Cryptographic Module Validation Program CMVP

Module Name

Thales Luna K7 Cryptographic Module

Standard

FIPS 140-3

Status

Active

Sunset Date

4/1/2029

Overall Level

3

Caveat

When operated in approved mode

Security Level Exceptions

• Operational environment: N/A
• Non-invasive security: N/A
• Mitigation of other attacks: N/A
• Documentation requirements: N/A
• Cryptographic module security policy: N/A

Module Type

Hardware

Embodiment

Multi-Chip Embedded

Description

The Thales Luna K7 Cryptographic Module is a multi-chip embedded hardware cryptographic module in the form of a PCIe card which typically resides within a custom computing or secure communications appliance.

Tested Configuration(s)

• N/A

Approved Algorithms

Allowed Algorithms

AES Cert. #C1707 (Key unwrapping; SSP establishment methodology provides between 128 and 256 bits of encryption strength; Clone partition objects between partitions, Clone SMK between partitions, Import secret or private key using key wrapping.);Triple-DES Cert #C1707 (Key unwrapping; SSP establishment methodology provides 112 bits of encryption strength; Import secret or private key using key wrapping.);KAS-ECC-SSC Cert. #A480 (Key establishment methodology provides between 112 and 256-bits of encryption strength.; Derive key from existing partition secret or private key object.);KAS-ECC-SSC Cert. #A478 (Key establishment methodology provides between 112 and 256-bits of encryption strength.; Derive key from existing partition secret or private key object.)

Entropy

ENT (P)

Hardware Versions

808-000048-002, 808-000048-003, 808-000066-001, 808-000073-001, 808-000073-002

Firmware Versions

7.8.4 with bootloader version 1.1.1, 1.1.2, 1.1.4 or 1.1.5