Cryptographic Module Validation Program CMVP

Certificate #2860

Details

Module Name
DocuSign HSM Appliance
Standard
FIPS 140-2
Status
Active
Sunset Date
3/7/2022
Validation Dates
03/08/2017;10/03/2017;04/10/2018
Overall Level
3
Caveat
When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
  • Mitigation of Other Attacks: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
DocuSign HSM Appliance is a high-performance cryptographic service provider. It performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #4029, #4031, #4640, #4641, #5283 and #5284
CVL Certs. #857, #1039, #1296, #1297, #1745 and #1746
DRBG Certs. #98, #1205, #1565 and #2030
ECDSA Certs. #900, #1143 and #1378
HMAC Certs. #2630, #2632, #3073, #3074, #3490 and #3491
KTS AES Cert. #4029 and HMAC Cert. #2630, AES Cert. #4641 and HMAC Cert. #3074 and AES Cert. #5284 and HMAC Cert. #3491
RSA Certs. #2069, #2533 and #2822
SHS Certs. #1465, #3325, #3326, #3804, #3805, #4242 and #4243
Triple-DES Certs. #2207, #2469 and #2669
Triple-DES MAC Triple-DES Certs. #2207, #2469 and #2669, vendor affirmed
Other Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
5.0
Firmware Versions
5.0.0, 5.0.2 and 5.0.3

Vendor

DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
Ezer.Farhi@docusign.com
Phone: 972-39279529
Fax: 972-39230864
Moshe Harel
Moshe.Harel@docusign.com
Phone: 972-3-9279578
Fax: 972-3-9230864

Lab

CYGNACOM SOLUTIONS INC
NVLAP Code: 200002-0