Caveat
When utilizing a Trusted Path as specified in the security policy
Embodiment
Multi-Chip Stand Alone
Description
The ENFORCER R1 provides a physically secure, Level 4 enclosure protecting CSPs and cryptographic data. A physical tamper event on the enclosure immediately zeroizes module CSPs. It provides a KMIP (Key Management Interoperability Protocol) service for key management to external users. It also provides additional services for module management, module configuration, and for building higher-level application scenarios such as integration into cloud and data center environments.
Approved Algorithms
| AES |
Certs. #5073 and #C1028 |
| CKG |
vendor affirmed |
| CVL |
Certs. #1633, #1634, and #1635 |
| DRBG |
Cert. #C558 |
| DSA |
Cert. #1336 |
| ECDSA |
Cert. #1316 |
| HMAC |
Cert. #3385 |
| KAS-SSC |
vendor affirmed; key establishment methodology provides 112 bits of encryption strength |
| KTS |
AES Cert. #5073 |
| RSA |
Cert. #2751 |
| SHS |
Cert. #4131 |
Allowed Algorithms
NDRNG; RSA (CVL Cert. #1635, key wrapping; key establishment methodology provides between 112 and 149 bits of encryption strength)
Hardware Versions
(ENFORCER.R1.A2SDi.1.0.0, ENFORCER.R1.X10SDV.1.0.0, ENFORCER.R1.M11SDV.1.0.0 or ENFORCER.R1.X11SDV.1.0.0) and other excluded components identified in Security Policy Section 1.4
Firmware Versions
Security Anchor Firmware 1.2.0, Libdrbg 1.0.2, and Libucl 2.5.13
