Module Name
Unbound Tech EKM Cryptographic Module
Validation Dates
02/19/2019;04/24/2020
Caveat
When operated in FIPS mode with two additional Unbound Tech EKM Cryptographic Modules with each EKM Cryptographic Module running in Entry mode, Pair mode, and Auxiliary mode as specified in Section 3.1 of the Security Policy
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
Embodiment
Multi-Chip Stand Alone
Description
Unbound's Enterprise Key Management (EKM) lets you manage and control keys working with any application. This pure-software solution is easy to deploy and maintain, while giving you unmatched levels of security and control for your crypto keys in the cloud. Based on Unbound vHSM technology, the keys are guaranteed to never appear in the clear, not even when generated or while at use - ensuring your most sensitive keys are kept private at all times.
Tested Configuration(s)
- Red Hat Enterprise Linux 7.3 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
- Red Hat Enterprise Linux 7.3 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 without PAA (single-user mode)
- Red Hat Enterprise Linux 7.3 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
- Red Hat Enterprise Linux 7.3 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
- Windows Server 2016 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
- Windows Server 2016 on ESXi 6.5 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
- Windows Server 2016 running on Gigabyte GA-6LISL / Intel Core i3 with PAA
- Windows Server 2016 running on Gigabyte GA-6LISL / Intel Core i3 without PAA
FIPS Algorithms
AES |
Certs. #5443 and #5444 |
CKG |
vendor affirmed |
CVL |
Certs. #1884, #1885, #1886, #1887, #1888 and #1889 |
DRBG |
Cert. #2126 |
ECDSA |
Certs. #1447 and #1448 |
HMAC |
Certs. #3600 and #3601 |
KAS |
SP 800-56Arev2 with CVL Cert. #1887, vendor affirmed |
KTS |
AES Cert. #5444; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
SP 80056B vendor affirmed; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #2918 and #2919 |
SHS |
Cert. #4362 |
Allowed Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; RSA (key unwrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)