Module Name
Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module
Historical Reason
Moved to historical list in accordance with SP800-131A Revision 1 Transition (AES/TDES key wrapping)
Caveat
When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-chip embedded
Description
The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications.
Approved Algorithms
AES |
Cert. #2684 |
DRBG |
Certs. #434 and #786 |
DSA |
Cert. #813 |
ECDSA |
Cert. #470 |
HMAC |
Certs. #1671 and #2138 |
RSA |
Cert. #1384 |
SHS |
Certs. #2255 and #2782 |
Triple-DES |
Cert. #1610 |
Triple-DES MAC |
Triple-DES Cert. #1610, vendor affirmed |
Other Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); XOR_BASE_AND_DATA KDF (non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); SPKM KDF (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 KDF (non-compliant); Triple-DES KDF (Triple-DES Cert. #1610; non-compliant)
Hardware Versions
2870-G1
Firmware Versions
2r3 and 2r4