Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4497


Module Name
FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0
FIPS 140-2
Sunset Date
Overall Level
When operated in FIPS mode with the tamper evident seals and entropy token installed as indicated in the Security Policy. Authentication at level 3 is only applicable when identity-based authentication is enforced for the User role. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Roles, Services, and Authentication: Level 3
Module Type
Multi-Chip Stand Alone
The FortiGate Next-Generation Firewalls with FortiOS 6.4/7.0 are multiple chip, standalone cryptographic modules consisting of production grade components contained in a physically protected enclosure in accordance with FIPS 140-2 Level 2 requirements.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270
CVL Certs. #A2240, #A2242, #A2269 and #A2270
DRBG Certs. #A2225 and #A2229
ECDSA Certs. #A2240, #A2242, #A2269 and #A2270
HMAC Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270
KAS KAS-SSC Certs. #A2269 and #A2270, CVL Certs. #A2269 and #A2270
KAS-SSC Certs. #A2269 and #A2270
KTS AES Certs. #A2269 and #A2270 and HMAC Certs. #A2269 and #A2270; key establishment methodology provides 128 or 256 bits of encryption strength
KTS AES Certs. #A2269 and #A2270; key establishment methodology provides 128 or 256 bits of encryption strength
RSA Certs. #A2240, #A2242, #A2269 and #A2270
SHS Certs. #A2225, #A2229, #A2240, #A2242, #A2269 and #A2270
Allowed Algorithms
Hardware Versions
FortiGate-40F (C1AJ53) [1] [2], FortiGateRugged-60F (C1AJ89) [1] [2], FortiGate-60F (C1AJ22) [1] [2], FortiGate-61F (C1AJ23) [1] [2], FortiWiFi-60F (C1AJ24) [1] [2], FortiWiFi-61F (C1AJ25) [1] [2], FortiGate-80F (C1AK17) [1] [2], FortiGate-81F (C1AK18) [1] [2], FortiGate-100F (C1AJ43) [1] [2], FortiGate-101F (C1AJ44) [1] [2], FortiGate-200F (C1AJ87) [1] [2], FortiGate-201F (C1AJ88) [1] [2], FortiGate-600E (C1AH98) [1] [2], FortiGate-601E (C1AH71) [1] [2], FortiGate-1100E (C1AJ67) [1] [2], FortiGate-1101E (C1AJ13) [1] [2], FortiGate-1800F (C1AJ82) [1], FortiGate-1801F (C1AJ83) [1], FortiGate-2600F (C1AK55) [1], FortiGate-2601F (C1AK56) [1], FortiGate-3300E (C1AJ42) [1] [2], FortiGate-3301E (C1AJ38) [1] [2], FortiGate-3400E (C1AH84) [1] [2], FortiGate-3401E (C1AH85) [1] [2], FortiGate-3600E (C1AH86) [1] [2], FortiGate-3601E (C1AH57) [1] [2], FortiGate-4200F (C1AH81) [1], FortiGate-4201F (C1AJ94) [1], FortiGate-4400F (C1AH79) [1], FortiGate-4401F (C1AJ45) [1], FortiGate-6300F (C1AG83) [1], FortiGate-6301F (C1AG85) [1], FortiGate-6500F (C1AG84) [1] and FortiGate-6501F (C1AG86) [1] with Tamper Evident Seal Kit: FIPS-SEAL-RED
Firmware Versions
FortiOS 6.4 (FIPS-CC-64-5) [1] and FortiOS 7.0 (FIPS-CC-70-6) [2]


Fortinet, Inc.
16 Fitzgerald Road
Ottawa, ON K2H 8R6

Alan Kaye
Phone: 613-225-9381 x87416
Fax: 613-225-2951

Validation History

Date Type Lab
5/2/2023 Initial Lightship Security, Inc.