Module Name
Symantec Advanced Secure Gateway S400-20 [1], S400-30 [2], S400-40 [3], S500-10 [4] and S500-20 [5]
Validation Dates
10/04/2017
Caveat
When operated in FIPS mode with the tamper evident seals and the opacity baffles installed as indicated in the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Symantec Advanced Secure Gateway combines the functionality of Symantec’s industry-leading ProxySG with the intelligence of the Symantec Content Analysis to offer a single, powerful web security solution that delivers world-class threat protection. The Symantec Advanced Secure Gateway is a scalable proxy designed to secure your web communications and accelerate your business applications. The Gateway’s unique proxy architecture allows it to effectively monitor, control and secure traffic to ensure a safe web and experience.
FIPS Algorithms
| AES |
Cert. #4552 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1231, #1233 and #1237 |
| DRBG |
Cert. #1502 |
| HMAC |
Certs. #3005 and #3006 |
| KTS |
AES Cert. #4552; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2423; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #2478, #2479 and #2484 |
| SHS |
Certs. #3729, #3730 and #3735 |
| Triple-DES |
Cert. #2423 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
090-03513 [1], 090-03516 [2], 090-03520 [3], 090-03527 [4] and 090-03531 [5] with FIPS Kit: HW-KIT-FIPS-400 [1,2,3] and HW-KIT-FIPS-500 [4,5]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
