Module Name
FortiMail 6.0
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. There is no assurance of the minimum strength of generated keys
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 6.0 offers both inbound and outbound scanning, advanced antispam and antimalware protection, content disarm and reconstruction, URI click protection, Advanced Threat Protection through integration with FortiSandbox in the cloud or on-prem, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities.
Tested Configuration(s)
- FortiMail-2000E with the Fortinet entropy token (part number FTR-ENT-1 or FTR-ENT-2)
Approved Algorithms
| AES |
Cert. #5321 |
| CKG |
Vendor Affirmed |
| CVL |
Certs. #1786 and #1787 |
| DRBG |
Cert. #2050 |
| HMAC |
Cert. #3517 |
| KTS |
AES Cert. #5321 and HMAC Cert. #3517; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Cert. #2849 |
| SHS |
Cert. #4271 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. 1786 and 1787, key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength); EC Diffie-Hellman (CVL Certs. 1786 and 1787, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Firmware Versions
FortiMail v6.0, build108,180731
