Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #3321


Module Name
Pitney Bowes X4 Hardware Security Module (HSM)
FIPS 140-2
 Historical Reason
SP 800-56Arev3 transition
Overall Level
When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy
Module Type
Single Chip
The X4 HSM is a single chip cryptographic module using the Maxim MAX32590 hardware. The central purpose of the module is as a physical computing device that safeguards and manages cryptographic keys and provides cryptographic services to connected host devices. The module uses a number of strong identity based authentication mechanisms to provide authentication, integrity, and when necessary non-repudiation.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES Certs. #2826 and #2936
CKG vendor affirmed
CVL Certs. #334 and #1138
DRBG Cert. #487
DSA Cert. #871
ECDSA Cert. #529
HMAC Cert. #1769
KAS Cert. #49
KTS AES Cert. #2936; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Cert. #1539
SHS Cert. #2369
Allowed Algorithms
Hardware Versions
Part # 4W84001 Rev AAA (MAX32590 Secure Microcontroller Revision B4)
Firmware Versions
Device Abstraction Layer (DAL) Version 01.01.0103; PB Bootloader Version 00.00.0016; HSM Application Version 21.01.0021


Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810

Brian Hannigan
Phone: 203-796-3201
Fax: 203-749-7491

Validation History

Date Type Lab
11/6/2018 Initial PENUMBRA SECURITY