Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4225

Details

Module Name
X4i Hardware Security Module (HSM)
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
3
Caveat
When operated in FIPS Mode. No assurance of the minimum strength of generated keys.
Module Type
Hardware
Embodiment
Single Chip
Description
The X4i HSM is a single chip cryptographic module using the Maxim MAX32590 hardware. The central purpose of the module is as a physical computing device that safeguards and manages cryptographic keys and provides cryptographic services to connected host devices.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES Cert. #5954
CKG vendor affirmed
DRBG Cert. #C472
ECDSA Cert. #C476
HMAC Cert. #C464
KAS KAS-SSC Cert. #A1869, KDA Cert. #A1869
KAS-SSC Cert. #A1869
KDA Cert. #A1869
KTS AES Cert. #5954; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Cert. #5954 and HMAC Cert. #C464
RSA Cert. #C477
SHS Cert. #C295
Allowed Algorithms
N/A
Hardware Versions
MAX32590 Secure Microcontroller Revision B4
Firmware Versions
PB Bootloader Version 00.00.0016, HSM Application Version 21.04.0008, and Device Abstraction Layer (DAL) Version 01.02.002F

Vendor

Pitney Bowes, Inc.
27 Waterview Drive
Shelton, CT 06484
USA

Brian Hannigan
brian.hannigan@pb.com
Phone: 203-796-3201
Fax: 203-749-7491

Validation History

Date Type Lab
5/12/2022 Initial PENUMBRA SECURITY