Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #1396


Module Name
FortiMail OS
FIPS 140-2
 Historical Reason
RNG SP800-131A Revision 1 Transition
Overall Level
When operated in FIPS mode
Security Level Exceptions
  • Cryptographic Module Ports and Interfaces: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Tested as meeting Level 1 with FortiMail-100
  • FortiMail-400
  • FortiMail-400B
  • FortiMail-2000A
  • FortiMail-4000A
Module Type
Multi-chip standalone
FortiMail OS is a firmware based operating system that runs exclusively on Fortinet's FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities.
Approved Algorithms
AES Cert. #1231
HMAC Cert. #718
RNG Cert. #682
RSA Cert. #591
SHS Cert. #1131
Triple-DES Cert. #884
Other Algorithms
DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);
Firmware Versions
FortiMail OS 3.00, build 529, 091029


Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3

Jeff Lake, Vice President, Federal Operations
Phone: 678-402-8021
Fax: 678-402-8021

Validation History

Date Type Lab
8/30/2010 Initial DOMUS