U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3541

Details

Module Name
Nutanix Cryptographic Module for BoringSSL
Standard
FIPS 140-2
Status
Active
Sunset Date
11/1/2023
Validation Dates
10/01/2019;11/14/2019;05/26/2020;06/02/2021
Overall Level
1
Caveat
The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Nutanix Cryptographic Module for BoringSSL is a suite of FIPS Approved algorithms used for TLS and other cryptographic functions.
Tested Configuration(s)
  • CentOS 7.5 running on Nutanix NX-3360-G6 with an Intel Xeon 4116 with PAA (clang Compiler Version 6.0.1)
  • CentOS 7.5 running on Nutanix NX-3360-G6 with an Intel Xeon 4116 without PAA (clang Compiler Version 6.0.1)
  • CentOS 7.9 on Nutanix AHV Hypervisor v7.0 running on Nutanix NX-3060-G7 Appliance with an Intel® Xeon® Gold 6234 with PAA (clang Compiler Version 6.0.1)
  • CentOS 7.9 on Nutanix AHV Hypervisor v7.0 running on Nutanix NX-3060-G7 Appliance with an Intel® Xeon® Gold 6234 without PAA (clang Compiler Version 6.0.1)
  • Debian Linux 4.9.0 running on Intel Xeon E5-2680 with PAA (clang Compiler Version 6.0.1)
  • Debian Linux 4.9.0 running on Intel Xeon E5-2680 without PAA (clang Compiler Version 6.0.1)
  • Ubuntu Linux 18.04 running on POWER9 with PAA (clang Compiler Version 6.0.1)
  • Ubuntu Linux 18.04 running on POWER9 without PAA (clang Compiler Version 6.0.1) (single-user mode)
FIPS Algorithms
AES Certs. #5612, #C1256 and #A1229
CKG vendor affirmed
CVL Certs. #2033, #2034, #2035, #C1256 and #A1229
DRBG Certs. #2253, #C1256 and #A1229
ECDSA Certs. #1520, #C1256 and #A1229
HMAC Certs. #3743, #C1256 and #A1229
KTS AES Certs. #5612, #C1256 and #A1129; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Certs. #3020, #C1256 and #A1229
SHS Certs. #4509, #C1256 and #A1229
Triple-DES Certs. #2825, #C1256 and #A1229
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #2033, #2035, #C1256 and #A1229; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
66005f41fbc3529ffe8d007708756720529da20d

Vendor

Nutanix, Inc.
1740 Technology Drive
Suite 150
San Jose, CA 95110
USA

Matt Keller
fips@nutanix.com
Ashutosh Pangasa
fips@nutanix.com

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0