Module Name
Forcepoint Next Generation Firewall
Historical Reason
SP 800-56Arev3 transition
Caveat
When configured as specified in the section 3 Secure Operation of the Security Policy with tamper evident labels SKU ACFIPS3 Forcepoint NGFW FIPS Kit installed as indicated in the Security Policy.
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
Forcepoint NGFW is a next generation firewall that blocks malicious attacks and prevents the theft of data and intellectual property while transforming infrastructure and increasing the efficiency of your operations. With Forcepoint NGFW, painlessly handle the rapid shift to encrypted transmissions for both incoming and outgoing traffic.
Approved Algorithms
| AES |
Certs. #5168, #5511, #5512, #5513, #5514, #5515 and #5516 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1676, #1957, #1958, #1959, #1960, #1961 and #1962 |
| DRBG |
Certs. #1946, #2179, #2180 and #2181 |
| ECDSA |
Certs. #1339, #1480, #1481 and #1482 |
| HMAC |
Certs. #3429, #3667, #3668, #3669, #3670, #3671 and #3672 |
| KBKDF |
Certs. #230, #231 and #232 |
| KTS |
AES Certs. #5511, #5512 and #5513 |
| KTS |
AES Certs. #5168, #5514, #5515 and #5516; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Certs. #5168, #5511, #5512, #5513, #5514 and #5516 and HMAC Certs. #3429, #3667, #3668, #3669, #3670, #3671 and #3672; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
Triple-DES Certs. #2632, #2774, #2775, #2776, #2777, #2778, #2779 and HMAC Certs. #3429, #3667, #3668, #3669, #3670, #3671 and #3672; key establishment methodology provides 112 bits of encryption strength |
| PBKDF |
vendor affirmed |
| RSA |
Certs. #2777, #2957, #2958 and #2959 |
| SHS |
Certs. #4175, #4422, #4423, #4424, #4425, #4426 and #4427 |
| Triple-DES |
Certs. #2632, #2774, #2775, #2776, #2777, #2778 and #2779 |
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1676, #1957, #1959 and #1961 with CVL Certs. #1958, #1960 and #1962, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
1101, 2101, 2105, 3305, and 6205
Firmware Versions
6.4.1.20056.fips.8
