U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #2988

Details

Module Name
Citrix FIPS Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
9/29/2025
Validation Dates
08/10/2017;02/07/2019;08/23/2019;09/30/2020;01/06/2021
Overall Level
1
Caveat
When operated in FIPS Mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Software-Hybrid
Embodiment
Multi-Chip Stand Alone
Description
The Citrix FIPS Cryptographic Module is a software toolkit which provides various cryptographic functions to support the Citrix product portfolio.
Tested Configuration(s)
  • Android 4.4 running on a Google Nexus 5 (LG D820) with PAA
  • Android 5 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
  • Android 6 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
  • Android 6 running on a Samsung Galaxy S6 (SM-G920T) with PAA
  • Android 7 running on a Google Nexus 5X (LG H790) with PAA
  • Android 7 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
  • Android 8 64bit running on a Google Pixel 2 with ARM v8-A with PAA
  • Android 9 running on a Google Pixel 2 with ARM v8-A with PAA
  • FreeBSD 8.4 32bit running on a Citrix NetScaler MPX-14000-FIPS with PAA
  • FreeBSD 8.4 64bit running on a Citrix NetScaler MPX-14000-FIPS with PAA
  • iOS 10 64bit running on an Apple 12.9-inch iPad Pro (A1584) with PAA
  • iOS 11 running on an iPhone X with ARM v8-A with PAA
  • Linux 3.10 64bit running on a CyberPowerPC GLC2460 with Intel Core i7 [8th Generation] with PAA
  • Linux 3.13 64bit running on a Lenovo 20EV002JUS with PAA
  • Linux 3.16 on ESXi 5 64bit running on a HP ProLiant DL2000 with PAA
  • Linux 3.16 on Hyper-V on Windows Server 2012 R2 64bit running on a HP ProLiant DL2000 with PAA
  • Linux 3.16 on XenServer 6 64bit running on a Dell PowerEdge C6100 with PAA
  • Linux 4.15 64bit running on a CyberPowerPC GLC2460 with Intel Core i7 [8th Generation with PAA
  • Linux 4.15 64bit running on a HPE ProLiant BL460c Gen9 with Intel Xeon E5-26XX v3 with PAA
  • Linux 4.15 64bit running on a HPE Proliant BL460c Gen9 with Intel Xeon E5-26XX v4 series with PAA
  • Linux 4.x on ESXi 5 64bit running on a HPE ProLiant BL460c Gen9 with Intel Xeon E5-26XX v4 series with PAA
  • Linux 4.x on Hyper-V on Windows Server 2012 R2 64bit running on a HPE ProLiant BL460c Gen9 with Intel Xeon E5-26XX v4 series with PAA
  • Linux 4.x on XenServer 7 64bit running on a Dell PowerEdge R320 with Intel Xeon E5-24XX v2 series with PAA
  • Linux 4.x on XenServer 7 64bit running on a HPE ProLiant BL460c Gen9 with Intel Xeon E5-26XX v4 series with PAA
  • Mac OS X 10.12 64bit running on an Apple Macbook Pro (A1398) with PAA
  • Mac OS X 10.13 64bit running on an Apple Mac Mini with Intel Corei7 [4th Generation] with PAA
  • NoTouch Desktop running on an N-computing RX-HDX for Citrix with ARM v8-A with PAA
  • ViewSonic Thin OS running on a ViewSonic VS16585 with PAA
  • Windows 10 32bit running on a Lenovo 20CD00B2US with PAA
  • Windows 10 64bit running on a CyberPowerPC GLC2460 with Intel Core i7 [8th Generation] with PAA
  • Windows 10 64bit running on a Lenovo 20EV002JUS with PAA
  • Windows 8.1 64bit running on a CyberPowerPC GLC2460 with Intel Corei7 [8th Generation] with PAA
  • Windows Server 2016 on HyperV on Windows Server 2016 64bit running on a HPE ProLiant BL460c Gen9 with Intel Xeon E5-26XX v3 series with PAA
  • Windows Server 2016 on HyperV on Windows Server 2016 64bit running on HPE Proliant BL460c Gen9 with Intel Xeon E5-26XX v4 series with PAA (single-user mode)
FIPS Algorithms
AES Cert. #4397
CKG vendor affirmed
CVL Certs. #1101, #1102, #1103, #1104, #1105 and #1106
DRBG Cert. #1417
DSA Cert. #1174
ECDSA Cert. #1056
HMAC Cert. #2923
KAS SP 800-56A-rev2 with CVL Certs. #1101, #1102, #1103 and #1106, vendor affirmed
KAS SP 800-56B with CVL Certs. #1101, #1102, #1103 and #1104, vendor affirmed
KTS AES Cert. #4397; key establishment methodology provides between 128 and 256 bits of encryption strength
PBKDF vendor affirmed
RSA Cert. #2379
SHS Cert. #3626
Triple-DES Cert. #2371
Allowed Algorithms
MD5
Hardware Versions
ARM v8-A, ARM v7-A, Intel Core i7 4th Generation, Intel Core i7 6th Generation, Intel Core i7 8th Generation, Intel Xeon 5600 series, Intel Xeon E5-2400 v4 series, Intel Xeon E5-2600 v2 series, Intel Xeon E5-2600 v3 series and Intel Xeon E5-2600 v4 series
Software Versions
1.0, 1.0.1 and 1.0.2

Vendor

Citrix Systems, Inc.
851 Cypress Creek Road
Fort Lauderdale, FL 33309
USA

Ben Tucker
Ben.Tucker@citrix.com
Phone: 954-267-3094
 Jon Andersen
jonathan.andersen@citrix.com
Phone: 954-940-7737

Related Files

Security Policy
Consolidated Certificate

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0