Module Name
RapidIdentity FIPS Cryptographic Module
Validation Dates
05/20/2020;07/13/2020
Caveat
When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2792.
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The RapidIdentity FIPS Cryptographic Module for Windows is a cryptographic engine for Windows Server. The module delivers core cryptographic functions to Identity Automation’s RapidIdentity MFA server, providing a multitude of authentication methods. The RapidIdentity FIPS Cryptographic Module leverages industry leading, FIPS approved cryptographic algorithms provided by the Bouncy Castle FIPS .NET and Java APIs.
Tested Configuration(s)
- Android 10 on .NET framework 4.5.2 running on a Google Pixel 3 with Qualcomm Snapdragon 845 Chipset
- iOS 13 on Xamarin.iOS 13 running on an iPhone 11 with the Apple A13 Bionic processor
- Windows Server 2016 Standard on Vmware ESXi 6.5 on .NET framework 4.5.2 running on a Dell PowerEdge T630 with Intel Xeon E5-2630 (single user mode)
FIPS Algorithms
|
|
ECDSA (Certs. #C1580 and #C1581 |
|
AES |
Certs. #C1580 and #C1581 |
CVL |
Certs. #C1580 and #C1581 |
DRBG |
Certs. #C1580 and #C1581 |
DSA |
Certs. #C1580 and #C1581 |
HMAC |
Certs. #C1580 and #C1581 |
KAS |
Certs. #C1580 and #C1581 |
KAS |
SP 800-56Arev2 with CVL Certs.#C1580 and #C1581, vendor affirmed |
KTS |
AES Certs. #C1580 and #C1581; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Certs. #C1580 and #C1581; key establishment methodology provides 112 bits of encryption strength |
KTS |
vendor affirmed |
PBKDF |
vendor affirmed |
RSA |
Certs. #C1580 and #C1581 |
SHA-3 |
Certs. #C1580 and #C1581 |
SHS |
Certs. #C1580 and #C1581 |
Triple-DES |
Certs. #C1580 and #C1581 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #C1580 and #C1581, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength);