FortiOS 5.4 FIPS Level 1 Security Policy

2y ago
22 Views
2 Downloads
391.40 KB
28 Pages
Last View : 1m ago
Last Download : 1m ago
Upload by : Gia Hauser
Transcription

FIPS 140-2 Non-Proprietary Security PolicyFortiOS 5.4FortiOS 5.4 FIPS 140-2 Security PolicyDocument Version:2.9Publication Date:May 7, 2018Description:Documents FIPS 140-2 Level 1 Security Policy issues, compliancy and requirements for FIPScompliant operation.Firmware Version:FortiOS 5.4, b9791, 170802

FORTINET DOCUMENT LIBRARYhttp://docs.fortinet.comFORTINET VIDEO GUIDEhttp://video.fortinet.comFORTINET BLOGhttps://blog.fortinet.comCUSTOMER SERVICE & RTIGATE COOKBOOKhttp://cookbook.fortinet.comFORTINET TRAINING SERVICEShttp://www.fortinet.com/trainingFORTIGUARD ticast.fortinet.comEND USER LICENSE fFORTINET PRIVACY privacy.htmlFEEDBACKEmail: techdocs@fortinet.comMonday, May 07, 2018FortiOS 5.4 FIPS 140-2 Non-Proprietary Security Policy01-544-418199-20170425This document may be freely reproduced and distributed whole and intact when including the copyright notice found on thelast page of this document.

TABLE OF CONTENTSOverviewReferencesIntroductionSecurity Level SummaryModule DescriptionsModule InterfacesWeb-Based ManagerCommand Line InterfaceRoles, Services and AuthenticationRolesFIPS Approved ServicesNon-FIPS Approved ServicesAuthenticationOperational EnvironmentCryptographic Key ManagementRandom Number GenerationEntropyKey ZeroizationAlgorithmsCryptographic Keys and Critical Security ParametersAlternating Bypass FeatureKey ArchivingMitigation of Other AttacksFIPS 140-2 Compliant OperationEnabling FIPS-CC modeSelf-TestsStartup and Initialization Self-testsConditional Self-testsCritical Function Self-testsError 2626262727

OverviewThis document is a FIPS 140-2 Security Policy for the Fortinet FortiOS 5.4 firmware, which runs on the FortiGatefamily of security appliances. This policy describes how the FortiOS 5.4 fimrware (hereafter referred to as the‘module’) meets the FIPS 140-2 security requirements and how to operate the module in a FIPS compliantmanner. This policy was created as part of the FIPS 140-2 Level 1 validation of the module.The Federal Information Processing Standards Publication 140-2 - Security Requirements for CryptographicModules (FIPS 140-2) details the United States Federal Government requirements for cryptographic modules.Detailed information about the FIPS 140-2 standard and validation program is available on the NIST (NationalInstitute of Standards and Technology) website at ferencesThis policy deals specifically with operation and implementation of the modules in the technical terms of the FIPS140-2 standard and the associated validation program. Other Fortinet product manuals, guides and technicalnotes can be found at the Fortinet technical documentation website at http://docs.fortinet.com.Additional information on the entire Fortinet product line can be obtained from the following sources:llll4Find general product information in the product section of the Fortinet corporate website athttps://www.fortinet.com/products.Find on-line product support for registered products in the technical support section of the Fortinet corporatewebsite at https://www.fortinet.com/support.Find contact information for technical or sales related questions in the contacts section of the Fortinet corporatewebsite at https://www.fortinet.com/contact.Find security information and bulletins in the FortiGuard Center of the Fortinet corporate website athttps://www.fortiguard.com.FIPS 140-2 Security PolicyFortinet, Inc.

IntroductionThe FortiGate product family spans the full range of network environments, from SOHO to service provider,offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the mostdamaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriateWeb content and more in real time — without degrading network performance. In addition to providingapplication level firewall protection, FortiGate appliances deliver a full range of network-level services — VPN,intrusion prevention, web filtering, antivirus, antispam and traffic shaping — in dedicated, easily managedplatforms.All FortiGate appliances employ Fortinet’s unique FortiASIC content processing chip and the powerful, secure,FortiOS firmware achieve breakthrough price/performance. The unique, ASIC-based architecture analyzescontent and behavior in real time, enabling key applications to be deployed right at the network edge where theyare most effective at protecting enterprise networks. They can be easily configured to provide antivirus protection,antispam protection and content filtering in conjunction with existing firewall, VPN, and related devices, or ascomplete network protection systems. The modules support High Availability (HA) in both Active-Active (AA) andActive-Passive (AP) configurations.FortiGate appliances support the IPsec industry standard for VPN, allowing VPNs to be configured between aFortiGate appliance and any client or gateway/firewall that supports IPsec VPN. FortiGate appliances alsoprovide SSL VPN services using TLS 1.2.FIPS 140-2 Security PolicyFortinet, Inc.5

Security Level SummaryThe module meets the overall requirements for a FIPS 140-2 Level 1 validation.Table 1: Summary of FIPS security requirements and compliance levels6Security RequirementCompliance LevelCryptographic Module Specification1Cryptographic Module Ports and Interfaces3Roles, Services and Authentication3Finite State Model1Physical Security1Operational EnvironmentN/ACryptographic Key Management1EMI/EMC1Self-Tests1Design Assurance3Mitigation of Other Attacks1FIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsThe module is a firmware operating system that runs exclusively on Fortinet’s FortiGate product family. FortiGateunits are PC-based, purpose built appliances.The FortiGate appliances are multiple chip, standalone cryptographic modules consisting of production gradecomponents contained in a physically protected enclosure.Figure 1 - FortiOS physical cryptographic boundaryThe Boot Device in the diagram above can refer to a separate, internal component or a partition on the MassStorage device. All references herein of ‘boot device’ shall refer to the configuration specific to the FortiGateappliance.FIPS 140-2 Security PolicyFortinet, Inc.7

Module DescriptionsFigure 2 - FortiOS logical cryptographic boundaryFor the purposes of FIPS 140-2 conformance testing, the module was tested on a FortiGate-300D appliance andused a Fortinet entropy token (FTR-ENT-1) as the entropy source.The validated firmware version is FortiOS 5.4, b9791, 170802. Any firmware version that is not shown on themodule certificate is out of scope of this validation and requires a separate FIPS 140-2 validation.The module can also be executed on any of the following FortiGate/FortiWiFi appliances and remain vendoraffirmed FIPS-compliant. As per IG G.5, the recompilation per appliance does not require any source codemodifications.Table 2: Vendor affirmed FIPS-compliant IPS 140-2 Security PolicyFortinet, Inc.

Module ate-200DFortiGate-5001DFortiGate-200ENote that no claim can be made as to the correct operation of the module or the security strengths of thegenerated keys when ported to an operational environment which is not listed on the validation certificate.FIPS 140-2 Security PolicyFortinet, Inc.9

Module InterfacesModule DescriptionsModule InterfacesThe module’s logical interfaces and physical ports are described in the table below.Table 3: FortiOS logical interfaces and physical portsFIPS 140 InterfaceLogical InterfacePhysical InterfaceData InputAPI input parametersNetwork interface, USB interface (Entropy Token)Data OutputAPI output parametersNetwork InterfaceControl InputAPI function callsNetwork Interface, serial interface, USB interface(USB token)Status OutputAPI return valuesNetwork interface, serial interfacePower InputN/AThe power supply is the power interfaceWeb-Based ManagerThe FortiGate web-based manager provides GUI based access to the modules and is the primary tool forconfiguring the modules. The manager requires a web browser on the management computer and an Ethernetconnection between the FortiGate unit and the management computer.A web-browser that supports Transport Layer Security (TLS) 1.2 is required for remote access to the web-basedmanager when the module is operating in FIPS-CC mode. HTTP access to the web-based manager is notallowed in FIPS mode and is disabled.10FIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsCommand Line InterfaceFigure 3 - The FortiGate web-based managerCommand Line InterfaceThe FortiGate Command Line Interface (CLI) is a full-featured, text based management tool for the module. TheCLI provides access to all of the possible services and configuration options in the module. The CLI uses aconsole connection or a network (Ethernet) connection between the FortiGate unit and the managementcomputer. The console connection is a direct serial connection. Terminal emulation software is required on themanagement computer using either method. For network access, a Telnet or SSH client that supports the SSHv2.0 protocol is required (SSH v1.0 is not supported in FIPS mode). Telnet access to the CLI is not allowed inFIPS mode and is disabled.Roles, Services and AuthenticationRolesWhen configured in FIPS mode, the module provides the following roles:lCrypto OfficerlNetwork UserFIPS 140-2 Security PolicyFortinet, Inc.11

Roles, Services and AuthenticationModule DescriptionsThe Crypto Officer role is initially assigned to the default ‘admin’ operator account. The Crypto Officer role hasread-write access to all of the module’s administrative services. The initial Crypto Officer can create additionaloperator accounts. These additional accounts are assigned the Crypto Officer role and can be assigned a rangeof read/write or read only access permissions including the ability to create operator accounts.The modules also provide a Network User role for end-users (Users). Network Users can make use of theencrypt/decrypt services, but cannot access the modules for administrative purposes.The module does not provide a Maintenance role.FIPS Approved ServicesThe following tables detail the types of FIPS approved services available to each role in each mode ofoperation, the types of access for each role and the Keys or CSPs they affect.The access types are abbreviated as follows:Read AccessRWrite AccessWExecute AccessETable 4: Services available to Crypto Officers12ServiceAccessKey/CSPconnect to module locally using theconsole portWEN/Aconnect to module remotely using TLS*WEDiffie-Hellman Key, EC Diffie HellmanKey, HTTPS/TLS Server/Host Key,HTTPS/TLS Session Authentication Key,and HTTPS/TLS Session Encryption Key,DRBG v and key values, DRBG Output,DRBG Seed, NDRNG Output Stringconnect to module remotely using SSH*WEDiffie-Hellman Key, SSH Server/Host Key,SSH Session Authentication Key, SSHSession Encryption Key, DRBG v and keyvalues, DRBG Output, DRBG Seed,NDRNG Output Stringauthenticate to moduleWECrypto Officer Passwordshow system statusN/AN/AFIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsRoles, Services and AuthenticationServiceAccessKey/CSPshow FIPS-CC mode enabled/disabled(console/CLI only)N/AN/Aenable FIPS-CC mode of operation(console only)WEConfiguration Integrity Keykey zeroizationWAll Keysexecute factory reset (disable FIPS-CCmode, console/CLI only)WAll keys stored in Flash RAMEConfiguration Integrity Key, FirmwareIntegrity Keyexecute FIPS-CC on-demand self-tests(console only)add/delete crypto officers and networkusersWECrypto Officer Password, Network UserPasswordset/reset crypto officers and networkuser passwordsWEbackup/restore configuration fileRWEConfiguration Encryption Key,Configuration Backup Keyread/set/delete/modify moduleconfiguration*N/AN/Aexecute firmware updateWEFirmware Update Keyread log dataN/AN/Adelete log data (console/CLI only)N/AN/Aexecute system diagnostics(console/CLI only)N/AN/Aenable/disable alternating bypass modeN/AN/AWIPsec: IPsec Manual Authentication Key,IPsec Manual Encryption Key, IKE PreShared Key, IKE RSA Key, IKE ECDSAKey, Diffie-Hellman Key, EC DiffieHellman Keyread/set/delete/modify IPsec/SSL VPNconfiguration*Crypto Officer Password, Network UserPasswordSSL: HTTPS/TLS Server/Host Key,HTTPS/TLS Session Authentication Key,HTTPS/TLS Session Encryption KeyFIPS 140-2 Security PolicyFortinet, Inc.13

Roles, Services and AuthenticationModule DescriptionsServiceAccessKey/CSPread/set/modify HA configurationWEHA Password, HA Encryption KeyTable 5: Services available to Network Users in FIPS-CC modeService/CSPAccessKey/CSPconnect to module remotely using TLS*WEDiffie-Hellman Key, EC Diffie-HellmanKey, HTTPS/TLS Server/Host Key,HTTPS/TLS Session Authentication Key,HTTPS/TLS Session Encryption Key,DRBG v and key values, DRBG Output,DRBG Seed, NDRNG Output Stringauthenticate to moduleWENetwork User PasswordIPsec VPN controlled by firewallpolicies*EDiffie-Hellman Key, EC Diffie-HellmanKey, all IKE and IPsec Key, DRBG v andkey values, DRBG Output, DRBG Seed,NDRNG Output StringSSL VPN controlled by firewall policies*ENetwork User Password, Diffie-HellmanKey, EC Diffie-Hellman Key, HTTPS/TLSServer/Host Key, HTTPS/TLS SessionAuthentication Key, HTTPS/TLS SessionEncryption Key, DRBG v and key values,DRBG Output, DRBG Seed, NDRNGOutput StringNon-FIPS Approved ServicesThe module also provides the following non-FIPS approved services:lConfiguration backups using password protectionlL2TP and PPTP VPNlServices marked with an asterisk (*) in Tables 4 and 5 are considered non-approved when using the followingalgorithms:lNon-compliant-strength Diffie-HellmanlNon-compliant-strength RSA key wrappingThe above services shall not be used in the FIPS approved mode of operation.AuthenticationThe module implements identity based authentication. Operators must authenticate with a user-id and passwordcombination to access the modules remotely or locally via the console. Remote operator authentication is done14FIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsOperational Environmentover HTTPS (TLS) or SSH. The password entry feedback mechanism does not provide information that could beused to guess or determine the authentication data.By default, Network User access to the modules is based on firewall policy and authentication by IP address orfully qualified domain names. Network Users can optionally be forced to authenticate to the modules using ausername/password combination to enable use of the IPsec VPN encrypt/decrypt or bypass services. For NetworkUsers invoking the SSL-VPN encrypt/decrypt services, the modules support authentication with a userid/password combination. Network User authentication is done over HTTPS and does not allow access to themodules for administrative purposes.The minimum password length is 8 characters when in FIPS-CC mode (maximum password length is 32characters) chosen from the set of ninety four (94) characters. New passwords are required to include 1uppercase character, 1 lowercase character, 1 numeric character, and 1 special character. The odds of guessinga password are 1 in {(10)*(26 2)*(32)*(94 4)} which is significantly lower than one in a million.Note that operator authentication over HTTPS/SSH and Network User authentication over HTTPS are subject toa limit of 3 failed authentication attempts in 1 minute; thus, the maximum number of attempts in one minute is 3.Therefore the probability of a success with multiple consecutive attempts in a one-minute period is 3 in {(10)*(26 2)*(32)*(94 4)} which is less than 1/100,000. Operator authentication using the console is not subject to afailed authentication limit, but the number of authentication attempts per minute is limited by the bandwidthavailable over the serial connection which is a maximum of 115,200 bps which is 6,912,000 bits per minute. An 8byte password would have 64 bits, so there would be no more than 108,000 passwords attempts per minute.Therefore the probability of success would be 1/({(10)*(26 2)*(32)*(94 4)} /108,000) which is less than 1/100,000.For Network Users invoking the IPsec VPN encrypt/decrypt services, the module acts on behalf of the NetworkUser and negotiates a VPN connection with a remote module. The strength of authentication for IPsec services isbased on the authentication method defined in the specific firewall policy: IPsec manual authentication key, IKEpre-shared key, IKE RSA key (RSA certificate) or IKE ECDSA key (ECDSA certificate). The odds of guessing theauthentication key for each IPsec method is:l1 in 16 40 for the IPsec Manual Authentication key (based on a 40 digit, hexadecimal key)l1 in 94 8 for the IKE Pre-shared Key (based on an 8 character, ASCII printable key)l1 in 2 112 for the IKE RSA Key (based on a 2048bit RSA key size)l1 in 2 128 for the IKE ECDSA Key (based on a P-256 curve ECDSA key size)Therefore the minimum odds of guessing the authentication key for IPSec is 1 in 94 8, based on the IKE Preshared key.Operational EnvironmentThe module constitutes the entire firmware operating system for a FortiGate unit and can only be installed andrun on a FortiGate unit. The module provides a proprietary and non-modifiable operating system and does notprovide a programming environment.For the purposes of FIPS 140-2 conformance testing, the module was tested on a FortiGate-300D unit.FIPS 140-2 Security PolicyFortinet, Inc.15

Cryptographic Key ManagementModule DescriptionsCryptographic Key ManagementRandom Number GenerationThe modules use a firmware based, deterministic random bit generator (DRBG) that conforms to NIST SpecialPublication 800-90A.EntropyThe module uses a Fortinet entropy token (part number FTR-ENT-1 or part number FTR-ENT-2) to seed theDRBG during the modules’ boot process and to periodically reseed the DRBG. The entropy token is not includedin the boundary of the module and therefore no assurance can be made for the correct operation of the entropytoken nor is there a guarantee of stated entropy.Entropy StrengthThe entropy loaded into the approved AES-256 bit DRBG is 256 bits. The entropy source is over-seeded and thenan HMAC-SHA-256 post-conditioning component is applied.Reseed PeriodThe RBG is seeded from the entropy token during the boot process and then reseeded periodically. The defaultreseed period is once every 24 hours (1440 minutes) and is configurable (1 to 1440 minutes). The entropy tokenmust be installed to complete the boot process and to reseed the DRBG.Key ZeroizationThe zeroization process must be performed under the direct control of the operator. The operator must bepresent to observe that the zeroization method has completed successfully.All keys and CSPs are zeroized by erasing the module’s boot device and then power cycling the FortiGate unit. Toerase the boot device, execute the following command from the CLI:execute erase-disk boot device The boot device ID may vary depending on the FortiGate module. Executing the following command will output alist of the available internal disks:execute erase-disk ?AlgorithmsTable 6: FIPS approved algorithms16AlgorithmNIST Cert NumberCTR DRBG (NIST SP 800-90A) with AES 256-bits1543FIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsCryptographic Key ManagementAlgorithmNIST Cert NumberAES in CBC mode (128-, 256-bits)4602, 4628AES in GCM mode (128-, 256-bits)4602, 4628SHA-13777, 3792SHA-2563777, 3792SHA-3843777, 3792SHA-5123777, 3792HMAC SHA-13050, 3063HMAC SHA-2563050, 3063HMAC SHA-3843050, 3063HMAC SHA-5123050, 3063RSA PKCS1Key Pair Generation: 2048 and 3072-bit2526llSignature Generation: 2048 and 3072-bitlSignature Verification: 1024, 2048 and 3072-bitlFor legacy use, the module supports 1024-bit RSA keys and SHA-1 forsignature verificationECDSAKey Pair Generation: curves P-256, P-384 and P-521l1137lSignature Generation: curves P-256, P-384 and P-5211137lSignature Verification: curves P-256, P-384 and P-5211129, 1137CVL (SSH) AES 128-bit, AES 256-bit CBC (using SHA1)1287CVL (TLS 1.1 and 1.2)1287CVL (IKE v1 and v2)1272CVL (ECDSA SigGen Component: Curves P-256, P-384 and P-521)1288, 1329CKG (NIST SP 800-133)Vendor AffirmedKTS (AES Cert. #4628 and HMAC Cert. #3063; key establishment methodology provides 128 or 256 bits ofencryption strength).FIPS 140-2 Security PolicyFortinet, Inc.17

Cryptographic Key ManagementModule DescriptionsIn accordance with FIPS 140-2 IG D.12, the cryptographic module performs Cryptographic Key Generation (CKG)as per SP800-133 (vendor affirmed). The resulting generated symmetric key and the seed used in the asymmetrickey generation are the unmodified output from SP800-90A DRBG.There are algorithms, modes, and keys that have been CAVs tested but are not available when the module isconfigured for FIPS compliant operation. Only the algorithms, modes/methods, and key lengths/curves/modulishown in this table are supported by the module in the FIPS validated configuration.Table 7: FIPS allowed algorithmsAlgorithmRSA (CVL Certs. #1272 and #1287, key wrapping; key establishment methodology provides 112 or 128 bitsof encryption strength)Diffie-Hellman (CVL Certs. #1272 and #1287, key agreement; key establishment methodology providesbetween 112 and 201 bits of encryption strength)EC Diffie-Hellman (CVL Certs. #1272 and #1287, key agreement; key establishment methodology providesbetween 128 and 256 bits of encryption strength)NDRNG (Entropy Token)MD5 (used in the TLS protocol only)Table 8: Non-FIPS approved algorithmsAlgorithmRSA is non-compliant when keys less than 2048 bits are used, since such keys do not provide the minimumrequired 112 bits of encryption strengthDiffie-Hellman is non-compliant when keys less than 2048 bits are used, since such keys do not provide theminimum required 112 bits of encryption strengthNote that the IKE, SSH and TLS protocols, other than the KDF, have not been tested by the CMVP or CAVP asper FIPS 140-2 Implementation Guidance D.11.The module is compliant to IG A.5: GCM is used in the context of TLS and IKEv2/IPSec.For TLS, The GCM implementation meets Option 1 of IG A.5: it is used in a manner compliant with SP 800-52and in accordance with RFC 5246 for TLS key establishment. The AES GCM IV generation is in compliance withRFC 5288 and shall only be used for the TLS protocol version 1.2 to be compliant with FIPS140-2 IG A.5, Option1 (“TLS protocol IV generation”); thus, the module is compliant with [SP800-52]. During operational testing, themodule was tested against an independent version of TLS and found to behave correctly.For IPsec/IKEv2, the GCM implementation meets Option 1 of IG A.5: it is used in a manner compliant with RFCs4106 and 7296. During operational testing, the module was tested against an independent version of IPsec withIKEv2 and found to behave correctly.In case the module’s power is lost and then restored, the key used for the AES GCM encryption or decryptionshall be re-distributed.18FIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsCryptographic Key ManagementCryptographic Keys and Critical Security ParametersThe following table lists all of the cryptographic keys and critical security parameters used by the modules. Thefollowing definitions apply to the table. Note that "Automatic" generation is defined as Electronic Entry/ElectronicDistribution as per IG 7.7.Table 9: Cryptographic Keys and Critical Security Parameters used in FIPS-CC modeKey or CSPGenerationStorageUsageZeroizationNDRNG outputstringAutomaticBoot devicePlain-textInput string for theentropy pool (5120-bits)By erasing the Bootdevice and powercycling the moduleDRBG seedAutomaticBoot devicePlain-text256-bit seed used by theDRBG (output fromNDRNG)By erasing the Bootdevice and powercycling the moduleDRBG outputAutomaticBoot devicePlain-textRandom numbers usedin cryptographicalgorithms (256-bits)By erasing the Bootdevice and powercycling the moduleDRBG v and keyvaluesAutomaticBoot devicePlain-textInternal state values forthe DRBGBy erasing the Bootdevice and powercycling the moduleIPsec ManualAuthenticationKeyManualBoot deviceAES encryptedUsed as IPsec SessionAuthentication KeyBy erasing the Bootdevice and powercycling the moduleIPsec ManualEncryption KeyAutomaticSDRAMPlain-textUsed as IPsec SessionEncryption Key usingAES (128-, 256-bit)By erasing the Bootdevice and powercycling the moduleIPsec sec peer-to-peerauthentication usingHMAC SHA-1 or HMACSHA-256By erasing the Bootdevice and powercycling the moduleIPsec SessionEncryption KeyAutomaticSDRAMPlain-textVPN trafficencryption/decryptionusing AES (128-,256-bit)By erasing the Bootdevice and powercycling the moduleIKE SKEYSEEDAutomaticSDRAMPlain-textUsed to generate IKEprotocol keysBy erasing the Bootdevice and powercycling the moduleIKE Pre-SharedKeyManualBoot deviceAES encryptedUsed to generate IKEprotocol keysBy erasing the Bootdevice and powercycling the moduleFIPS 140-2 Security PolicyFortinet, Inc.19

Cryptographic Key Management20Module DescriptionsKey or CSPGenerationStorageUsageZeroizationIKE AuthenticationKeyAutomaticSDRAMPlain-textIKE peer-to-peerauthentication usingHMAC SHA-1 , -256, 384 or -512By erasing the bootdevice and powercycling the moduleIKE KeyGeneration KeyAutomaticSDRAMPlain-textIPsec SA keyingmaterialBy erasing the bootdevice and powercycling the moduleIKE SessionEncryption KeyAutomaticSDRAMPlain-textEncryption of IKE peerto-peer key negotiationusing or AES (128-, 256bit)By erasing the bootdevice and powercycling the moduleIKE RSA KeyManualBoot devicePlain-textUsed to generate IKEprotocol keys (2048- and3072-bit signatures)By erasing the bootdevice and powercycling the moduleIKE ECDSA KeyManualBoot devicePlain-textUsed to generate IKEprotocol keys(signatures using P-256,-384 and -521 curves)By erasing the bootdevice and powercycling the y agreement and keyestablishment (20488192 bits)By erasing the bootdevice and powercycling the moduleEC Diffie-HellmanKeysAutomaticSDRAMPlain-textKey agreement and keyestablishment (key pairson the curvessecp256r1, secp384r1and secp521r1)By erasing the bootdevice and powercycling the moduleFirmware UpdateKeyPreconfiguredBoot devicePlain-textVerification of firmwareintegrity when updatingto new firmwareversions using RSApublic key (firmwareload test, 2048-bitsignature)By erasing the bootdevice and powercycling the moduleFirmware IntegrityKeyPreconfiguredBoot devicePlain-textVerification of firmwareintegrity in the firmwareintegrity test using RSApublic key (firmwareintegrity test, 2048-bitsignature)By erasing the bootdevice and powercycling the moduleFIPS 140-2 Security PolicyFortinet, Inc.

Module DescriptionsCryptographic Key ManagementKey or r/Host KeyPreconfiguredBoot devicePlain-textRSA private key used inthe HTTPS/TLSprotocols (keyestablishment, 2048- or3072-bit)By erasing the bootdevice and powercycling the RAMPlain-textHMAC SHA-1, -256 or 384 key used forHTTPS/TLS sessionauthenticationBy erasing the bootdevice and powercycling the moduleHTTPS/TLSSessionEncryption KeyAutomaticSDRAMPlain-textAES (128-, 256-bit) keyused for HTTPS/TLSsession encryptionBy erasing the bootdevice and powercycling the moduleSSH Server/HostKeyPreconfiguredBoot devicePlain-textRSA private key used inthe SSH protocol (keyestablishment, 2048- or3072-bit)By erasing the bootdevice and powercycling the moduleSSH AC SHA-1 or HMACSHA-256 key used forSSH sessionauthenticationBy erasing the bootdevice and powercycling the moduleSSH SessionEncryption KeyAutomaticSDRAMPlain-textAES (128-, 256-bit) keyused for SSH sessionencryptionBy erasing the bootdevice and powercycling the moduleCrypto OfficerPasswordManualBoot deviceSHA-1 hashUsed to authenticateoperator access to themoduleBy erasing the bootdevice and powercycling the moduleConfigurationIntegrity KeyPreconfiguredBoot devicePlain-textHMAC SHA-256 hashused for configurationintegrity testBy erasing the bootdevice and powercycling the moduleConfigurationEncryption KeyPreconfiguredBoot devicePlain-textAES 256-bit key used toencrypt CSPs on theBoot device and in thebackup configuration file(except for crypto officerpasswords in the backupconfiguration file)By erasing the bootdevice and powercycling the moduleConfigurationBackup KeyPreconfiguredBoot devicePlain-textHMAC SHA-256 keyused to hash cryptoofficer passwords in thebackup configuration fileBy erasing the bootdevice and powercycling the unitFIPS 140-2 Security PolicyFortinet, Inc.21

Cryptographic Key Managem

FortiGate-100D FortiGate-3700D/DX FortiGate-100E/EF FortiGate-3810D FortiGate-101E FortiGate-3815D FortiGate-140D FortiGate-3950D . Manual Bootdevice AESencrypted UsedtogenerateIKE protocolkeys ByerasingtheBoot deviceandpower cyclingthemodule

Related Documents:

FortiOS 5.2 FIPS 140-2 Security Policy 01-525-296259-20151016 2 Overview This document is a FIPS 140-2 Security Policy for Fortinet Incorporated’s FortiOS 5.2 firmware, which runs on the FortiGate family of security appliances. This policy describes how the FortiOS 5.2 firmware (hereafter referred to as the ‘module’) meets the FIPS 140-2

INTERNAL SEGMENTATION FIREWALL Security Without Compromise. Fortinet Founded Began Global Sales FortiManager FortiOS 3.0 FortiWiFi FortiOS 4.0 FortiAP FortiOS 5.0 & SoC2 1st 40GbE Port Security Appliance FortiASIC NP6 FortiSandbox FortiGate & FortiOS 1.0 1st FortiASIC Content Processor Named WW UTM Leader FG-5000

FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by

Wireless Access Points with FIPS 140-2 Level 2 validation from Aruba Networks. This security policy describes how the AP meets the security requirements of FIPS 140-2 Level 2, and how to place and maintain the AP in a secure FIPS 140-2 mode. This policy was prepared as part of the FIPS 140-2 Level 2 validation of the product.

This Security Policy describes how the Dual Interface Security Controller SLE78 and Java Card Platform binary code meets the security requirements of FIPS 140-2 and CM’s operation in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 3 FIPS 140-2 validation of the module. FIPS 140-2

An “OpenSSL FIPS Object Module” (a.k.a. “FIPS module”) had been previously created. The FIPS module is a specially devised software component that was designed for compatibility with OpenSSL and created so that users can use a version of OpenSSL as a FIPS 140-validated cryptographic module. The FIPS module is about one-sixth the

918 - OpenSSL FIPS Object Module v1.1.2 - 02/29/2008 140-2 L1 1051 - OpenSSL FIPS Object Module v 1.2 - 11/17/2008 140-2 L1 1111 - OpenSSL FIPS Runtime Module v 1.2 - 4/03/2009 140-2 L1 Note: Windows FIPS algorithms used in this product may have only been tested when the FIPS mode bit was set. While the

3 Release Notes for Cisco VPN Client, Release 5.0.07.0291-FIPS Limitations of the FIPS Release † Cisco VPN 3000 Series Concentrator, Version 3.0 or later. † Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1). † Cisco IOS Routers, Version 12.2(8)T or later. Limitations of the FIPS Release This FIPS relea