Module Name
Certes Enforcement Points
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Certes Encryptors, or Certes Enforcement Points (CEP), are purpose-built encryption appliances that provide multi-layer data protection and application segmentation. CEP appliances provide Ethernet frame encryption for Layer 2 networks, IPsec encryption for Layer 3 networks, and data payload encryption for Layer 4 MPLS networks. CEPs operate transparently to the network infrastructure, which ensures all data is encrypted without impacting network performance.
Allowed Algorithms
EC Diffie-Hellman (CVL Cert. #1800, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Hardware Versions
CEP220, CEP250, CEP300, CEP420, CEP520
Firmware Versions
CEP v5.3