Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #4175

Historical - The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.

Details

Module Name

Octopus Authentication Server Cryptographic Module

Standard

FIPS 140-2

Status

Historical

Historical Reason

Moved to historical list due to sunsetting

Overall Level

Caveat

When operated in FIPS mode. No assurance of the minimum strength of generated keys.

Security Level Exceptions

Roles, Services, and Authentication: Level 2
Physical Security: N/A
Design Assurance: Level 3
Mitigation of Other Attacks: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

The Octopus Authentication Server manages the authentication requests and the connection to the application on the mobile device to get the user approval.

Tested Configuration(s)

Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with Intel® Xeon® Silver 4114 with PAA
Oracle® Linux 7.6 64 bit running on Oracle® X7-2 Server with Intel® Xeon® Silver 4114 without PAA (single-user mode)

Approved Algorithms

AES	Cert. #C1651
CKG	vendor affirmed
DRBG	Cert. #C1651
DSA	Cert. #C1651
ECDSA	Cert. #C1651
HMAC	Cert. #C1651
KAS-SSC	vendor affirmed
RSA	Cert. C1651
SHS	Cert. #C1651
Triple-DES	Cert. #C1651

Allowed Algorithms

RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

Software Versions

1.0

Product URL

https://doubleoctopus.com/products/the-octopus-passwordless-enterprise/

Vendor

Secret Double Octopus
1600 El Camino Real
Ste, 280
Menlo Park, CA 94025
USA

Shimrit Tzur David
shimritd@doubleoctopus.com
Phone: +972-50-8994958

Related Files

Security Policy
Consolidated Certificate

Validation History

Date	Type	Lab
3/13/2022	Initial	ACUMEN SECURITY, LLC