Module Name
NITROXIII CNN35XX-NFBE HSM Family
Validation Dates
10/30/2020
Caveat
When operated in FIPS mode and initialized and configured per Section 10 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security-relevant modification to Cert. #3254
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Embedded
Description
CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers.
FIPS Algorithms
| AES |
Certs. #2033, #2034, #2035, #3205, #3206 and #4104 |
| CKG |
vendor affirmed |
| CVL |
Certs. #167 and #563 |
| DRBG |
Cert. #680 |
| DSA |
Cert. #916 |
| ECDSA |
Cert. #589 |
| HMAC |
Certs. #1233 and #2019 |
| KAS |
Cert. #53 |
| KAS |
SP 800-56B, vendor affirmed |
| KBKDF |
Cert. #65 |
| KTS |
AES Cert. #2035; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
AES Cert. #3206 |
| KTS |
AES Cert. #4104; key establishment methodology provides 128 or 192 bits of encryption strength |
| KTS |
Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength |
| RSA |
Certs. #1634 and #2218 |
| SHS |
Certs. #1780 and #2652 |
| Triple-DES |
Certs. #1311 and #2242 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #167 and #563, key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
P/Ns CNL3560P-NFBE-G [1], CNL3560-NFBE-G [1], CNL3530-NFBE-G [1], CNL3510-NFBE-G [1], CNL3510P-NFBE-G [1], CNN3560P-NFBE-G [1], CNN3560-NFBE-G [1], CNN3530-NFBE-G [1], CNN3510-NFBE-G [1], CNL3560P-NFBE-2.0-G [2], CNL3560-NFBE-2.0-G [2], CNL3530-NFBE-2.0-G [2], CNL3510-NFBE-2.0-G [2], CNL3510P-NFBE-2.0-G [2], CNL3560PB-NFBE-2.0-G [2], CNL3560B-NFBE-2.0-G [2], CNL3530B-NFBE-2.0-G [2], CNL3510B-NFBE-2.0-G [2], CNL3510PB-NFBE-2.0-G [2], CNN3510LP-NFBE-2.0-G [2] and CNN3510LPB-NFBE-2.0-G [2]
Firmware Versions
CNN35XX-NFBE-FW-2.04 build 48 [1, 2], CNN35XX-NFBE-FW-2.04 build 49 [1, 2], CNN35XX-NFBE-FW-2.04 build 50 [1, 2], CNN35XX-NFBE-FW-2.04 build 52 [1, 2], CNN35XX-NFBE-FW-2.04 build 53 [1, 2], CNN35XX-NFBE-FW-2.05 build 15 [1] and CNN35XX-NFBE-FW-2.05 build 18 [1]
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
