Module Name
F5® Device Cryptographic Module
Historical Reason
SP 800-56Arev3 transition - replaced by certificate #4465
Caveat
When operated in FIPS Mode and configured as specified in the section 8 of the Security Policy with tamper evident labels contained in F5-ADD-BIG-FIPS140 kit and installed as indicated in the Security Policy section 4.
Security Level Exceptions
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
F5® Device Cryptographic Module, Application Delivery Controller and Firewall software running on F5 BIG-IP.
Approved Algorithms
AES |
Certs. #C701, #C1306 and #C1307 |
CVL |
Certs. #C701, #C1306 and #C1307 |
DRBG |
Certs. #C701, #C1306 and #C1307 |
ECDSA |
Certs. #C701, #C1306 and #C1307 |
HMAC |
Certs. #C701, #C1306 and #C1307 |
KTS |
AES Certs. #C1306 and #C1307; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
AES Certs. #C1306 and #C1307 and HMAC Certs. #C1306 and #C1307; key establishment methodology provides 128 or 256 bits of encryption strength |
KTS |
AES Cert. #C701; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
AES Cert. #C701 and HMAC Cert. #C701; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #C701, #C1306 and #C1307 |
SHS |
Certs. #C701, #C1306 and #C1307 |
Allowed Algorithms
EC Diffie-Hellman (CVL Certs. #C701, #C1306 and #C1307 with CVL Certs. #C701, #C1306 and #C1307, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Hardware Versions
BIG-IP i7800 and BIG-IP 10350v-F with FIPS Kit P/N: F5-ADD-BIG-FIPS140