Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #4100

Historical - The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.

Details

Module Name

Sophos Cryptographic Module

Standard

FIPS 140-2

Status

Historical

Historical Reason

Moved to historical list due to sunsetting

Overall Level

Caveat

When operated in FIPS mode. No assurance of the minimum strength of generated keys.

Security Level Exceptions

Roles, Services, and Authentication: Level 2
Physical Security: N/A
Design Assurance: Level 3
Mitigation of Other Attacks: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

The Sophos Cryptographic Module is a general-purpose cryptographic library incorporated into the Sophos Firewall systems to provide FIPS 140-2 validated cryptography for the protection of sensitive information.

Tested Configuration(s)

Sophos Firewall Operating System (SFOS) 18.5 running on XGS 3100 with AMD Ryzen Embedded V1780B with PAA
Sophos Firewall Operating System (SFOS) 18.5 running on XGS 3100 with AMD Ryzen Embedded V1780B without PAA (single user mode)

Approved Algorithms

AES	Cert. #A1398
CKG	vendor affirmed
DRBG	Cert. #A1398
DSA	Cert. #A1398
ECDSA	Cert. #A1398
HMAC	Cert. #A1398
KAS-SSC	vendor affirmation
RSA	Cert. #A1398
SHS	Cert. #A1398
Triple-DES	Cert. #A1398

Allowed Algorithms

RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Software Versions

1.0

Product URL

https://www.sophos.com/en-us/products/next-gen-firewall.aspx

Vendor

Sophos Limited
The Pentagon, Abingdon Science Park
Abingdon OX14 3YP
United Kingdom

Martin Becker
[email protected]

Related Files

Security Policy
Consolidated Certificate

Validation History

Date	Type	Lab
12/13/2021	Initial	Acumen Security