Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3104


Module Name
FIPS 140-2
 Historical Reason
SP 800-56Arev3 transition
Overall Level
When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. There is no assurance of the minimum strength of generated keys
Security Level Exceptions
  • Cryptographic Module Ports and Interfaces: Level 3
  • Roles, Services, and Authentication: Level 3
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Multi-Chip Stand Alone
The FortiWeb OS is a firmware operating system that runs exclusively on Fortinet's FortiWeb product family. FortiWeb units are PC-based, purpose built appliances.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES Cert. #4461
CKG vendor affirmed
CVL Cert. #1169
DRBG Cert. #1434
HMAC Cert. #2960
KTS AES Cert. #4461 and HMAC Cert. #2960; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #2437
SHS Cert. #3673
Allowed Algorithms
Diffie-Hellman (CVL Cert. #1169, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (CVL Cert. #1169, key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
C1AD49 and C1AF19 with Tamper Evident Seal Kits: FIPS-SEAL-RED
Firmware Versions
v5.6.0, build 6180,170928


Fortinet, Inc.
1826 Robertson Road
Ottawa, ON K2H 5Z6

Alan Kaye
Phone: 613-225-9381
Fax: 613-225-2951

Validation History

Date Type Lab
1/5/2018 Initial CGI Information Systems & Management Consultants Inc