Module Name
FortiGate-6301F/6501F
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and installed, initialized and configured as specified in the FIPS 140-2 Compliant Operation Section of the Security Policy with the tamper evident seals and entropy token installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Design Assurance: Level 3
Embodiment
Multi-Chip Stand Alone
Description
The FortiGate-6301F and FortiGate-6501F are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.
Approved Algorithms
| AES |
Certs. #C531, #C599 and #C644 |
| CVL |
Certs. #C531, #C599 and #C644 |
| DRBG |
Cert. #C613 |
| ECDSA |
Certs. #C531, #C599 and #C644 |
| HMAC |
Certs. #C531, #C599 and #C644 |
| KTS |
AES Cert. #C644 and HMAC Cert. #C644; key establishment methodology provides 128 or 256 bits of encryption strength |
| KTS |
AES Cert. #C644; key establishment methodology provides 128 or 256 bits of encryption strength |
| RSA |
Certs. #C531 and #C644 |
| SHS |
Certs. #C531, #C599 and #C644 |
Allowed Algorithms
Diffie-Hellman (CVL Certs. #C599 and #C644, key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #C644, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
C1AG85, C1AG83 with Tamper Evident Seal Kits: FIPS-SEAL-RED
Firmware Versions
FortiOS 5.6, build4265,190820
