Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4782

Details

Module Name
DocuSign QSCD Appliance
Standard
FIPS 140-3
Status
Active
Sunset Date
8/27/2026
Overall Level
3
Caveat
Interim validation. When operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Hardware
Embodiment
Multi-Chip Stand Alone
Description
The DocuSign QSCD Appliance is a digital signature product intended to be used as a Qualified Signature Creation Device (QSCD) in a secure operational environment. It is a highly secure, high capacity network attached HSM. The device consists of COTS hardware, tamper resistance hardware, a hardened operating system, an internal database and server software.
Tested Configuration(s)
  • N/A
Approved Algorithms
AES-CBC
AES-CBC
AES-GCM
ECDSA KeyGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigVer (FIPS186-5)
HMAC DRBG
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
KAS-ECC-SSC Sp800-56Ar3
PBKDF
RSA KeyGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigVer (FIPS186-5)
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-512
SHA2-512
TLS v1.2 KDF RFC7627
Hardware Versions
2.0.0.0
Firmware Versions
1.2.0.7

Vendor

DocuSign, Inc.
221 Main St.
Suite 1550
San Francisco, CA 94105
USA

Moshe Harel
Moshe.Harel@docusign.com
Phone: 972-54-2448578
Fax: 972-3-9230864

Validation History

Date Type Lab
8/28/2024 Initial EWA CANADA