Transcription
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionFIPS 140-2 Non-Proprietary Security PolicyAerospike Enterprise Database Federal EditionSoftware Version 2.2Document Version 1.0May 4, 2022Prepared For:Prepared By:Aerospike, Inc.2525 E Charleston Road, Suite 201Mountain View, CA 94043aerospike.comSafeLogic Inc.530 Lytton Ave, Suite 200Palo Alto, CA 94301www.safelogic.comDocument Version 1.0 Aerospike, Inc.Page 1 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionOverviewThis document provides a non-proprietary FIPS 140-2 Security Policy for the Aerospike EnterpriseDatabase Federal Edition.Document Version 1.0 Aerospike, Inc.Page 2 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionTable of Contents1Introduction . 51.1About FIPS 140 .51.2About this Document.51.3External Resources .51.4Notices.51.5Acronyms .62Aerospike Enterprise Database Federal Edition . 72.1Cryptographic Module Specification .72.1.1 Validation Level Detail .72.1.2 Modes of Operation.72.1.3 Approved Cryptographic Algorithms .82.1.4 Non-Approved but Allowed Cryptographic Algorithms .102.1.5 Non-Approved Algorithms .102.2Module Interfaces .122.3Roles, Services, and Authentication .132.3.1 Operator Services and Descriptions.132.3.2 Operator Authentication .142.4Physical Security .142.5Operational Environment .142.6Cryptographic Key Management .152.6.1 Random Number Generation .182.6.2 Key/Critical Security Parameter (CSP) Authorized Access and Use by Role and Service/Function .182.6.3 Key/CSP Storage.192.6.4 Key/CSP Zeroization .192.7Self-Tests .192.7.1 Power-On Self-Tests.202.7.2 Conditional Self-Tests .212.7.3 Cryptographic Function .212.8Mitigation of Other Attacks .213Guidance and Secure Operation . 223.1Crypto Officer Guidance .223.1.1 Software Installation .223.1.2 Additional Rules of Operation .223.2User Guidance .223.2.1 General Guidance .22Document Version 1.0 Aerospike, Inc.Page 3 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionList of TablesTable 1 – Acronyms and Terms.6Table 2 – Validation Level by FIPS 140-2 Section.7Table 3 – FIPS-Approved Algorithm Certificates .9Table 4 – Logical Interface / Physical Interface Mapping .13Table 5 – Module Services, Roles, and Descriptions.14Table 6 – Module Keys/CSPs .18Table 7 – Power-On Self-Tests .20Table 8 – Conditional Self-Tests.21List of FiguresFigure 1 – Module Boundary and Interfaces Diagram .12Document Version 1.0 Aerospike, Inc.Page 4 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition1 Introduction1.1 About FIPS 140Federal Information Processing Standards Publication 140-2 — Security Requirements for CryptographicModules specifies requirements for cryptographic modules to be deployed in a Sensitive butUnclassified environment. The National Institute of Standards and Technology (NIST) and CanadianCentre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) run the FIPS 140program. The NVLAP accredits independent testing labs to perform FIPS 140 testing; the CMVP validatesmodules meeting FIPS 140 validation. Validated is the term given to a module that is documented andtested against the FIPS 140 criteria.More information is available on the CMVP website at -validation-program.1.2 About this DocumentThis non-proprietary Cryptographic Module Security Policy for the Aerospike Enterprise DatabaseFederal Edition from Aerospike, Inc. (“Aerospike”) provides an overview of the product and a high-leveldescription of how it meets the security requirements of FIPS 140-2. This document contains details onthe module’s cryptographic keys and critical security parameters. This Security Policy concludes withinstructions and guidance on running the module in a FIPS 140-2 mode of operation.The Aerospike Enterprise Database Federal Edition may also be referred to as the “module” in thisdocument.1.3 External ResourcesThe Aerospike website (aerospike.com) contains information on Aerospike services and products. TheCryptographic Module Validation Program website contains links to the FIPS 140-2 certificate Aerospikecontact information.1.4 NoticesThis document may be freely reproduced and distributed in its entirety without modification.Document Version 1.0 Aerospike, Inc.Page 5 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition1.5 AcronymsThe following table defines acronyms found in this SRNGRSASHASSLTriple-DESTLSUSBTermAdvanced Encryption StandardAmerican National Standards InstituteApplication Programming InterfaceCryptographic Module Validation ProgramCrypto OfficerCanadian Centre for Cyber SecurityCritical Security ParameterData Encryption StandardDiffie-HellmanDeterministic Random Bit GeneratorDigital Signature AlgorithmElliptic CurveElectromagnetic CompatibilityElectromagnetic InterferenceFederal Communications CommissionFederal Information Processing StandardGeneral Purpose ComputerGraphical User Interface(Keyed-) Hash Message Authentication CodeKnown Answer TestMessage Authentication CodeMessage DigestNational Institute of Standards and TechnologyOperating SystemPublic-Key Cryptography StandardsPseudo Random Number GeneratorProbabilistic Signature SchemeRandom Number GeneratorRivest, Shamir, and AdlemanSecure Hash AlgorithmSecure Sockets LayerTriple Data Encryption AlgorithmTransport Layer SecurityUniversal Serial BusTable 1 – Acronyms and TermsDocument Version 1.0 Aerospike, Inc.Page 6 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition2 Aerospike Enterprise Database Federal Edition2.1 Cryptographic Module SpecificationAerospike Enterprise Database Federal Edition offloads functions for secure key management, dataintegrity, data at rest encryption, and secure communications to a trusted implementation. This moduleis incorporated into the Aerospike Database servers and the client libraries that enable applications toaccess the database.The module's logical cryptographic boundary is the shared library files and their integrity check HMACfiles. The module is a multi-chip standalone embodiment installed on a General Purpose Device.All operations of the module occur via calls from host applications and their respective internaldaemons/processes. As such there are no untrusted services calling the services of the module.2.1.1 Validation Level DetailThe following table lists the module’s level of validation for each area in FIPS 140-2:FIPS 140-2 Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementElectromagnetic Interference / Electromagnetic CompatibilitySelf-TestsDesign AssuranceMitigation of Other AttacksValidation Level1111N/A11111N/ATable 2 – Validation Level by FIPS 140-2 Section2.1.2Modes of OperationThe module supports two modes of operation: Approved and non-Approved. The module will bein the FIPS-approved mode when all power-up self-tests have completed successfully, and onlyApproved algorithms are invoked. See Approved Cryptographic Algorithms section below for a list of thesupported Approved algorithms and Non-Approved but Allowed Cryptographic Algorithms for allowedalgorithms. The non-Approved mode is entered when a non-Approved algorithm is invoked. See NonApproved Algorithms for a list of non-Approved algorithms.Document Version 1.0 Aerospike, Inc.Page 7 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition2.1.3 Approved Cryptographic AlgorithmsThe module’s cryptographic algorithm implementations have received the following certificate numbersfrom the Cryptographic Algorithm Validation Program:AlgorithmAESECB ( e/d; 128 , 192 , 256 )CBC ( e/d; 128 , 192 , 256 )CFB1 ( e/d; 128 , 192 , 256 )CFB8 ( e/d; 128 , 192 , 256 )CFB128 ( e/d; 128 , 192 , 256 )OFB ( e/d; 128 , 192 , 256 )CTR ( ext only; 128 , 192 , 256 )CAVP Certificate4750CCM (KS: 128 , 192 , 256 )CMAC (Generation/Verification ) (KS: 128, 192, 256 )GCM (KS: AES 128( e/d ), AES 192( e/d ), AES 256( e/d ) )HMAC-SHA-1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA512DSAFIPS 186-4PQG Gen: 2048 & 3072 (using SHA-2)PQG Ver: 1024, 2048 & 3072 (using SHA-1 and SHA-2)Key Pair: 2048-bit & 3072-bitSig Gen: 2048-bit & 3072-bit (using SHA-2)Sig Ver: 1024-bit, 2048-bit & 3072-bit (using SHA-1 & SHA-2)ECDSAFIPS 186-4Key Pair Generation: Curves (P-224, P-256, P-384, P-521, K-233, K-283, K-409,K-571, B-233, B-283, B-409 & B-571)PKV: Curves All P, K & BSig Gen: (P-224, P-256, P-384, P-521, K-233, K-283, K-409, K-571, B-233, B-283,B-409 & B-571) (SHA-2)Sig Ver: Curves (P-192, P-224, P-256, P-384, P-521, K-163, K-233, K-283, K-409,K-571, B-163, B-233, B-283, B-409 & B-571) (using SHA-1 and SHA-2)Document Version 1.0 Aerospike, Inc.316412731185Page 8 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionAlgorithmRSA (X9.31, PKCS #1.5, PSS)FIPS 186-2ANSIX9.31Sig Gen: 4096 bit (using SHA-2)Sig Ver: 1024-bit, 1536-bit, 2048-bit, 3072-bit & 4096-bit (any SHA size)CAVP Certificate2594PKCS1 V1 5Sig Gen: 4096-bit (using SHA-2)Sig Ver: 1024-bit, 1536-bit, 2048-bit, 3072-bit & 4096-bit (any SHA size)PSSSig Gen: 4096-bit (using SHA-2)Sig Ver: 1024-bit, 1536-bit, 2048-bit, 3072-bit & 4096-bit (any SHA size)FIPS 186-4ANSIX9.31Sig Gen: 2048-bit & 3072-bit (using SHA-2)Sig Ver: 1024-bit, 2048-bit, & 3072-bit (any SHA size)PKCS1 V1 5Sig Gen: 2048-bit & 3072-bit (using SHA-2)Sig Ver: 1024-bit, 2048-bit, & 3072-bit (any SHA size)PSSSig Gen: 2048-bit & 3072-bit (using SHA-2)Sig Ver: 1024-bit, 2048-bit, & 3072-bit (any SHA size)SHA-1, SHA-224, SHA-256, SHA-384, SHA-512Triple-DESTECB( KO 1 e/d, KO 2 d only )TCBC( KO 1 e/d, KO 2 d only )TCFB1( KO 1 e/d, KO 2 d only )TCFB8( KO 1 e/d, KO 2 d only )TCFB64( KO 1 e/d, KO 2 d only )TOFB( KO 1 e/d, KO 2 d only )CMAC( KS: 3-Key; Generation/Verification; Block Size(s): Full / Partial )SP 800-90A DRBG (Hash DRBG, HMAC DRBG, CTR DRBG)CKG389325241631Vendor AffirmedTable 3 – FIPS-Approved Algorithm CertificatesDocument Version 1.0 Aerospike, Inc.Page 9 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition2.1.4 Non-Approved but Allowed Cryptographic AlgorithmsThe module does not support any non-FIPS 140-2 approved but allowed algorithms that may be used inthe FIPS Approved mode of operation.2.1.5 Non-Approved AlgorithmsThe module supports a non-approved mode of operation. The algorithms listed in this section are not tobe used by the operator in the FIPS Approved mode of operation.The following algorithms shall not be used: AES XTS ( (KS: XTS 128( (e/d) (f/p) ) KS: XTS 256( (e/d) (f/p) ).EC Diffie HellmanRSA (key wrapping; key establishment methodology provides up to 256 bits of encryptionstrength)The following algorithms are disallowed as of January 1, 2016 per the NIST SP 800-131A algorithmtransitions: Random Number Generator Based on ANSI X9.31 Appendix A.2.4Two-Key Triple DES EncryptionDual EC DRBGThe following algorithms are disallowed as of January 1, 2014 per the NIST SP 800-131A algorithmtransitions: FIPS 186-4 DSAPQG Gen 1024-bit (any SHA size), 2048-bit & 3072-bit using SHA-1Key Gen 1024-bit (any SHA size), 2048-bit & 3072-bit using SHA-1Sig Gen 1024-bit (any SHA size), 2048-bit & 3072-bit using SHA-1 FIPS 186-2 DSAPQG Gen 1024-bit (any SHA size)Key Gen 1024-bitSig Gen 1024-bit (any SHA size), 2048-bit & 3072-bit using SHA-1 FIPS 186-2 RSAANSIX9.31Key Gen 1024 & 1536ANSIX9.31Sig Gen 1024 & 1536 (any SHA size); 2048 & 3072 using SHA-1PKCSI V1 5Sig Gen 1024 & 1536 (any SHA size); 2048 & 3072 using SHA-1PSSSig Gen 1024 & 1536 (any SHA size); 2048 & 3072 using SHA-1Document Version 1.0 Aerospike, Inc.Page 10 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition FIPS 186-4 RSAANSIX9.31Sig Gen 1024 using SHA-1PKCSI V1 5Sig Gen 1024 using SHA-1PSSSig Gen 1024 using SHA-1 FIPS 186-2 ECDSAKey Pair Generation: CurvesSig Gen Curves All P, K & BP-192, K-163 & B-163 FIPS 186-4 ECDSAKey Pair Generation: CurvesP-192, K-163 & B-163Sig Gen Curves P-224, P-256, P-384, P-521, K-233, K-283, K-409, K-571,B-233, B-283, B-409 & B-571) (using SHA-1)P-192-, K-163 & B-163 (any SHA size) CVL (ECC CDH KAS)The following algorithms are disallowed as of September 1, 2020 per the FIPS 186-2 transitions: FIPS 186-2 RSA (X9.31, PKCS #1.5, PSS)o ANSIX9.31 Key Gen: 2048-bit, 3072-bit & 4096-bit Sig Gen: 2048-bit, 3072-bit (any SHA size) Sig Gen: 4096-bit using SHA-1oPKCS1 V1 5 Sig Gen: 2048-bit, 3072-bit (any SHA size) Sig Gen: 4096-bit using SHA-1oPSS Document Version 1.0Sig Gen: 2048-bit, 3072-bit (any SHA size)Sig Gen: 4096-bit using SHA-1 Aerospike, Inc.Page 11 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition2.2 Module InterfacesThe figure below shows the module’s physical and logical block diagram:Figure 1 – Module Boundary and Interfaces DiagramThe interfaces (ports) for the physical boundary include the computer keyboard port, mouse port,network port, USB ports, display and power plug. When operational, the module does not transmit anyinformation across these physical ports because it is a software cryptographic module. Therefore, themodule’s interfaces are purely logical and are provided through the Application Programming Interface(API) that a calling daemon can operate. The logical interfaces expose services that applications directlycall, and the API provides functions that may be called by a referencing application (see Section 2.3 –Roles, Services, and Authentication for the list of available functions). The module distinguishes betweenlogical interfaces by logically separating the information according to the defined API.The API provided by the module is mapped onto the FIPS 140-2 logical interfaces: data input, dataoutput, control input, and status output. Each of the FIPS 140-2 logical interfaces relates to the module’scallable interface, as follows:Document Version 1.0 Aerospike, Inc.Page 12 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionFIPS 140-2 InterfaceData InputData OutputControl InputStatus OutputPowerLogical InterfaceInput parameters of API functioncallsOutput parameters of API functioncallsAPI function callsFor FIPS mode, function callsreturning status information andreturn codes provided by APIfunction calls.NoneModule Physical InterfaceNetwork InterfaceNetwork InterfaceKeyboard Interface, MouseInterfaceDisplay ControllerPower SupplyTable 4 – Logical Interface / Physical Interface MappingAs shown in Figure 1 – Module Boundary and Interfaces Diagram and Table 5 – Module Services, Roles,and Descriptions, the output data path is provided by the data interfaces and is logically disconnectedfrom processes performing key generation or zeroization. No key information will be output through thedata output interface when the module zeroizes keys.2.3 Roles, Services, and AuthenticationThe module supports a Crypto Officer and a User role. The module does not support a Maintenancerole. The User and Crypto-Officer roles are implicitly assumed by the entity accessing servicesimplemented by the module.2.3.1 Operator Services and DescriptionsThe module supports services that are available to users in the various roles. All the services aredescribed in detail in the module’s user documentation. The following table shows the services availableto the various roles and the access to cryptographic keys and CSPs resulting from services:ServiceModule ption/decryptionDigital signaturegenerationDigital SignatureverificationSymmetric keygenerationUserAES Key, Triple-DES KeyUserRSA Private Key, DSA Private Key, ECDSAPrivate KeyRSA Public Key, DSA Public Key, ECDSAPublic KeyAES Key, Triple-DES KeyDocument Version 1.0UserUserCSP / Algorithm Aerospike, ad/write/executePage 13 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionServiceAsymmetric keygenerationKeyed Hash (HMAC)RolesUserCSP / AlgorithmDSA Private Key, ECDSA Private KeyUserMessage digest (SHS)UserRandom numbergenerationShow statusUserHMAC KeyHMAC SHA-1, HMAC SHA- 224, HMAC SHA256, HMAC SHA-384, HMAC SHA-512SHA-1, SHA-224, SHA-256, SHA-384, SHA512DRBG Internal State, DRBG EntropySelf serAll te/executeUser and ble 5 – Module Services, Roles, and DescriptionsThe operator is required to review the sections Approved Cryptographic Algorithms, Non-Approved butAllowed Cryptographic Algorithms, Non-Approved Cryptographic Algorithms, and Guidance and SecureOperation to ensure only approved algorithms are used.2.3.2 Operator AuthenticationAs required by FIPS 140-2, there are two roles (a Crypto Officer role and User role) in the module thatoperators may assume. As allowed by Level 1, the module does not support authentication to accessservices. As such, there are no applicable authentication policies. Access control policies are implicitlydefined by the services available to the roles as specified in Table 5 – Module Services, Roles, andDescriptions.2.4 Physical SecurityThis section of requirements does not apply to this module. The module is a software-only module anddoes not implement any physical security mechanisms.2.5 Operational EnvironmentThe module operates on a general purpose computer (GPC) running a general purpose operating system(GPOS). For FIPS purposes, the module is running on this operating system in single user mode and doesnot require any additional configuration to meet the FIPS requirements.The module was tested on the following platform:Document Version 1.0 Aerospike, Inc.Page 14 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition CentOS 7.3 running on a Dell Optiplex 755 with an Intel Celeron 430 processorFIPS 140-2 validation compliance is maintained for other compatible operating systems (in single usermode) where the module source code is unmodified, and the requirements outlined in NIST IG G.5 aremet. No claim can be made as to the correct operation of the module or the security strengths of thegenerated keys when ported to an operational environment which is not listed on the validationcertificate.The GPC(s) used during testing met Federal Communications Commission (FCC) FCC ElectromagneticInterference (EMI) and Electromagnetic Compatibility (EMC) requirements for business use as definedby 47 Code of Federal Regulations, Part15, Subpart B.2.6 Cryptographic Key ManagementThe table below provides a complete list of Critical Security Parameters and keys used within themodule:Keys and CSPsAES Key (128,192, 256 tMethodAPI callparameterOutputMethodNoneZeroizationpower cyclecleanse()AccessCO: RWDU: RWDEncrypt/DecryptoperationsUsed to generateand verify MACswith AES as partof the CMACalgorithm.Triple-DES Key(168 bits)RAMPlaintextAPI callparameterNonepower cyclecleanse()CO: RWDU: RWDUsed forEncrypt/Decryptoperations.Used forgenerating andverifying MACswith Triple- DESas part of theCMAC algorithm.Document Version 1.0 Aerospike, Inc.Page 15 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionKeys and CSPsRSA Public Key(1024, 1536,2048, 3072, 4096bits)RSApublic/privatekeys used to signand verify data.RSA Private Key(2048, 3072,4096 bits)RSApublic/privatekeys used to signand verify data.DSA Public Key(1024, 2048, and3072 bits)DSApublic/privatekeys used to signand verify data.DSA Private Key(2048, and 3072bits)DSApublic/privatekeys used to signand verify data.HMAC Key ( nputMethodAPI callparameterOutputMethodAPI callparameterZeroizationpower cyclecleanse()AccessCO: RWDU: RWDRAMPlaintextAPI callparameterAPI callparameterpower cyclecleanse()CO: RWDU: RWDRAMPlaintextAPI callparameterAPI callparameterpower cyclecleanse()CO: RWDU: RWDRAMPlaintextAPI callparameterAPI callparameterpower cyclecleanse()CO: RWDU: RWDRAMPlaintextAPI callparameterAPI callparameterpower cyclecleanse()CO: RWDU: RWDHMAC keys usedto generate andverify MACs ondata.Integrity KeyModuleBinaryPlaintextNoneNoneNoneCO: RWDU: RWDDocument Version 1.0 Aerospike, Inc.Page 16 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionKeys and CSPsECDSA PrivateKey (PKG: Curves(P-224, P-256, P384, P-521, K233, K-283, K409, K-571, B233, B-283, B409 & B-571)PKV: Curves AllP, K & B)ECDSApublic/privatekeys used to signand verify data.ECDSA Public Key(PKG: Curves (P224, P-256, P384, P-521, K233, K-283, K409, K-571, B233, B-283, B409 & B-571)PKV: Curves AllP, K & B)ECDSApublic/privatekeys used to signand verify data.DRBG Internalstate (V,C , InputMethodAPI callparameterOutputMethodAPI callparameterZeroizationpower cyclecleanse()AccessCO: RWDU: RWDRAMPlaintextAPI callparameterAPI callparameterpower cyclecleanse()CO: RWDU: RWDRAMPlaintextNoneNonepower cyclecleanse()CO: RWDU: RWDV and key areused as part ofHMAC and CTRDRBG process. Vand C are used aspart of HASHDRBG process.Document Version 1.0 Aerospike, Inc.Page 17 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal EditionKeys and CSPsDRBG putMethodAPI r cyclecleanse()CO: RWDEntropy inputstrings used aspart of the DRBGprocess.U: RWDR Read W Write D DeleteTable 6 – Module Keys/CSPsPlease note that keys can be generated by the module for the services that require those keys, but thekeys will always be input via an API call.The application that uses the module is responsible for appropriate destruction and zeroization of thekey material. The module provides functions for key allocation and destruction which overwrite thememory that is occupied by the key information with zeros before it is deallocated.2.6.1 Random Number GenerationThe module uses SP 800-90A DRBGs for creation of asymmetric and symmetric keys.The module accepts input from entropy sources external to the cryptographic boundary for use as seedmaterial for the module’s Approved DRBGs. The calling application of the module shall use entropysources that meet the security strength required for the random bit generation mechanism as shown inNIST Special Publication 800-90A Table 2 (Hash DRBG, HMAC DRBG) and Table 3 (CTR DRBG). At aminimum, the entropy source shall provide at least 128 bits of entropy to the DRBG.The module performs continual tests on the random numbers it uses to ensure that the seed inputs tothe Approved DRBGs do not have the same value. The module also performs continual tests on theoutput of the Approved DRBGs to ensure that consecutive random numbers do not repeat.In accordance with FIPS 140-2 IG D.12, the cryptographic module performs Cryptographic KeyGeneration (CKG) for asymmetric keys as per NIST SP 800-133rev2 (vendor affirmed). The resultingsymmetric key or asymmetric seed is an unmodified output from a DRBG.The AES GCM IV generation is in compliance with the RFC5288 and RFC5289 and shall only be used forthe TLS protocol version 1.2 to be compliant with [FIPS 140-2 IG] IG A.5, provision 1 (“TLS protocol IVgeneration”); thus, the module is compliant with [SP 800-52]. Refer to Section 3.2.1 for additional detail.2.6.2 Key/Critical Security Parameter (CSP) Authorized Access and Use by Role andService/FunctionAn authorized application as user (the User role) has access to all key data generated during theoperation of the module.Document Version 1.0 Aerospike, Inc.Page 18 of 23
FIPS 140-2 Non-Proprietary Security Policy: Aerospike Enterprise Database Federal Edition2.6.3 Key/CSP StoragePublic and private keys are provided to the module by the calling process and are destroyed whenreleased by the appropriate API function calls or during power cycle. The module does not performpersistent storage of keys.2.6.4 Key/CSP ZeroizationThe application is responsible for calling
The Aerospike Enterprise Database Federal Edition may also be referred to as the "module" in this document. 1.3 External Resources The Aerospike website (aerospike.com) contains information on Aerospike services and products. The Cryptographic Module Validation Program website contains links to the FIPS 140-2 certificate Aerospike
