U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4090

Details

Module Name
Thales Luna K7 Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
3
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per Security Policy.
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
The Thales Luna K7 Cryptographic Module is a high-assurance, tamper-resistant Hardware Security Module which secures sensitive data and critical applications by storing, protecting and managing cryptographic keys. It provides end users with industry-leading security and performance, and can quickly be embedded directly into servers and security appliances for FIPS 140-2 validated key security. The module meets compliance and audit needs for FIPS 140, HIPAA, PCI-DSS, eIDAS, GDPR.
Tested Configuration(s)
  • N/A
FIPS Algorithms
AES Certs. #C1707 and #C1718
CKG vendor affirmed
CVL Certs. #A480, #C1707, #C1717, #C1718 and #C1719
DRBG Cert. #C1707
DSA Certs. #C1707 and #C1718
ECDSA Certs. #C1707 and #C1718
HMAC Certs. #C1707 and #C1718
KAS Cert. #A480; key establishment methodology provides 256 bits of encryption strength
KAS KAS-SSC Certs. #A478 and #A480, KDA Cert. #A480, CVL Cert. #A480; key establishment methodology provides between 128 and 256 bits of encryption strength
KAS-RSA Certs. #A478, #A479, #A480 and #A481; key establishment methodology provides 150 bits of encryption strength
KAS-SSC Certs. #A478 and #A480
KBKDF Cert. #C1707
KDA Cert. #A480
KTS AES Certs. #C1707 and #C1718; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS-RSA Certs. #A478, #A479, #A480 and #A481; key establishment methodology provides between 112 and 150 bits of encryption strength
PBKDF Cert. #A480
RSA Certs. #A478, #A479, #A480, #A481, #C1701, #C1707, #C1717, #C1718 and #C1719
SHS Certs. #C1701, #C1707 and #C1718
Triple-DES Cert. #C1707
Allowed Algorithms
AES (Cert. #C1707, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Certs. #C1707, #C1717, #C1718 and #C1719, key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Triple-DES (Cert. #C1707, key unwrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
808-000048-002, 808-000048-003, 808-000066-001, 808-000073-001, 808-0000073-002
Firmware Versions
7.7.0 or 7.7.1 with Boot Loader versions 1.1.1, 1.1.2 or 1.1.4

Vendor

Thales
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security & Certifications Team
SecurityCertifications@thalesgroup.onmicrosoft.com

Validation History

Date Type Lab
12/2/2021 Initial EWA CANADA
4/29/2022 Update LEIDOS CSTL