This page was not yet optimized for use on mobile devices.

Thales CipherTrust Manager Core Security Module

Certificate #4430

Webpage information ?

Status	active
Validation dates	27.01.2023
Sunset date	21-09-2026
Standard	FIPS 140-2
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.
Exceptions	Physical Security: N/A Design Assurance: Level 3 Mitigation of Other Attacks: N/A
Description	The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.
Tested configurations	Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 with PAA Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 without PAA Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 with PAA Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 without PAA Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 with PAA Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 without PAA
Vendor	Thales
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Document information ?

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, AES-128, AES-, AES-256, DES, TDES, TDEA, Triple-DES, Poly1305, ARIA, SEED, HMAC, CMAC, CBC-MAC

Asymmetric Algorithms

ECDH, ECDHE, ECDSA, ECC, DH, Diffie-Hellman, DHE

Hash functions

SHA-1, SHA1, SHA2, SHA-3, SHA3, SHA3-224, SHA3-384, SHA3-512, SHA3-256, PBKDF

Schemes

MAC, Key Agreement

Protocols

SSH, TLS, TLS 1.2, TLS 1.3, TLS 1.0, TLS 1.1

Randomness

DRBG, RNG

Elliptic Curves

P-224, P-256, P-384, curve P-224, curve P-256, P-521, P-512

Block cipher modes

ECB, CBC, CTR, GCM

TLS cipher suites

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA

Trusted Execution Environments

SSC

Vendor

Thales

Security level

Level 1

Standards

FIPS 140-2, FIPS 180-4, FIPS 186-4, FIPS 197, FIPS 202, FIPS 198-1, PKCS #1, PKCS#1, RFC5246, RFC 5246, RFC5288, RFC 5288, RFC5639, RFC 5639, RFC7516, RFC 7516, RFC8446, RFC 8446, X.509

File metadata

Author:	Costa Graham
Creation date:	D:20221121142454-05'00'
Modification date:	D:20221121142454-05'00'
Pages:	84
Creator:	Microsoft® Word 2016
Producer:	Microsoft® Word 2016

References

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

09.02.2023 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4430,
  "dgst": "bfb0f696b1e31571",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KTS-RSA#A1779",
        "DRBG#A1779",
        "SHA-3#A1779",
        "AES#A1779",
        "RSA#A1779",
        "AES#A1778",
        "KAS-SSC#A2634",
        "AES#A2634",
        "HMAC#A1779",
        "Triple-DES#A2634",
        "AES#A2635",
        "KDA#A1779",
        "ECDSA#A1779",
        "SHS#A2634",
        "SHS#A1779",
        "KAS-SSC#A1779",
        "PBKDF#A1779",
        "ECDSA#A2634",
        "Triple-DES#A1779",
        "CVL#A1779",
        "HMAC#A2634",
        "KTS#A2635",
        "KTS#A2634"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 11
          },
          "ECDH": {
            "ECDH": 13,
            "ECDHE": 2
          },
          "ECDSA": {
            "ECDSA": 32
          }
        },
        "FF": {
          "DH": {
            "DH": 1,
            "DHE": 1,
            "Diffie-Hellman": 4
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 23
        },
        "CTR": {
          "CTR": 7
        },
        "ECB": {
          "ECB": 10
        },
        "GCM": {
          "GCM": 42
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "SSH": {
          "SSH": 3
        },
        "TLS": {
          "TLS": {
            "TLS": 62,
            "TLS 1.0": 4,
            "TLS 1.1": 3,
            "TLS 1.2": 22,
            "TLS 1.3": 18
          }
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 2
        },
        "MAC": {
          "MAC": 35
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-224": 20,
          "P-256": 32,
          "P-384": 22,
          "P-512": 3,
          "P-521": 8,
          "curve P-224": 2,
          "curve P-256": 4
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 7
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES (128": 1,
          "AES-128": 1,
          "AES-256": 2,
          "Certificate RSA": 1,
          "HMAC-SHA-1": 12,
          "HMAC-SHA1": 2,
          "PKCS #1": 11,
          "PKCS#1": 11,
          "RSA PKCS #1": 2,
          "SHA-1": 3,
          "SHA-3": 1,
          "SHA1": 6,
          "SHA2": 2,
          "SHA2- 224": 3,
          "SHA2- 256": 4,
          "SHA2- 384": 1,
          "SHA2- 512": 7,
          "SHA2-224": 10,
          "SHA2-256": 34,
          "SHA2-384": 23,
          "SHA2-512": 37,
          "SHA3": 2,
          "SHA3- 256": 1,
          "SHA3- 512": 1,
          "SHA3-224": 1,
          "SHA3-256": 1,
          "SHA3-384": 3,
          "SHA3-512": 1,
          "\u2013 PKCS #1": 1,
          "\u2013 PKCS#1": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 2
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 16
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 3,
            "SHA1": 6
          },
          "SHA2": {
            "SHA2": 2
          },
          "SHA3": {
            "SHA-3": 1,
            "SHA3": 2,
            "SHA3-224": 1,
            "SHA3-256": 1,
            "SHA3-384": 3,
            "SHA3-512": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 52
        },
        "RNG": {
          "RNG": 5
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 26,
          "FIPS 180-4": 1,
          "FIPS 186-4": 16,
          "FIPS 197": 6,
          "FIPS 198-1": 3,
          "FIPS 202": 3
        },
        "PKCS": {
          "PKCS #1": 7,
          "PKCS#1": 6
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 5288": 1,
          "RFC 5639": 1,
          "RFC 7516": 1,
          "RFC 8446": 1,
          "RFC5246": 2,
          "RFC5288": 3,
          "RFC5639": 1,
          "RFC7516": 2,
          "RFC8446": 4
        },
        "X509": {
          "X.509": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 105,
            "AES-": 1,
            "AES-128": 1,
            "AES-256": 2
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 1,
            "TDES": 1,
            "Triple-DES": 26
          },
          "DES": {
            "DES": 6
          }
        },
        "constructions": {
          "MAC": {
            "CBC-MAC": 4,
            "CMAC": 1,
            "HMAC": 55
          }
        },
        "djb": {
          "Poly": {
            "Poly1305": 1
          }
        },
        "miscellaneous": {
          "ARIA": {
            "ARIA": 2
          },
          "SEED": {
            "SEED": 2
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SSC": 2
        }
      },
      "tls_cipher_suite": {
        "TLS": {
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 1,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA": 1,
          "TLS_RSA_WITH_AES_128_CBC_SHA256": 1,
          "TLS_RSA_WITH_AES_256_CBC_SHA": 1
        }
      },
      "vendor": {
        "Thales": {
          "Thales": 264
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Costa Graham",
      "/CreationDate": "D:20221121142454-05\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word 2016",
      "/ModDate": "D:20221121142454-05\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word 2016",
      "pdf_file_size_bytes": 2424662,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.thalesdocs.com/ctp/cm/2.4/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14715",
          "https://supportportal.thalesgroup.com/csm",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34388",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34400",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15112\u0026displayMode=CollapsedAlgorithm",
          "https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Validation/Validation-List/AES#5652",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34387",
          "https://52.86.120.81/",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35246\u0026displayMode=CollapsedAlgorithm",
          "https://supportportal.thalesgroup.com/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 84
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "5e0535221a7a68284ae2152aec82ce9a80d71ca8fa03515ffce342c1907de4a4",
    "policy_txt_hash": "d88cd6fb46eda6a80f3a1c53acf10387416ee9a50cc97c8e4cd35ecaea01bc2c"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section 10 of the Security Policy. When operated in FIPS mode. No assurance of the minimum strength of generated keys.",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2023_010223_0657_signed.pdf",
    "date_sunset": "2026-09-21",
    "description": "The module provides secure key generation and protection for symmetric keys and asymmetric key pairs along with support for a broad range of other cryptographic services. Access to services offered by Thales CipherTrust Manager Core Security Module is exclusively through a number of Application Programming Interfaces (API) offered by the Thales CipherTrust Manager Core Security Module. These API can be accessed by other applications running internal to the physical boundary of the module or, in some instances, can be accessed by remote client over dedicated TLS tunnels.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical Security: N/A",
      "Design Assurance: Level 3",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Thales CipherTrust Manager Core Security Module",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": "1.0.3",
    "tested_conf": [
      "Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 with PAA",
      "Ubuntu 18.04 on VMware ESXi 6.5 running on a HPE P11782-001 platform with Intel Xeon Gold 6252 without PAA",
      "Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 with PAA",
      "Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K470) platform with Intel Xeon E3 1275 v6 without PAA",
      "Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 with PAA",
      "Ubuntu 18.04 running on a AIC Antlia BMB-UPS0000B (K570) platform with Intel Xeon E3 1275 v6 without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-01-27",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Thales",
    "vendor_url": null
  }
}