Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #3450

Details

Module Name
F5® Device Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
5/1/2024
Validation Dates
5/2/2019
Overall Level
2
Caveat
When operated in FIPS Mode and configured as specified in the section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP and VIPRION hardware.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
CKG vendor-affirmed
CVL Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
DRBG Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, # C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
ECDSA Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
HMAC Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
KTS AES Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48 and #C49; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Certs. #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48 and #C49 and HMAC Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Certs. #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75 and HMAC Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75; key establishment methodology provides 128 or 256 bits of encryption strength
RSA Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
SHS Certs. #C2, #C33, #C34, #C35, #C36, #C37, #C40, #C41, #C42, #C43, #C44, #C45, #C46, #C47, #C48, #C49, #C52, #C53, #C54, #C55, #C57, #C58, #C62, #C63, #C64, #C65, #C67, #C68, #C69, #C70, #C71 and #C75
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #C 2, #C 33, #C 34, #C 35, #C 36, #C 37, #C 40, #C 41, #C 42, #C 43, #C 44, #C 45, #C 46, #C 47, #C 48, #C 49, #C 52, #C 53, #C 54, #C 55, #C 57, #C 58, #C 62, #C 63, #C 64, #C 65, #C 67, #C 68, #C 69, #C 70, #C 71 and #C 75 with #C 2, #C 33, #C 34, #C 35, #C 36, #C 37, #C 40, #C 41, #C 42, #C 43, #C 44, #C 45, #C 46, #C 47, #C 48, #C 49, #C 52, #C 53, #C 54, #C 55, #C 57, #C 58, #C 62, #C 63, #C 64, #C 65, #C 67, #C 68, #C 69, #C 70, #C 71 and #C 75, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
BIG-IP i4000, BIG-IP i5000, BIG-IP i5820-DF, BIG-IP i7000, BIG-IP i7820-DF, BIG-IP i10800, BIG-IP i11800-DS, BIG-IP i15800, BIG-IP 4000, BIG-IP 5250v-F, BIG-IP 7000, BIG-IP 7200v-F, BIG-IP 10200v-F, BIG-IP 10350v-F, VIPRION B2250, VIPRION B4450
Firmware Versions
13.1.1 EHF

Vendor

F5 Networks
401 Elliott Avenue West
Seattle, WA 98119
USA

Maryrita Steinhour
m.steinhour@f5.com
Phone: 206-272-7351
Fax: n/a
Eric Raisters
e.raisters@f5.com
Phone: 206-272-7580
Fax: n/a

Lab

ATSEC INFORMATION SECURITY CORP
NVLAP Code: 200658-0