FIPS 140-2 is one of many cryptographic standards maintained by the Computer Security division of NIST, the US National Institute for Standards and Technology. NIST, in conjunction with the Canadian Communications Security Establishment (CSE) operates the Crypto Module Validation Program (CMVP), through which security products are validated.
Thales develops cryptographic products and subsystems which conform to the FIPS 140-2 standard. The following have been validated under the CVMP as meeting the FIPS 140-2 version of the standard:
- Secure Generic Sub-System (SGSS), the cryptographic module used in:
- Host Security Module (HSM 8000 series)
- P3™ Product Range (P3CM)
- Datacryptor (Layer 3 IP)
- Datacryptor (Bulk and Link Layer 2)
- Thales Secure Processing Platform (TSPP), the cryptographic module used in:
- nShield Solo family (PCI/ PCIe cards)
- nShield Connect
- nToken (used with the nShield Connect)
- keyAuthority
To view the Thales FIPS 140-2 entries on the NIST website for the Secure Generic Sub-System click here, and for the Thales Secure Processing Platform click here.
To view the latest Thales FIPS 140-2 entries on the NIST website for the Datacryptor 2000, Datacryptor AP and Small Form Factor family, Link, Frame Relay, E1/T1, E3/T3 and IP models using SGSS V3.4 click here. For the Datacryptor Ethernet Layer 2 100Mbps, click here. For the Datacryptor Ethernet Layer 2 1 Gbps and 10Gbps Models, click here. For the Datacryptor SONET/SDH OC-3/12/48/192C, click here. In addition, all Datacryptor AP and Datacryptor 2000 cryptographic algorithms have been validated under the NIST Crypto Algorithm Validation Program (CAVP). For links to the NIST website for CAVP entries for Thales Datacryptor, click on the following algorithms: TDES, AES, SHA-1, DSA, HMAC or RNG.
To view the Thales FIPS 140-2 entry for keyAuthority, click here.
For links to the NIST website for Thales FIPS 140-2 entries for the two most recent versions of nShield products and the most recent version of our time stamping products, click on the number in the table below:
|
Product
|
Initialized in
normal mode
|
Initialized in
strict FIPS mode
|
|
nShield PCI 500 F2
|
1202, 1740
|
N/A
|
|
nShield PCI 2000 F2 & PCI 4000 F2
|
1201, 1737
|
N/A
|
|
nShield 500e F2 & 6000e F2
|
1196, 1743
|
N/A
|
|
nShield PCI 500 F3
|
1200, 1746
|
1198, 1741
|
|
nShield PCI 2000 F3 & PCI 4000 F3
|
1199, 1746
|
1195, 1708
|
|
nShield 500e F3 & 6000e F3
|
1203, 1733
|
1197, 1742
|
|
netHSM 500
|
1200, 1746
|
1198, 1741
|
|
netHSM 2000
|
1199, 1746
|
1195, 1708
|
|
nShield Connect 500
|
1203, 1733
|
1197, 1742
|
|
nShield Connect 1500
|
1203, 1733
|
1197, 1742
|
|
nShield Connect 6000
|
1203, 1733
|
1197, 1742
|
|
nToken PCI
|
967, 1738
|
N/A
|
|
nToken PCIe
|
971, 1744
|
N/A
|
|
nShield F3 10
|
1200, 1705
|
1198, 1741
|
|
nShield Edge F2
|
971, 1744
|
N/A
|
|
nShield Edge F3
|
971, 1744
|
972, 1739
|
|
Time Stamp Server
|
1203
|
1197
|
|
Time Source Master Clock
|
1739
|
1739
|
Finally, products currently undergoing FIPS 140-2 validation can be viewed here.