Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #2969

Details

Module Name
Trellix OpenSSL FIPS Object Module
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
1
Caveat
When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Trellix OpenSSL FIPS module provides cryptographic services for Trellix products.
Tested Configuration(s)
  • Darwin 10.15.7 (MacOS) on ESXi 6.7.0 running on MacBook Pro 13 with Intel® Xeon® CPU E5-1680 with PAA (clang-1200.0.32.29)
  • Darwin 10.15.7 (MacOS) on ESXi 6.7.0 running on MacBook Pro 13 with Intel® Xeon® CPU E5-1680 without PAA (clang-1200.0.32.29)
  • McAfee Linux Operating System v3.8.0 running on Dell PowerEdge 610 with Intel® Xeon® CPU X5560 with PAA (gcc 4.8.5)
  • SUSE Enterprise 12 SP3 on Vmware ESXi 6.7.0 running on Intel Taylor Pass 2U Xeon DP Quad Board Server with Intel® Xeon® CPU E5-2699 with PAA (gcc 7.5.0)
  • Ubuntu Server 16.04 on Vmware ESXi 6.7.0 running on Intel Taylor Pass 2U Xeon DP Quad Board Server with Intel® Xeon® CPU E5-2699 with PAA (gcc 10.2.0)
  • Windows 10 32-bit on Vmware ESXi 6.7.0 running on Intel Taylor Pass 2U Xeon DP Quad Board Server with Intel® Xeon® CPU E5-2699 without PAA (Microsoft Visual Studio Professional 2017 15.8.5)
  • Windows Server 2019 H2 64-bit on Vmware ESXi 6.7.0 running on Intel Taylor Pass 2U Xeon DP Quad Board Server with Intel® Xeon® CPU E5-2699 without PAA (Microsoft Visual Studio Professional 2017 15.8.5) (single-user mode)
Approved Algorithms
AES Cert. #A2624
CKG vendor affirmed
DRBG Cert. #A2624
DSA Cert. #A2624
ECDSA Cert. #A2624
HMAC Cert. #A2624
KAS-SSC Cert. #A2624
RSA Cert. #A2624
SHS Cert. #A2624
Allowed Algorithms
RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength)
Software Versions
1.0.3

Vendor

Trellix
6220 America Center Dr.
San Jose, CA 95002
USA

Product Certifications
sec_certs@mcafee.com

Validation History

Date Type Lab
7/25/2017 Initial ACUMEN SECURITY, LLC
11/16/2017 Update ACUMEN SECURITY, LLC
7/28/2021 Update ACUMEN SECURITY, LLC
7/11/2022 Update ACUMEN SECURITY, LLC
7/20/2022 Update ACUMEN SECURITY, LLC