U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3788

Details

Module Name
NITROXIII CNN35XX-NFBE HSM Family
Standard
FIPS 140-2
Status
Active
Sunset Date
1/4/2026
Validation Dates
01/05/2021;01/22/2021;02/12/2021
Overall Level
3
Caveat
When operated in FIPS mode and initialized and configured per Section 10 of the Security Policy
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2 level 3. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, offloading general and TLS specific crypto operations through dedicated logical I/O channels. This product is suitable for PKI users, vendors, TLS servers/load balancers.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #C819 and #C839
CKG vendor affirmed
CVL Certs. #C829, #C839 and #C840
DRBG Certs. #680, #C821 and #C830
DSA Cert. #C823
ECDSA Certs. #C825 and #C829
HMAC Certs. #C822 and #C839
KAS Cert. #C828
KAS SP 800-56B, vendor affirmed, establishment methodology provides 112 bits of encryption strength
KBKDF Certs. #C826 and #C839
KTS AES Cert. #C839; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #C1263; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Cert. #C1263; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #C824 and #C839
SHS Certs. #1780 and #C820
Triple-DES Certs. #1311 and #C1169
Allowed Algorithms
AES (Cert. #C819, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C829, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C829 with CVL Cert. #C840, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength); RSA (CVL Cert. #C839, key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G, Version HW-1.0; CNL3560P-NFBE-2.0-G, CNL3560-NFBE-2.0-G, CNL3530-NFBE-2.0-G, CNL3510-NFBE-2.0-G, CNL3510P-NFBE-2.0-G, CNL3560PB-NFBE-2.0-G, CNL3560B-NFBE-2.0-G, CNL3530B-NFBE-2.0-G, CNL3510B-NFBE-2.0-G, CNL3510PB-NFBE-2.0-G, CNN3510LP-NFBE-2.0-G, CNN3510LPB-NFBE-2.0-G, CNN3560P-NFBE-2.0-G, CNN3560-NFBE-2.0-G, CNN3530-NFBE-2.0-G, CNN3510-NFBE-2.0-G and CNN3505LP-NFBE-2.0-G, Version HW-2.0; CNL3560P-NFBE-3.0-G, CNL3560B-NFBE-3.0-G, CNL3560-NFBE-3.0-G, CNL3560A-NFBE-3.0-G, CNL3560C-NFBE-3.0-G, CNL3560D-NFBE-3.0-G, CNL3560E-NFBE-3.0-G, CNL3560F-NFBE-3.0-G, CNL3560I-NFBE-3.0-G , CNL3530-NFBE-3.0-G, CNL3530B-NFBE-3.0-G, CNL3530A-NFBE-3.0-G, CNL3530C-NFBE-3.0-G, CNL3530D-NFBE-3.0-G, CNL3530E-NFBE-3.0-G, CNL3530F-NFBE-3.0-G, CNL3530I-NFBE-3.0-G , CNL3510-NFBE-3.0-G, CNL3510P-NFBE-3.0-G, CNL3510A-NFBE-3.0-G, CNL3510C-NFBE-3.0-G, CNL3510D-NFBE-3.0-G, CNL3510E-NFBE-3.0-G, CNL3510F-NFBE-3.0-G, CNL3510I-NFBE-3.0-G, CNN3560P-NFBE-3.0-G, CNN3560-NFBE-3.0-G, CNN3560A-NFBE-3.0-G, CNN3560C-NFBE-3.0-G, CNN3560D-NFBE-3.0-G, CNN3560E-NFBE-3.0-G, CNN3560F-NFBE-3.0-G, CNN3530-NFBE-3.0-G, CNN3530A-NFBE-3.0-G, CNN3530C-NFBE-3.0-G, CNN3530D-NFBE-3.0-G, CNN3530E-NFBE-3.0-G, CNN3530F-NFBE-3.0-G, CNN3510-NFBE-3.0-G, CNN3510A-NFBE-3.0-G, CNN3510C-NFBE-3.0-G, CNN3510D-NFBE-3.0-G, CNN3510E-NFBE-3.0-G, CNN3510F-NFBE-3.0-G, CNN3510LP-NFBE-3.0-G, CNN3510LPB-NFBE-3.0-G, CNN3510LPA-NFBE-3.0-G, CNN3510LPC-NFBE-3.0-G, CNN3510LPD-NFBE-3.0-G, CNN3510LPE-NFBE-3.0-G, CNN3510LPF-NFBE-3.0-G, CNN3505LP-NFBE-3.0-G, CNN3505LPA-NFBE-3.0-G, CNN3505LPC-NFBE-3.0-G, CNN3505LPD-NFBE-3.0-G, CNN3505LPE-NFBE-3.0-G, and CNN3505LPF-NFBE-3.0-G, Version HW -3.0
Firmware Versions
CNN35XX-NFBE-FW-2.06 build 05, CNN35XX-NFBE-FW-2.06 build 06 and CNN35XX-NFBE-FW-2.06 build 07
Product URL
http://www.marvell.com/security-solutions/nitrox-hs-adapters

Vendor

Marvell
5488 Marvell Ln
Santa Clara, CA 95054
USA

Phanikumar Kancharla
pkkancharla@marvell.com

Related Files

Security Policy
Consolidated Certificate

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0