Module Name

F5® Device Cryptographic Module

Standard

FIPS 140-2

Status

Active

Sunset Date

5/1/2024

Validation Dates

05/02/2019

Overall Level

2

Caveat

When operated in FIPS Mode and configured as specified in the section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.

Security Level Exceptions

• Mitigation of Other Attacks: N/A

Module Type

Hardware

Embodiment

Multi-Chip Stand Alone

Description

F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP and VIPRION hardware.

Tested Configuration(s)

• N/A

FIPS Algorithms

AES	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
CKG	vendor-affirmed
CVL	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
DRBG	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, # C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
ECDSA	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
HMAC	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
KTS	AES Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48 and #C49; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS	AES Certs. #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides 128 or 256 bits of encryption strength
KTS	AES Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48 and #C49 and HMAC Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS	AES Certs. #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75 and HMAC Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides 128 or 256 bits of encryption strength
RSA	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
SHS	Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75

Allowed Algorithms

EC Diffie-Hellman (CVL Certs. #C 2, #C 33, #C 34, #C 35, #C 36, #C 37, #C 40, #C 41, #C 42, #C 43, #C 44, #C 45, #C 46, #C 47, #C 48, #C 49, #C 52, #C 53, #C 54, #C 55, #C 57, #C 58, #C 62, #C 63, #C 64, #C 65, #C 67, #C 68, #C 69, #C 70, #C 71 and #C 75 with #C 2, #C 33, #C 34, #C 35, #C 36, #C 37, #C 40, #C 41, #C 42, #C 43, #C 44, #C 45, #C 46, #C 47, #C 48, #C 49, #C 52, #C 53, #C 54, #C 55, #C 57, #C 58, #C 62, #C 63, #C 64, #C 65, #C 67, #C 68, #C 69, #C 70, #C 71 and #C 75, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Hardware Versions

BIG-IP i4000, BIG-IP i5000, BIG-IP i5820-DF, BIG-IP i7000, BIG-IP i7820-DF, BIG-IP i10800, BIG-IP i11800-DS, BIG-IP i15800, BIG-IP 4000, BIG-IP 5250v-F, BIG-IP 7000, BIG-IP 7200v-F, BIG-IP 10200v-F, BIG-IP 10350v-F, VIPRION B2250, VIPRION B4450

Firmware Versions

13.1.1 EHF