA3": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 10
        },
        "SHA": {
          "SHA2": {
            "SHA2": 1
          },
          "SHA3": {
            "SHA3": 1
          }
        },
        "SHAKE": {
          "SHAKE128": 1,
          "SHAKE256": 1
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "ED25519": 4,
          "ED448": 4
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 37
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 202": 6
        },
        "ISO": {
          "ISO/IEC 19790:2012": 3
        },
        "PKCS": {
          "PKCS 1": 2
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 5647": 1,
          "RFC 8446": 1,
          "RFC7627": 4,
          "RFC8446": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 10
          },
          "CAST": {
            "CAST": 73
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 6,
            "HMAC": 19,
            "KMAC": 7
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 12
        },
        "IBM": {
          "SSC": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Rachel Shelby",
      "/CreationDate": "D:20241021161438-07\u002700\u0027",
      "/Creator": "PScript5.dll Version 5.2.2",
      "/ModDate": "D:20241021161438-07\u002700\u0027",
      "/Producer": "Acrobat Distiller 24.0 (Windows)",
      "/Title": "Microsoft Word - Sophos FIPS 140-3 Security Policy_Output_TRD1_2024-10-21.docx",
      "pdf_file_size_bytes": 619089,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 40
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "32fd6f5dd5c29b537cd71bb4ea9c82b3629d867d1ce6281c44bedeb8e4d50087",
    "policy_txt_hash": "47c2a95c8f8e3bb2f788c72b61bb043e2bb859a6b138ffa08b3fb3c3022dddc5"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
    "certificate_pdf_url": null,
    "date_sunset": "2029-07-10",
    "description": "The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-3 validated cryptography for the protection of sensitive information.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Life-cycle assurance: Level 3",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Sophos Cryptographic Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-12-18",
        "lab": "DEKRA Certification, Inc.",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Sophos Ltd.",
    "vendor_url": null
  }
}