Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #2765


Module Name
FortiOS 5.2
FIPS 140-2
 Historical Reason
Moved to historical list due to sunsetting
Overall Level
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys
Security Level Exceptions
  • Cryptographic Module Ports and Interfaces: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
Module Type
Multi-Chip Stand Alone
The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities.
Tested Configuration(s)
  • FortiGate-300D with the Fortinet entropy token (part number FTR-ENT-1)
Approved Algorithms
AES Certs. #3963 and #3964
CVL Certs. #794 and #795
DRBG Cert. #1161
HMAC Certs. #2581 and #2582
RSA Cert. #2024
SHS Certs. #3267 and #3268
Triple-DES Certs. #2172 and #2173
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Firmware Versions
5.2.7, build0718,160328


Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3

Alan Kaye
Phone: 613-225-9381 x7416
Fax: 613-225-2951

Validation History

Date Type Lab
10/7/2016 Initial CGI Information Systems & Management Consultants Inc