Module Name
F5® Device Cryptographic Module
Historical Reason
SP 800-56Arev3 transition - replaced by certificate #4471
Caveat
When operated in FIPS Mode and configured as specified in the section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP and VIPRION hardware.
Approved Algorithms
AES |
Certs. #C699, #C700 and #C701 |
CVL |
Certs. #C699, #C700 and #C701 |
DRBG |
Certs. #C699, #C700 and #C701 |
ECDSA |
Certs. #C699, #C700 and #C701 |
HMAC |
Certs. #C699, #C700 and #C701 |
KTS |
AES Certs. #C699 and #C700; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
AES Certs. #C699 and #C700 and HMAC Certs. #C699 and #C700; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
AES Cert. #C701; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
AES Cert. #C701 and HMAC Cert. #C701; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #C699, #C700 and #C701 |
SHS |
Certs. #C699, #C700 and #C701 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #C699, #C700 and #C701 with #C699, #C700 and #C701, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
BIG-IP i4000, BIG-IP i5000, BIG-IP i5820-DF, BIG-IP i7000, BIG-IP i7820-DF, BIG-IP i10800, BIG-IP i11800-DS, BIG-IP i15800, BIG-IP 5250v-F, BIG-IP 7200v-F, BIG-IP 10200v-F, BIG-IP 10350v-F, VIPRION B2250, VIPRION B4450
Firmware Versions
14.1.0.3 EHF