Module Name
NITROXIII CNN35XX-NFBE HSM Family
Validation Dates
09/29/2020;11/10/2020;01/15/2021
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2 level 3. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, offloading general and TLS specific crypto operations through dedicated I/O channels. This product is suitable for PKI users, vendors, TLS servers/load balancers.
FIPS Algorithms
| AES |
Certs. #C819, #C827 and #C839 |
| CKG |
vendor affirmed |
| CVL |
Certs. #C825, #C829, #C839 and #C840 |
| DRBG |
Certs. #C821 and #C830 |
| DSA |
Cert. #C823 |
| ECDSA |
Certs. #C825 and #C829 |
| HMAC |
Certs. #C822 and #C839 |
| KAS |
Cert. #C828 |
| KAS |
SP800-56B, vendor affirmed |
| KBKDF |
CVL Certs. #C826 and #C839 |
| KTS |
AES Cert. #C827; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #C839; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Cert. #C824 |
| SHS |
Certs. #1780 and #C820 |
| Triple-DES |
Certs. #1311 and #2242 |
Allowed Algorithms
EC Diffie-Hellman (CVL Cert. #C829, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C829 and CVL Cert. #C840; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (CVL Cert. #C839, key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
P/Ns CNL3560P-NFBE-G, CNL3560P-NFBE-2.0-G, CNL3560-NFBE-G, CNL3560-NFBE-2.0-G, CNL3530-NFBE-G, CNL3530-NFBE-2.0-G, CNL3510-NFBE-G, CNL3510-NFBE-2.0-G, CNL3510P-NFBE-G, CNL3510P-NFBE-2.0-G, CNN3560P-NFBE-G, CNN3560P-NFBE-2.0-G, CNN3560-NFBE-G, CNN3560-NFBE-2.0-G, CNN3530-NFBE-G, CNN3530-NFBE-2.0-G, CNN3510-NFBE-G and CNN3510-NFBE-2.0-G
Firmware Versions
CNN35XX-NFBE-FW-3.4 build 07, CNN35XX-NFBE-FW-3.4 build 08 and CNN35XX-NFBE-FW-3.4 build 09
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
