U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3378

Details

Module Name
Unbound Tech EKM Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
2/18/2024
Validation Dates
02/19/2019;04/24/2020
Overall Level
1
Caveat
When operated in FIPS mode with two additional Unbound Tech EKM Cryptographic Modules with each EKM Cryptographic Module running in Entry mode, Pair mode, and Auxiliary mode as specified in Section 3.1 of the Security Policy
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
Unbound's Enterprise Key Management (EKM) lets you manage and control keys working with any application. This pure-software solution is easy to deploy and maintain, while giving you unmatched levels of security and control for your crypto keys in the cloud. Based on Unbound vHSM technology, the keys are guaranteed to never appear in the clear, not even when generated or while at use - ensuring your most sensitive keys are kept private at all times.
Tested Configuration(s)
  • Red Hat Enterprise Linux 7.3 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
  • Red Hat Enterprise Linux 7.3 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 without PAA (single-user mode)
  • Red Hat Enterprise Linux 7.3 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
  • Red Hat Enterprise Linux 7.3 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
  • Windows Server 2016 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
  • Windows Server 2016 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
  • Windows Server 2016 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
  • Windows Server 2016 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
FIPS Algorithms
AES Certs. #5443 and #5444
CKG vendor affirmed
CVL Certs. #1884, #1885, #1886, #1887, #1888 and #1889
DRBG Cert. #2126
ECDSA Certs. #1447 and #1448
HMAC Certs. #3600 and #3601
KAS SP 800-56Arev2 with CVL Cert. #1887, vendor affirmed
KTS AES Cert. #5444; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS SP 80056B vendor affirmed; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Certs. #2918 and #2919
SHS Cert. #4362
Allowed Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; RSA (key unwrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
2.0
Product URL
http://www.unboundtech.com/product/unbound-key-control/

Vendor

Unbound Tech
25 Efal Street
Petah Tikva 4951125
Israel

Guy Peer
guy.peer@unboundtech.com
Phone: +972-54-560-4879
 Alexander Presman
alexander.presman@unboundtech.com
Phone: +972-58-551-2033

Related Files

Security Policy
Consolidated Certificate

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0