U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

Cryptographic Module Validation Program CMVP

Certificate #3788

Details

Module Name
NITROXIII CNN35XX-NFBE HSM Family
Standard
FIPS 140-2
Status
Active
Sunset Date
1/4/2026
Validation Dates
01/05/2021;01/22/2021;02/12/2021
Overall Level
3
Caveat
When operated in FIPS mode and initialized and configured per Section 10 of the Security Policy
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2 level 3. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, offloading general and TLS specific crypto operations through dedicated logical I/O channels. This product is suitable for PKI users, vendors, TLS servers/load balancers.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #C819 and #C839
CKG vendor affirmed
CVL Certs. #C829, #C839 and #C840
DRBG Certs. #680, #C821 and #C830
DSA Cert. #C823
ECDSA Certs. #C825 and #C829
HMAC Certs. #C822 and #C839
KAS Cert. #C828
KAS SP 800-56B, vendor affirmed, establishment methodology provides 112 bits of encryption strength
KBKDF Certs. #C826 and #C839
KTS AES Cert. #C839; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #C1263; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Cert. #C1263; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #C824 and #C839
SHS Certs. #1780 and #C820
Triple-DES Certs. #1311 and #C1169
Allowed Algorithms
AES (Cert. #C819, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C829, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C829 with CVL Cert. #C840, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength); RSA (CVL Cert. #C839, key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Hardware Versions
P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G, Version HW-1.0; CNL3560P-NFBE-2.0-G, CNL3560-NFBE-2.0-G, CNL3530-NFBE-2.0-G, CNL3510-NFBE-2.0-G, CNL3510P-NFBE-2.0-G, CNL3560PB-NFBE-2.0-G, CNL3560B-NFBE-2.0-G, CNL3530B-NFBE-2.0-G, CNL3510B-NFBE-2.0-G, CNL3510PB-NFBE-2.0-G, CNN3510LP-NFBE-2.0-G, CNN3510LPB-NFBE-2.0-G, CNN3560P-NFBE-2.0-G, CNN3560-NFBE-2.0-G, CNN3530-NFBE-2.0-G, CNN3510-NFBE-2.0-G and CNN3505LP-NFBE-2.0-G, Version HW-2.0; CNL3560P-NFBE-3.0-G, CNL3560B-NFBE-3.0-G, CNL3560-NFBE-3.0-G, CNL3560A-NFBE-3.0-G, CNL3560C-NFBE-3.0-G, CNL3560D-NFBE-3.0-G, CNL3560E-NFBE-3.0-G, CNL3560F-NFBE-3.0-G, CNL3560I-NFBE-3.0-G , CNL3530-NFBE-3.0-G, CNL3530B-NFBE-3.0-G, CNL3530A-NFBE-3.0-G, CNL3530C-NFBE-3.0-G, CNL3530D-NFBE-3.0-G, CNL3530E-NFBE-3.0-G, CNL3530F-NFBE-3.0-G, CNL3530I-NFBE-3.0-G , CNL3510-NFBE-3.0-G, CNL3510P-NFBE-3.0-G, CNL3510A-NFBE-3.0-G, CNL3510C-NFBE-3.0-G, CNL3510D-NFBE-3.0-G, CNL3510E-NFBE-3.0-G, CNL3510F-NFBE-3.0-G, CNL3510I-NFBE-3.0-G, CNN3560P-NFBE-3.0-G, CNN3560-NFBE-3.0-G, CNN3560A-NFBE-3.0-G, CNN3560C-NFBE-3.0-G, CNN3560D-NFBE-3.0-G, CNN3560E-NFBE-3.0-G, CNN3560F-NFBE-3.0-G, CNN3530-NFBE-3.0-G, CNN3530A-NFBE-3.0-G, CNN3530C-NFBE-3.0-G, CNN3530D-NFBE-3.0-G, CNN3530E-NFBE-3.0-G, CNN3530F-NFBE-3.0-G, CNN3510-NFBE-3.0-G, CNN3510A-NFBE-3.0-G, CNN3510C-NFBE-3.0-G, CNN3510D-NFBE-3.0-G, CNN3510E-NFBE-3.0-G, CNN3510F-NFBE-3.0-G, CNN3510LP-NFBE-3.0-G, CNN3510LPB-NFBE-3.0-G, CNN3510LPA-NFBE-3.0-G, CNN3510LPC-NFBE-3.0-G, CNN3510LPD-NFBE-3.0-G, CNN3510LPE-NFBE-3.0-G, CNN3510LPF-NFBE-3.0-G, CNN3505LP-NFBE-3.0-G, CNN3505LPA-NFBE-3.0-G, CNN3505LPC-NFBE-3.0-G, CNN3505LPD-NFBE-3.0-G, CNN3505LPE-NFBE-3.0-G, and CNN3505LPF-NFBE-3.0-G, Version HW -3.0
Firmware Versions
CNN35XX-NFBE-FW-2.06 build 05, CNN35XX-NFBE-FW-2.06 build 06 and CNN35XX-NFBE-FW-2.06 build 07

Vendor

Marvell
5488 Marvell Ln
Santa Clara, CA 95054
USA

Phanikumar Kancharla
pkkancharla@marvell.com

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0