Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4430

Details

Module Name
Thales CipherTrust Manager Core Security Module
Standard
FIPS 140-2
Status
Active
Sunset Date
9/21/2026
Overall Level
1
Caveat
When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.
Security Level Exceptions
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.
Tested Configuration(s)
  • Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 with PAA
  • Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 without PAA
  • Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 with PAA
  • Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 without PAA
  • Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 with PAA
  • Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 without PAA
Approved Algorithms
AES Certs. #A1778, #A1779, #A2634 and #A2635
CKG vendor affirmed
CVL Cert. #A1779
DRBG Cert. #A1779
ECDSA Certs. #A1779 and #A2634
ENT P
HMAC Certs. #A1779 and #A2634
KAS-SSC Certs. #A1779 and #A2634
KDA Cert. #A1779
KTS AES Certs. #A1778 and #A1779; key establishment methodology provides between 128 and 256 bit of encryption strength
KTS AES Certs. #A1778 and #A1779 and HMAC Cert. #A1779; key establishment methodology provides 128 bits of encryption strength
KTS AES Certs. #A2634 and #A2635 and HMAC Cert. #A2634; key establishment methodology provides between 128 and 256 bit of encryption strength
KTS-RSA Cert. #A1779; key establishment methodology provides between 112 and 150 bits of encryption strength
PBKDF Cert. #A1779
RSA Cert. #A1779
SHA-3 Cert. #A1779
SHS Certs. #A1779 and #A2634
Triple-DES Certs. #A1779 and #A2634
Allowed Algorithms
RSA (Key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Software Versions
1.0.3

Vendor

Thales
20 Colonade Road
Suite 200m
Ottawa, ON K2E 7M6
Canada

Security & Certifications Team
securitycertifications@thalesgroup.com

Validation History

Date Type Lab
1/27/2023 Initial ACUMEN SECURITY, LLC