U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3254

Details

Module Name
NITROXIII CNN35XX-NFBE HSM Family
Standard
FIPS 140-2
Status
Active
Sunset Date
8/1/2023
Validation Dates
08/02/2018;08/17/2018;10/09/2018;01/30/2019;04/02/2019;06/13/2019;07/15/2019;07/18/2019;08/12/2019;11/18/2019;07/01/2020;07/10/2020;12/01/2020;07/06/2021;07/09/2021
Overall Level
3
Caveat
When operated in FIPS mode and initialized and configured per Section 10 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #2033, #2034, #2035, #3205, #3206 and #4104
CKG vendor affirmed
CVL Certs. #167 and #563
DRBG Cert. #680
DSA Cert. #916
ECDSA Cert. #589
HMAC Certs. #1233 and #2019
KAS Cert. #53
KAS SP 800-56B, vendor affirmed
KBKDF Cert. #65
KTS AES Cert. #2035; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #3206
KTS AES Cert. #4104; key establishment methodology provides 128 or 192 bits of encryption strength
KTS Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength
RSA Certs. #1634 and #2218
RSA Cert. #1634, SP 800-56B, vendor affirmed
SHS Certs. #1780 and #2652
Triple-DES Certs. #1311 and #2242
Allowed Algorithms
EC Curve Secp256k1; EC Diffie-Hellman (CVL Certs. #167 and #563, key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
P/Ns CNL3560P-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNL3560P-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3560P-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560B-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3560B-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNL3560-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3560-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560A-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560C-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560D-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560E-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3560F-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNL3530-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3530-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530B-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3530B-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530A-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530C-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530D-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530E-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3530F-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNL3510-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3510-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510B-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3510P-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNL3510P-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3510P-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510PB-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3560PB-NFBE-2.0-G [1, 2, 3, 4, 7], CNL3510A-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510C-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510D-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510E-NFBE-3.0-G [1, 2, 3, 4, 7], CNL3510F-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560P-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNN3560P-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3560P-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNN3560-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3560-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560A-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560C-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560D-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560E-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3560F-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNN3530-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3530-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530A-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530C-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530D-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530E-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3530F-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510-NFBE-G [1, 2, 3, 4, 5, 6, 7], CNN3510-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3510-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510A-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510C-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510D-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510E-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510F-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LP-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3510LP-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPB-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3510LPB-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPA-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPC-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPD-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPE-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3510LPF-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3505LP-NFBE-2.0-G [1, 2, 3, 4, 7], CNN3505LP-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3505LPA-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3505LPC-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3505LPD-NFBE-3.0-G [1, 2, 3, 4, 7], CNN3505LPE-NFBE-3.0-G [1, 2, 3, 4, 7] and CNN3505LPF-NFBE-3.0-G [1, 2, 3, 4, 7]
Firmware Versions
CNN35XX-NFBE-FW-2.04 build 48 [1], CNN35XX-NFBE-FW-2.04 build 49 [2], CNN35XX-NFBE-FW-2.04 build 50 [3], CNN35XX-NFBE-FW-2.04 build 52 [4], CNN35XX-NFBE-FW-2.05 build 15 [5], CNN35XX-NFBE-FW-2.05 build 18 [6] and CNN35XX-NFBE-FW-2.05 build 16 [7]

Vendor

Marvell Semiconductor, Inc.
5488 Marvell Ln
Santa Clara, CA 95054
USA

Daniel Wong
danielwong@marvell.com
Phone: 408-222-8016
Phanikumar Kancharla
PhaniKumar.kancharla@@marvell.com

Lab

UL VERIFICATION SERVICES INC
NVLAP Code: 100432-0