Module Name
Vormetric Data Security Manager Virtual Appliance Module
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode.
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: N/A
- Cryptographic Key Management: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Vormetric Data Security Virtual Appliance Module is a multi-chip standalone cryptographic module. The Vormetric Data Security Virtual Appliance Module is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module.
Tested Configuration(s)
- Centos 7.2 (64 bits) on VMware ESXi 6.5 running on a Supermicro SSG-2028R-E1CR24N with an Intel Xeon (single-user mode)
Approved Algorithms
AES |
Certs. #4846 and #5536 |
CKG |
vendor affirmed |
CVL |
Certs. #1482 and #1979 |
DRBG |
Cert. #1703 |
ECDSA |
Cert. #1240 |
HMAC |
Certs. #3246 and #3688 |
KTS |
AES Cert. #4846 and HMAC Cert. #3246; key establishment methodology provides 128 or 256 bits of
encryption strength |
KTS |
AES Cert. #5536 |
RSA |
Certs. #2664 and #2970 |
SHS |
Certs. #3987 and #4443 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #1482 and #1979, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)