Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4745

Details

Module Name
nShield 5s Hardware Security Module
Standard
FIPS 140-3
Status
Active
Sunset Date
7/30/2029
Overall Level
3
Caveat
When installed, initialized and configured as specified in Section 11.3 of the Security Policy
Security Level Exceptions
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
The nShield 5s PCIe Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing.
Tested Configuration(s)
  • n/a
Approved Algorithms
AES-CBC
AES-CMAC
AES-CTR
AES-ECB
AES-ECB
AES-GCM
AES-GCM
AES-KW
AES-KWP
DSA KeyGen (FIPS186-4)
DSA PQGGen (FIPS186-4)
DSA PQGVer (FIPS186-4)
DSA SigGen (FIPS186-4)
DSA SigVer (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
Hash DRBG
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
KAS-ECC Sp800-56Ar3
KAS-ECC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-FFC Sp800-56Ar3
KAS-FFC Sp800-56Ar3
KDF SP800-108
KDF SSH
KTS-IFC
RSA KeyGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
Safe Primes Key Generation
Safe Primes Key Verification
SHA-1
SHA2-224
SHA2-256
SHA2-256
SHA2-256
SHA2-384
SHA2-512
SHA2-512
SHA3-224
SHA3-256
SHA3-384
SHA3-512
Allowed Algorithms
ECDSA (Cert. #A2513) (when used with non-approved Brainpool elliptic curves P224r1/P224t1, P256r1/P256t1, P320r1/P320t1, P384r1/P384t1 and P512r1/P512t1; Key generation Signature generation and verification);KAS-ECC (Cert. #A2513) (when used with non-approved Brainpool elliptic curves P224r1/P224t1, P256r1/P256t1, P320r1/P320t1, P384r1/P384t1 and P512r1/P512t1; Key establishment)
Hardware Versions
PCA10005-01 revision 03 and 04
Firmware Versions
primary-version 13.2.4; recovery-version 13.2.4; uboot-version 1.1.0

Vendor

Entrust
One Station Square
Cambridge, Cambridgeshire CB1 2GA
United Kingdom

Security Certification Team
DPS-Certification@entrust.com
Phone: 888-888-8888

Validation History

Date Type Lab
7/31/2024 Initial Lightship Security, Inc.