This page was not yet optimized for use on mobile devices.

SonicWall Capture Security Appliance (CSa) 1000

Certificate #4513

Webpage information ?

Status	active
Validation dates	08.05.2023
Sunset date	21-09-2026
Standard	FIPS 140-2
Security level	2
Type	Hardware
Embodiment	Multi-Chip Stand Alone
Caveat	When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Exceptions	Cryptographic Module Specification: Level 3 Roles, Services, and Authentication: Level 3 Design Assurance: Level 3 Mitigation of Other Attacks: N/A
Description	The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection™ (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization.
Version (Hardware)	101-500644-50 Rev A
Version (Firmware)	1.2
Vendor	SonicWall
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Document information ?

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-256, HMAC, HMAC-SHA-256

Asymmetric Algorithms

RSA 4096, ECDHE, ECDSA, ECC

Hash functions

SHA-1, SHA-256

Schemes

Key Exchange, Key Agreement

Protocols

SSH, TLS, TLS 1.2

Randomness

DRBG, RNG

Libraries

OpenSSL

Elliptic Curves

P-224, B-571

Block cipher modes

ECB, CBC, GCM

TLS cipher suites

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Trusted Execution Environments

SSC

Standards

FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 180-4, SP 800-52, SP 800-90A, SP 800-90B, SP 900-90B, SP 800-135, PKCS1

File metadata

Title:	Security Policy Doc Draft
Author:	Svati
Creation date:	D:20230321145817-04'00'
Modification date:	D:20230321145817-04'00'
Pages:	22
Creator:	Microsoft® Word for Microsoft 365
Producer:	Microsoft® Word for Microsoft 365

References

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

26.06.2023 The certificate data changed.
Certificate changed

The web extraction data was updated.
- The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf.
18.05.2023 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4513,
  "dgst": "34ac9f308cb2e1f6",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KTS#A1906",
        "RSA#A1906",
        "KAS#A1906",
        "KASCert.#A1906",
        "KAS-SSC#A1906",
        "DRBG#A1906",
        "HMAC#A1906",
        "ECDSA#A1906",
        "SHS#A1906",
        "CVL#A1906",
        "AES#A1906"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 3
          },
          "ECDH": {
            "ECDHE": 4
          },
          "ECDSA": {
            "ECDSA": 1
          }
        },
        "RSA": {
          "RSA 4096": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 3
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 6
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 2
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 4
        },
        "TLS": {
          "TLS": {
            "TLS": 47,
            "TLS 1.2": 4
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 10
        },
        "KEX": {
          "Key Exchange": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-571": 5,
          "P-224": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 2,
          "#2": 2
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES-256": 1,
          "HMAC 160": 1,
          "HMAC 160, 256": 1,
          "HMAC SHA-1": 2,
          "HMAC SHA-256 128": 1,
          "HMAC-SHA- 256 160": 2,
          "HMAC-SHA-1": 6,
          "HMAC-SHA-256": 2,
          "PKCS1": 4,
          "RSA 4096": 1,
          "SHA- 256": 1,
          "SHA-1": 5,
          "SHA-256": 6
        }
      },
      "fips_security_level": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 5
          },
          "SHA2": {
            "SHA-256": 6
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 10
        },
        "RNG": {
          "RNG": 1
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 10,
          "FIPS 180-4": 1,
          "FIPS 186-4": 6,
          "FIPS 197": 1
        },
        "NIST": {
          "SP 800-135": 1,
          "SP 800-52": 1,
          "SP 800-90A": 1,
          "SP 800-90B": 1,
          "SP 900-90B": 1
        },
        "PKCS": {
          "PKCS1": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 8,
            "AES-256": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 7,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 4
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1
        }
      },
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Svati",
      "/CreationDate": "D:20230321145817-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230321145817-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "/Title": "Security Policy Doc Draft",
      "pdf_file_size_bytes": 496796,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-NISTSP800-133r2KeyRecommendationsforKeyGeneration",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-NISTreferences",
          "https://csrc.nist.gov/publications/detail/sp/800-90b/final",
          "https://blog.sonicwall.com/en-us/2020/08/bring-the-power-of-rtdmi-analysis-on-premises-with-csa-1000/",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPSValidationLists",
          "https://github.com/sonicwall/sonicwall-capture-api-python",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedKeyEstablishmentTechniques",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPSImplementationGuidanceforValidation",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedSecurityFunctionsAnnexA",
          "https://csrc.nist.gov/publications/detail/sp/800-135/rev-1/final",
          "https://engineering.eng.sonicwall.com/display/CAP/FIPS+Compliance+Worksheet?flashId=1974261095#FIPSComplianceWorksheet-FIPS140-2ApprovedRandomNumberGeneratorsAnnexC",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34515"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 22
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "939824f22e88fd7113d316d22128f438684b84d21e908c86d8d9d9e53389352d",
    "policy_txt_hash": "7b66cfd520b19c3b4f3769a574693c8a8113350b3254ea8d2335322575efcbfb"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "The SonicWall Capture Security appliance (CSa) brings Capture Advanced Threat Protection\u2122 (ATP) and sandboxing malware analysis to on-premises deployment scenarios for customers with compliance and policy restrictions against sending files to cloud analysis, or who prefer for all of their data to remain inside their organization.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Cryptographic Module Specification: Level 3",
      "Roles, Services, and Authentication: Level 3",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "1.2",
    "historical_reason": null,
    "hw_versions": "101-500644-50 Rev A",
    "level": 2,
    "mentioned_certs": {},
    "module_name": "SonicWall Capture Security Appliance (CSa) 1000",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-08",
        "lab": "DEKRA Testing and Certification S.A.U",
        "validation_type": "Initial"
      }
    ],
    "vendor": "SonicWall",
    "vendor_url": "http://www.sonicwall.com"
  }
}