Module Name
Blue Coat ProxySG S400-20 [1], S400-30 [2], S400-40 [3], S500-10 [4], S500-20 [5] and S500-30 [6]
Validation Dates
10/02/2017
Caveat
When operated in FIPS mode with the tamper evident seals and the opacity baffles installed as indicated in the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Blue Coat ProxySG physical and virtual appliances are the core of Symantec’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging. ProxySG identifies malicious payloads and then filters, strips, blocks or replaces web content to mitigate risks and prevent data loss. The appliances also optimize web and internal application traffic for data, video, cloud and web applications.
FIPS Algorithms
| AES |
Cert. #4552 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1231, #1233 and #1237 |
| DRBG |
Cert. #1502 |
| HMAC |
Certs. #3005 and #3006 |
| KTS |
AES Cert. #4552; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2423; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #2478 and #2479 |
| SHS |
Certs. #3729 and #3730 |
| Triple-DES |
Cert. #2423 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
090-03075 [1], 090-03076 [1], 090-03079 [2], 090-03080 [2], 090-03083 [3], 090-03084 [3], 090-02998 [4], 090-02999 [4], 090-03000 [5], 090-03001 [5], 090-03579 [6] and 090-03580 [6] with FIPS Kit: HW-KIT-FIPS-400 [1,2,3] and HW-KIT-FIPS-500 [4,5,6]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
