Module Name

SafeNet Backup Hardware Security Module

Standard

FIPS 140-2

Status

Active

Sunset Date

6/26/2023

Validation Dates

06/27/2018

Overall Level

3

Caveat

When operated in FIPS mode and initialized to Overall Level 3 per Security Policy

Module Type

Hardware

Embodiment

Multi-Chip Stand Alone

Description

The SafeNet Backup Hardware Security Module provides the same level of security as the SafeNet Network HSM and SafeNet PCI-E HSMs in a convenient, small, low-cost form factor. The SafeNet Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the SafeNet Backup HSM for safekeeping in case of emergency, failure or disaster.

Tested Configuration(s)

• N/A

FIPS Algorithms

AES	Certs. #4849 and #5012
CKG	vendor affirmed
CVL	Cert. #1562
DRBG	Cert. #1704
DSA	Certs. #1298 and #1315
ECDSA	Certs. #1242 and #1278
HMAC	Certs. #3306 and #3330
KAS	Cert. #154
KBKDF	Cert. #164
KTS	Cert. #5012; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA	Certs. #2691 and #2704
SHS	Certs. #3988 and #4075
Triple-DES	Certs. #2552 and #2585
Triple-DES MAC	Triple-DES Certs. #2552 and #2585, vendor affirmed

Allowed Algorithms

AES (Certs. #4849 and #5012, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength); Triple-DES (Certs. #2552 and #2585, key unwrapping; key establishment methodology provides 112 bits of encryption strength)

Hardware Versions

LTK-03, Version Code 0102 [1, 2] and LTK-03, Version Code 0103 [1, 2]

Firmware Versions

6.24.6 [1] and 6.24.7 [2]