Module Name

NITROXIII CNN35XX-NFBE HSM Family

Standard

FIPS 140-2

Status

Active

Sunset Date

1/17/2023

Validation Dates

01/18/2018;03/07/2018;04/10/2018;10/12/2018;10/31/2018;02/20/2019;05/08/2019;08/19/2020;09/30/2020

Overall Level

3

Caveat

When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy

Security Level Exceptions

• Mitigation of Other Attacks: N/A

Module Type

Hardware

Embodiment

Multi-Chip Embedded

Description

CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers.

Tested Configuration(s)

• N/A

FIPS Algorithms

AES	Certs. #2033, #2034, #2035, #3205, #3206 and #4104
CKG	vendor affirmed
CVL	Certs. #167 and #563
DRBG	Cert. #680
DSA	Cert. #916
ECDSA	Cert. #589
HMAC	Certs. #1233 and #2019
KAS	Cert. #53
KAS	SP 800-56B, vendor affirmed
KBKDF	Cert. #65
KTS	AES Certs. #3206 and #4104
KTS	Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength
RSA	Certs. #1634 and #2218
SHS	Certs. #1780 and #2652
Triple-DES	Certs. #1311 and #2242

Allowed Algorithms

MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Hardware Versions

P/Ns CNL3560P-NFBE-G, CNL3560P-NFBE-2.0-G, CNL3560P-NFBE-3.0-G, CNL3560B-NFBE-2.0-G, CNL3560B-NFBE-3.0-G, CNL3560-NFBE-G, CNL3560-NFBE-2.0-G, CNL3560-NFBE-3.0-G, CNL3560A-NFBE-3.0-G, CNL3560C-NFBE-3.0-G, CNL3560D-NFBE-3.0-G, CNL3560E-NFBE-3.0-G, CNL3560F-NFBE-3.0-G, CNL3530-NFBE-G, CNL3530-NFBE-2.0-G, CNL3530-NFBE-3.0-G, CNL3530B-NFBE-2.0-G, CNL3530B-NFBE-3.0-G, CNL3530A-NFBE-3.0-G, CNL3530C-NFBE-3.0-G, CNL3530D-NFBE-3.0-G, CNL3530E-NFBE-3.0-G, CNL3530F-NFBE-3.0-G, CNL3510-NFBE-G, CNL3510-NFBE-2.0-G, CNL3510-NFBE-3.0-G, CNL3510P-NFBE-G, CNL3510P-NFBE-2.0-G, CNL3510P-NFBE-3.0-G, CNL3510A-NFBE-3.0-G, CNL3510C-NFBE-3.0-G, CNL3510D-NFBE-3.0-G, CNL3510E-NFBE-3.0-G, CNL3510F-NFBE-3.0-G, CNN3560P-NFBE-G, CNN3560P-NFBE-2.0-G, CNN3560P-NFBE-3.0-G, CNN3560-NFBE-G, CNN3560-NFBE-2.0-G, CNN3560-NFBE-3.0-G, CNN3560A-NFBE-3.0-G, CNN3560C-NFBE-3.0-G, CNN3560D-NFBE-3.0-G, CNN3560E-NFBE-3.0-G, CNN3560F-NFBE-3.0-G, CNN3530-NFBE-G, CNN3530-NFBE-2.0-G, CNN3530-NFBE-3.0-G, CNN3530A-NFBE-3.0-G, CNN3530C-NFBE-3.0-G, CNN3530D-NFBE-3.0-G, CNN3530E-NFBE-3.0-G, CNN3530F-NFBE-3.0-G, CNN3510-NFBE-G, CNN3510-NFBE-2.0-G, CNN3510-NFBE-3.0-G, CNN3510A-NFBE-3.0-G, CNN3510C-NFBE-3.0-G, CNN3510D-NFBE-3.0-G, CNN3510E-NFBE-3.0-G, CNN3510F-NFBE-3.0-G, CNN3510LP-NFBE-2.0-G, CNN3510LP-NFBE-3.0-G, CNN3510LPB-NFBE-2.0-G, CNN3510LPB-NFBE-3.0-G, CNN3510LPA-NFBE-3.0-G, CNN3510LPC-NFBE-3.0-G, CNN3510LPD-NFBE-3.0-G, CNN3510LPE-NFBE-3.0-G, CNN3510LPF-NFBE-3.0-G, CNN3505LP-NFBE-2.0-G, CNN3505LP-NFBE-3.0-G, CNN3505LPA-NFBE-3.0-G, CNN3505LPC-NFBE-3.0-G, CNN3505LPD-NFBE-3.0-G, CNN3505LPE-NFBE-3.0-G and CNN3505LPF-NFBE-3.0-G

Firmware Versions

CNN35XX-NFBE-FW-3.0 build 15, CNN35XX-NFBE-FW-3.01 build 06, CNN35XX-NFBE-FW-3.2 build 06, CNN35XX-NFBE-FW-3.2 build 12, CNN35XX-NFBE-FW-3.2 build 18 and CNN35XX-NFBE-FW-3.2 build 19