Module Name
Blue Coat Reverse Proxy S400-20 [1], S400-30 [2], S400-40 [3], S500-10 [4], S500-20 [5] and S500-30 [6]
Validation Dates
10/17/2017;11/16/2017
Caveat
When operated in FIPS mode with the tamper evident seals and the opacity baffles installed as indicated in the Security Policy
Security Level Exceptions
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Blue Coat Reverse Proxy appliances provide a termination point where deep inspection for malware and mission-critical policy is applied to inbound traffic. The Reverse Proxy gives organizations the ability to govern traffic and payloads on a wide variety of parameters, including location, devices, clients, software, protocols, and more. It can be used with either public-facing or internally facing web servers.
FIPS Algorithms
| AES |
Cert. #4552 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1231, #1233 and #1237 |
| DRBG |
Cert. #1502 |
| HMAC |
Certs. #3005 and #3006 |
| KTS |
AES Cert. #4552; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2423; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #2478 and #2479 |
| SHS |
Certs. #3729 and #3730 |
| Triple-DES |
Cert. #2423 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1231 with CVL Certs. #1233 and #1237, key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
090-03623 [1], 090-03626 [1], 090-03624 [2], 090-03627 [2], 090-03625 [3], 090-03628 [3], 090-03615 [4], 090-03617 [4], 090-03616 [5], 090-03618 [5], 090-03656 [6] and 090-03657 [6] with FIPS Kit: HW-KIT-FIPS-400 [1,2,3] and HW-KIT-FIPS-500 [4,5,6]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
