U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3344

Details

Module Name
Okta Cryptographic Module for Mobile
Standard
FIPS 140-2
Status
Active
Sunset Date
3/8/2026
Overall Level
1
Caveat
When operated in FIPS mode. The module makes no assurance of the minimum strength of random strings and generated keys. This validation entry is a non-security relevant modification to Cert. #1938.
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Okta Cryptographic Module for JavaMobile manages functions for secure key management, data integrity, data at rest encryption, and secure communications for the Okta Multifactor Authentication solution.
Tested Configuration(s)
  • Android 4.0 running on a Galaxy Nexus
  • iOS 5.1 running on a iPad 3
  • iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode)
FIPS Algorithms
AES Certs. #2125 and #2126
CKG vendor affirmed
DRBG Certs. #233 and #234
DSA Certs. #666 and #667
ECDSA Certs. #319 and #320
HMAC Certs. #1296 and #1297
RSA Certs. #1094 and #1095
SHS Certs. #1849 and #1850
Triple-DES Certs. #1351 and #1352
Allowed Algorithms
N/A
Software Versions
2.1

Vendor

Okta, Inc.
100 First St. 14th Floor
San Francisco, CA 94105
USA

Christopher Niggel
fedramp@okta.com
Okta Compliance Team
FIPS_validation@okta.com

Validation History

Date Type Lab
12/17/2018 Initial ÆGISOLVE
3/8/2022 Update ÆGISOLVE