Transcription
FireEye NX Series: NX1500V, NX2500V,NX2550V, NX4500V, NX6500VFireEye, Inc.FIPS 140-2 Non-Proprietary Security PolicyDocument Version: 1.0Prepared By:Acumen Security2400 Research Blvd, Suite 395Rockville, MD 20850www.acumensecurity.net
FIPS 140-2 Security Policyv1.0Table of Contents1.2.Introduction . 41.1Purpose. 41.2Document Organization . 41.3Notices . 4FireEye NX1500V, NX2500V, NX2550V, NX4500V, NX6500V . 52.1Cryptographic Module Specification . 62.1.1Cryptographic Boundary . 62.2Cryptographic Module Ports and Interfaces . 72.3Roles, Services, and Authentication . 82.3.1Authorized Roles . 82.3.2Authentication Mechanisms . 82.3.3Services . 102.4Physical Security . 162.5Operational Environment . 172.6Cryptographic Key Management . 182.7Cryptographic Algorithm . 212.7.1FIPS-approved Algorithms . 212.7.2Non-Approved Algorithms Allowed for Use With FIPS-approved services . 242.7.2 Non-Approved Algorithms Disallowed for Use With FIPS-approved services . 252.8Electromagnetic Interference / Electromagnetic Compatibility (EMI/EMC) . 262.9Self-Tests . 272.9.1Power-On Self-Tests . 272.9.2Conditional Self-Tests . 272.9.3Self-Tests Error Handling . 272.103.2Mitigation of Other Attacks . 28Secure Operation . 293.1Modes of Operation . 293.2Installation . 293.3Initialization . 29
FIPS 140-2 Security Policyv1.03.3.1Default Authentication. 293.3.2Enable compliance configuration options . 293.3.3Enable FIPS 140-2 compliance. 293.4Management . 303.4.1SSH Usage . 303.4.1.1Symmetric Encryption Algorithms: . 303.4.1.2KEX Algorithms: . 303.4.1.3Message Authentication Code (MAC) Algorithms: . 303.4.2TLS Usage . 303.4.3SNMP Usage . 313.5Secure Delivery . 313.6Switching Modes of operation . 323.7Additional Information . 32Appendix A: Acronyms . 333
FIPS 140-2 Security Policyv1.01. IntroductionThis is a non-proprietary FIPS 140-2 Security Policy for the FireEye NX Series virtual appliances:NX1500V, NX2500V, NX2550V, NX4500V, NX6500V. Below are the details of the productvalidated:Software Version #: 9.0.3FIPS 140-2 Security Level: 11.1PurposeThis document was prepared as Federal Information Processing Standard (FIPS) 140-2validation evidence. The document describes how the FireEye NX Series virtual appliances:NX1500V, NX2500V, NX2550V, NX4500V and NX6500V meets the security requirements of FIPS140-2. It also provides instructions to individuals and organizations on how to deploy theproduct in a secure FIPS-approved mode of operation. Target audience of this document isanyone who wishes to use or integrate this product into a solution that is meant to comply withFIPS 140-2 requirements.1.2Document OrganizationThe Security Policy document is one document in a FIPS 140-2 Submission Package. In additionto this document, the Submission Package contains: Vendor Evidence documentFinite State MachineOther supporting documentation as additional referencesThis Security Policy and the other validation submission documentation were produced byAcumen Security, LLC. under contract to FireEye, Inc. With the exception of this NonProprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to FireEye, Inc.and is releasable only under appropriate non-disclosure agreements.1.3NoticesThis document may be freely reproduced and distributed in its entirety without modification.4
FIPS 140-2 Security Policyv1.02. FireEye NX1500V, NX2500V, NX2550V, NX4500V, NX6500VThe FireEye NX Series: NX1500V, NX2500V, NX2550V, NX4500V, NX6500V (the module) is amulti-chip standalone module validated at FIPS 140-2 Security Level 1. Specifically, the modulemeets the following security levels for individual sections in the FIPS 140-2 standard:Table 1 - Security Level for Each FIPS 140-2 Section#12345678910115Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementEMI/EMCSelf-TestsDesign AssurancesMitigation Of Other AttacksSecurity Level1131N/A11111N/A
FIPS 140-2 Security Policy2.1v1.0Cryptographic Module SpecificationThe FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits,droppers (binaries), and multi-protocol callbacks to help organizations scale their advancedthreat defenses across a range of deployments, from the multi-gigabit headquarters down toremote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS)technology further optimizes spend, substantially reduces false positives, and enablescompliance while driving security across known and unknown threats.2.1.1 Cryptographic BoundaryThe logical cryptographic boundary of the module consists of the FireEye VA-NXS Series VirtualAppliances (NX 1500V, NX 2500V, NX 2550V, NX 4500V, NX 6500V) running 9.0.3 version.The figure below shows the logical block diagram (red-dotted line) of the module executing inmemory and its interactions with the hypervisor through the module’s defined logicalcryptographic boundary. FEYE 9.0 in the figure below is the operating system for the modulewhich runs on the hypervisor. The module interacts directly with the hypervisor, which runsdirectly on the host system.Cryptographic ProviderNX SoftwareOperating System(FEYE 9.0)HypervisorHost HardwareFigure 1: Logical Cryptographic BoundaryThe module consists of binary packaged into an executable that can be run in a virtualenvironment. The module is classified as a multi-chip standalone cryptographic module. Thephysical cryptographic boundary is defined as the hard enclosure of the host system on which itruns, and no components are excluded from the requirements of FIPS PUB 140-2.6
FIPS 140-2 Security Policy2.2v1.0Cryptographic Module Ports and InterfacesThe module provides a number of physical and logical interfaces to the device, and the physicalinterfaces are mapped to four FIPS 140-2 defined logical interfaces: data input, data output,control input, and status output. The logical interfaces and their mapping are described in thefollowing table:Table 2 - Module Interface MappingFIPS InterfaceData InputLogical Port/Interface Virtual Ethernet Ports, Virtual USB Ports, Virtual Serial PortsData Output Virtual Ethernet Ports, Virtual USB Ports, Virtual Serial PortsControl Input Virtual Ethernet Ports, Virtual USB Ports, Virtual Serial PortsStatus Output Virtual Ethernet Ports, Virtual USB Ports, Virtual Serial PortsPowerNA7Host Platform Physical Interface Host System Ethernet (10/100/1000)Ports Host System USB Ports Host System Serial Ports Host System Ethernet (10/100/1000)Ports Host System USB Ports Host System Serial Ports Host System Ethernet (10/100/1000)Ports Host System USB Ports Host System Serial Ports Host System Ethernet (10/100/1000)Ports Host System USB Ports Host System Serial PortsPower Plug
FIPS 140-2 Security Policy2.3v1.0Roles, Services, and AuthenticationThe following sections provide details about roles supported by the module, how these rolesare authenticated and the services the roles are authorized to access.2.3.1 Authorized RolesThe module supports several different roles, including multiple Cryptographic Officer roles anda User role. The module does not support a maintenance role and/or bypass capability.Configuration of the module can occur over several interfaces and at different levels dependingupon the role assigned to the user. There are multiple types of Cryptographic Officers that mayconfigure the module, as follows: Admin: The system administrator is a “super user” who has all capabilities. The primaryfunction of this role is to configure the system.Monitor: The system monitor has read-only access to some things the admin role canchange or configure.Operator: The system operator has a subset of the capabilities associated with theadmin role. Its primary function is configuring and monitoring the system.Analyst: The system analyst focuses on data plane analysis and possesses severalcapabilities, including setting up alerts and reports.Auditor: The system auditor reviews audit logs and performs forensic analysis to tracehow events occurred.SNMP: The SNMP role provides system monitoring through SNMPv3.WSAPI: The WSAPI role supports system administration via a TLS authenticatedinterface.The Users of the module are the remote IT devices and remote management clients accessingthe module via cryptographic protocols. These protocols include, SSH, TLS, and SNMPv3.Unauthenticated users are only able to power cycle the module.2.3.2 Authentication MechanismsThe module supports identity-based authentication. Module operators must authenticate tothe module before being allowed access to services, which require the assumption of anauthorized role. The module employs the authentication methods described in the table belowto authenticate Crypto-Officers and Users.Table 3 - Authentication Mechanism DetailsRoleAdminMonitor8Type Of AuthenticationPassword/UsernameAuthentication StrengthAll passwords must be between 8 and 32characters. The passwords can consist ofalphanumeric values, {a-z, A-Z, 0-9, and specialcharacters}, the characters can thus be chosen
FIPS 140-2 Security PolicyRoleOperatorAnalystAuditorSNMPType Of AuthenticationWSAPIUser9Password/Username orAsymmetric Authenticationv1.0Authentication Strengthfrom the 94 human readable ASCII characters onan American QWERTY computer keyboard. Thus,the probability of a successful random attempt is1/94 8 , which is less than 1 in 1,000,000. In theworst-case scenario, if (8) integers are used for aneight-digit password, the probability of randomlyguessing the correct sequence is one (1) in100,000,000 (this calculation is based on theassumption that the typical standard AmericanQWERTY computer keyboard has 10 Integer digits.The calculation should be 10 8 100,000,000).Therefore, the associated probability of asuccessful random attempt is approximately 1 in100,000,000, which again is less than 1 in1,000,000 required by FIPS 140-2.The module enforces a timed access mechanism asfollows: For the first five failed attempts (assuming0 time to process), no timed access is enforced.Upon the sixth attempt, the module enforces a 15second delay. For the seventh and eight attemptsagain, no timed access is enforced. Thereafter thiscycle repeats, i.e., every third failed attempt, themodule enforces a 15-second delay. This wouldallow the attacker to perform roughly 15 attemptsper minute. The probability of a success withmultiple consecutive attempts in a one-minuteperiod is 15/(94 8) (or 15/(10 8) in the worstcase), which is less than 1/1,000,000.All passwords must be between 8 and 32characters. The passwords can consist ofalphanumeric values, {a-z, A-Z, 0-9, and specialcharacters}, the characters can thus be chosenfrom the 94 human readable ASCII characters onan American QWERTY computer keyboard. Thus,the probability of a successful random attempt is1/94 8 , which is less than 1 in 1,000,000. In theworst-case scenario, if (8) integers are used for aneight-digit password, the probability of randomlyguessing the correct sequence is one (1) in100,000,000 (this calculation is based on theassumption that the typical standard American
FIPS 140-2 Security PolicyRoleType Of Authenticationv1.0Authentication StrengthQWERTY computer keyboard has 10 Integer digits.The calculation should be 10 8 100,000,000).Therefore, the associated probability of asuccessful random attempt is approximately 1 in100,000,000, which again is less than 1 in1,000,000 required by FIPS 140-2.The module enforces a timed access mechanism asfollows: For the first five failed attempts (assuming0 time to process), no timed access is enforced.Upon the sixth attempt, the module enforces a 15second delay. For the seventh and eight attemptsagain, no timed access is enforced. Thereafter thiscycle repeats, i.e., every third failed attempt, themodule enforces a 15-second delay. This wouldallow the attacker to perform roughly 15 attemptsper minute. The probability of a success withmultiple consecutive attempts in a one-minuteperiod is 15/(94 8) (or 15/(10 8) in the worstcase), which is less than 1/1,000,000.When using RSA based authentication, RSA keypair has modulus size of 2048 bit, thus providing112 bits of strength. Therefore, an attacker wouldhave a 1 in 2 112 chance of randomly obtainingthe key, which is much stronger than the one in amillion chance, required by FIPS 140-2.For RSA-based authentication, to exceed a 1 in100,000 probability of a successful random keyguess in one minute, an attacker would have to becapable of approximately 5.19x10 28 attempts perminute. In the worst-case scenario, an operatorcan make 60 failed attempts per minute.2.3.3 ServicesThe services that require operators to assume an authorized role (Crypto-Officer or User) arelisted in the table below. Please note that the keys and Critical Security Parameters (CSPs) listedbelow use the following indicators to show the type of access required: R (Read): The CSP is read10
FIPS 140-2 Security Policy v1.0W (Write): The CSP is established, generated, modified, or zeroizedZ (Zeroize): The CSP is zeroizedTable 4 - ServicesServiceSSH to externalIT deviceDescriptionSecure SSHconnection betweena CM and otherFireEye appliancesusing SSH.RoleUserAdministrative Secure remoteaccess over SSH command lineapplianceadministration overan SSH tunnel.COAdministrativeaccess overwebGUICO11Secure remote GUIapplianceadministration over aTLS tunnel. Key/CSP and Type of AccessDRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)SSH Private Key (R/W/Z)SSH Public Key (R/W/Z)SSH Session Key (R/W/Z)SSH Integrity Key (R/W/Z)Admin Password (R/W/Z)Monitor Password (R/W/Z)Operator Password (R/W/Z)Analyst Password (R/W/Z)Auditor Password (R/W/Z)DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)SSH Private Key (R/W/Z)SSH Public Key (R/W/Z)SSH Session Key (R/W/Z)SSH Integrity Key (R/W/Z)Admin Password (R/W/Z)Monitor Password (R/W/Z)Operator Password (R/W/Z)Analyst Password (R/W/Z)Auditor Password (R/W/Z)DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)
FIPS 140-2 Security ss overWSAPISecure remoteapplianceadministration over aTLS tunnel.COAdministrativeaccess overserial consoleand VGADirectly connectedcommand lineapplianceadministration.COSNMPv3Secure remoteSNMPv3-basedsystem monitoring.TLS-basedconnection used toupload data to theFireEye cloud.CODTI connection12User Key/CSP and Type of AccessDiffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)TLS Private Key (R/W/Z)TLS Public Key (R/W/Z)TLS Pre-Master Secret (R/W/Z)TLS Master Secret (R/W/Z)TLS Session Encryption Key (R/W/Z)TLS Session Integrity Key (R/W/Z)WSAPI Password (R/W/Z)DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)TLS Private Key (R/W/Z)TLS Public Key (R/W/Z)TLS Pre-Master Secret (R/W/Z)TLS Master Secret (R/W/Z)TLS Session Encryption Key (R/W/Z)TLS Session Integrity Key (R/W/Z)Admin Password (R/W/Z)Monitor Password (R/W/Z)Operator Password (R/W/Z)Analyst Password (R/W/Z)Auditor Password (R/W/Z)SNMP Session Key (R/W/Z)SNMPv3 password (R/W/Z) DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)TLS Private Key (R/W/Z)TLS Public Key (R/W/Z)TLS Pre-Master Secret (R/W/Z)
FIPS 140-2 Security PolicyServiceDescriptionv1.0RoleLDAP over TLSSecure remoteauthentication viaTLS protected LDAPUserSAML over TLS(Web GUI)Secure remoteauthentication to theWeb GUI via TLSprotected SAMLUser13 Key/CSP and Type of AccessTLS Master Secret (R/W/Z)TLS Session Encryption Key (R/W/Z)TLS Session Integrity Key (R/W/Z)Admin Password (R/W/Z)Monitor Password (R/W/Z)Operator Password (R/W/Z)Analyst Password (R/W/Z)Auditor Password (R/W/Z)DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)TLS Private Key (R/W/Z)TLS Public Key (R/W/Z)TLS Pre-Master Secret (R/W/Z)TLS Master Secret (R/W/Z)TLS Session Encryption Key (R/W/Z)TLS Session Integrity Key (R/W/Z)Admin Password (R/W/Z)Monitor Password (R/W/Z)Operator Password (R/W/Z)Analyst Password (R/W/Z)Auditor Password (R/W/Z)DRBG entropy input (W/R)DRBG Seed (W/R)DRBG V (R/W/Z)DRBG Key (R/W/Z)Diffie-Hellman Shared Secret (R/W/Z)Diffie Hellman private key (R/W/Z)Diffie Hellman public key (R/W/Z)TLS Private Key (R/W/Z)TLS Public Key (R/W/Z)TLS Pre-Master Secret (R/W/Z)TLS Master Secret (R/W/Z)TLS Session Encryption Key (R/W/Z)TLS Session Integrity Key (R/W/Z)
FIPS 140-2 Security Policyv1.0ServiceSecure logtransferDescriptionTLS-basedconnection with aremote audit server.RoleUserTLS to externalIT deviceSecure connectionbetween a CM andother FireEyeappliances using TLS.UserShow StatusView the operationalstatus of the modulePerform the FIPS 140start-up tests ondemandReboot of appliance.COKey/CSP and Type of Access DRBG entropy input (W/R) DRBG Seed (W/R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman Shared Secret (R/W/Z) Diffie Hellman private key (R/W/Z) Diffie Hellman public key (R/W/Z) TLS Private Key (R/W/Z) TLS Public Key (R/W/Z) TLS Pre-Master Secret (R/W/Z) TLS Master Secret (R/W/Z) TLS Session Encryption Key (R/W/Z) TLS Session Integrity Key (R/W/Z) DRBG entropy input (W/R) DRBG Seed (W/R) DRBG V (R/W/Z) DRBG Key (R/W/Z) Diffie-Hellman Shared Secret (R/W/Z) Diffie Hellman private key (R/W/Z) Diffie Hellman public key (R/W/Z) TLS Private Key (R/W/Z) TLS Public Key (R/W/Z) TLS Pre-Master Secret (R/W/Z) TLS Master Secret (R/W/Z) TLS Session Encryption Key (R/W/Z)N/ACON/AUnauth Perform SelfTestsCycle Power14DRBG entropy input (Z)DRBG Seed (Z)DRBG V (Z)DRBG Key (Z)Diffie-Hellman Shared Secret (Z)Diffie Hellman private key (Z)Diffie Hellman public key (Z)SSH Session Key (Z)SSH Integrity Key (Z)SNMPv3 session key (Z)
FIPS 140-2 Security PolicyServiceZeroization tionPerform zeroizationof all persistent CSPswithin the moduleR – Read, W – Write, Z – Zeroize15v1.0RoleCO Key/CSP and Type of AccessTLS Pre-Master Secret (Z)TLS Master Secret (Z)TLS Session Encryption Key (Z)TLS Session Integrity Key (Z)Admin Password (Z)Monitor Password (Z)Operator Password (Z)Analyst Password (Z)Auditor Password (Z)WSAPI Password (Z)SSH Private Key (Z)SSH Public Key (Z)SNMPv3 password (Z)TLS Private Key (Z)TLS Public Key (Z)
FIPS 140-2 Security Policy2.4Physical SecurityThe module is comprised of software only and thus does not claim any physical security.16v1.0
FIPS 140-2 Security Policy2.5v1.0Operational EnvironmentThe module is installed using a common base image distributed in a compatible hypervisorformat (i.e ova, ovm, qcow2). The software image that is used to deploy the VME is commonacross all models. The tested configuration include.Table 5 – Operating EnvironmentOperating EnvironmentVMware ESXiVersion6.7HardwareDellPowerEdgeR630 withIntel Xeon E5The tested operating environments isolate virtual systems into separate isolated processspaces. Each process space is logically separated from all other processes by the operatingenvironments software and hardware. The module functions entirely within the process spaceof the isolated system as managed by the single operational environment. This implicitly meetsthe FIPS 140-2 requirement that only one entity at a time can use the cryptographic module.17
2.6Cryptographic Key ManagementThe following table identifies each of the CSPs associated with the module. For each CSP, the following information is provided, The name of the CSP/Key The type of CSP and associated length A description of the CSP/Key Storage of the CSP/Key The zeroization for the CSP/KeyTable 6 - Details of Cryptographic Keys and CSPsKey/CSPDRBG entropyinputDRBG SeedDRBG VTypeCTR 256-bit,HMACSHA-512CTR 256-bit, HMACSHA-512CTR 256-bit, HMACSHA-512CTR 256-bit, HMACSHA-512DH 2048 – 4096 bitsDescriptionThis is the entropy for SP 800-90 RNG.StorageZeroizationDRAMDevice power cycle.Seed material used to seed or reseed the DRBG.DRAMDevice power cycle.DRAMDevice power cycle.DRAMDevice power cycle.DRAMDevice power cycle.DRAMDevice power cycle.Diffie Hellmanprivate keyDH (DSA) 2048 –4096 bitsInternal V value used as part of SP800-90 CTR DRBG, HMAC DRBG.Internal Key value used as part of SP800-90 CTR DRBG, HMAC DRBG.The shared exponent used in Diffie-Hellman (DH)exchange. Created per the Diffie-Hellmanprotocol.The private exponent used in Diffie-Hellman (DH)exchange.Diffie Hellmanpublic keyEC Diffie-HellmanShared SecretEC Diffie Hellmanprivate keyDH 2048 – 4096 bitsThe p used in Diffie-Hellman (DH) exchange.DRAMDevice power cycle.ECDH P-256, P-384,P-521ECDH P-256, P-384,P-521The shared secret used in the EC Diffie-Hellman(ECDH) exchange.The private key used in EC Diffie-Hellman (DH)exchange.DRAMDevice power cycle.DRAMDevice power cycle.DRBG KeyDiffie-HellmanShared Secret
FIPS 140-2 Security PolicyKey/CSPEC Diffie Hellmanpublic keySSH Private KeySSH Public KeySSH Session KeySSH Integrity KeySNMPv3 passwordSNMPv3 sessionkeyTLS Private KeyTLS Public KeyTLS Pre-MasterSecret19TypeECDH P-256, P-384,P-521RSA (Private Key)2048 – 3072 bitsRSA (Public Key)2048 – 3072 bitsAES 128, 256 bitsDescriptionThe public key used in EC Diffie-Hellman (DH)exchange.The SSH private key for the module used forsession authentication.The SSH public key for the module used for sessionauthentication.The SSH session key. This key is created throughSSH key establishment.HMAC-SHA1, HMAC- The SSH data integrity key. This key is createdSHA-256through SSH key establishment.HMAC-512Shared Secret, atThis secret is used to derive HMAC-SHA1 key forleast eightSNMPv3 Authentication.charactersAES 128 bitsSNMP symmetric encryption key used toencrypt/decrypt SNMP traffic.RSA (Private Key)This private key is used for TLS session2048 – 3072 bitsauthentication.ECDSA (Private Key)P-256 P-384 P-521RSA (Public Key)This public key is used for TLS session2048 – 3072 bitsauthentication.ECDSA (Public Key)P-256 P-384 P-521Shared Secret, 384Shared Secret created using asymmetricbitscryptography from which the TLS Master Secretcan be derived.v1.0StorageZeroizationDRAMDevice power cycle.NVRAMDRAMOverwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.Device power cycle.DRAMDevice power cycle.NVRAMOverwritten w/ “00”prior to replacement.DRAMDevice power cycle.NVRAMOverwritten w/ “00”prior to replacement.NVRAMOverwritten w/ “00”prior to replacement.DRAMDevice power cycle.NVRAM
FIPS 140-2 Security PolicyKey/CSPTLS Master SecretTypeShared Secret, 384bitsTLS SessionEncryption KeyTriple-DES 192-bitsTLS SessionIntegrity KeyDescriptionShared Secret created using the TLS Pre-MasterSecret from which new TLS session keys can becreated.Key used to encrypt/decrypt TLS session data.StorageZeroizationDRAMDevice power cycle.DRAMDevice power cycle.HMAC-SHA-1 used for TLS data integrityprotection.DRAMDevice power cycle.Authentication password for the Admin user role.NVRAMAuthentication password for the Monitor userrole.Authentication password for the Operator userrole.Authentication password for the Analyst user role.NVRAMAuthentication password for the Audit user role.NVRAMAuthentication password for the WSAPI user role.NVRAMOverwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.Overwritten w/ “00”prior to replacement.AES 128, 256 bitsHMAC-SHA1HMAC-SHA256HMAC-SHA384Admin PasswordShared Secret, 8 charactersMonitor Password Shared Secret, 8 charactersOperator Password Shared Secret, 8 charactersAnalyst PasswordShared Secret, 8 charactersAuditor PasswordShared Secret, 8 charactersWSAPI PasswordShared Secret, 8 characters20v1.0NVRAMNVRAM
2.7Cryptographic Algorithm2.7.1 FIPS-approved AlgorithmsThe following table identifies the FIPS-approved algorithms included in the module for use inthe FIPS mode of operation.Table 7 – FIPS-approved 9 TECB(KO 1 e/d), TCBC(KO 1 e/d)UsageUsed for encryptionof TLS sessions.KTS 112-bits (paired with HMAC Cert. #C1749)Per SP800-67 rev2, the user is responsible forensuring the module’s limit to 2 20 encryptionswith the same Triple-DES key while being used inthe TLS protocolTCFB1(KO 1 e/d); TCFB8 (KO 1 e/d); TCFB64(KO 1e/d); TOFB(KO 1 e/d)AESC1749 ECB (e/d 128, 256); CBC (e/d 128, 256); OFB (e/d128); CTR (ext only; 128, 256 )GCM2 (KS: AES 128( e/d ) Tag Length(s): 128 120112 104 96 64 32 ) (KS: AES 256( e/d ) TagLength(s): 128 120 112 104 96 64 32 )IV Generated: ( Internal (using Section 8.2.1 ) ); PT Lengths Tested: ( 0 , 1024 ) ; AAD Lengthstested: ( 1024 ); 96BitIV Supported GMAC SupportedImplementedwithin the modulehowever neverused by any serviceUsed for encryptionof SSH, SNMP, andTLS sessions. Usedin support of FIPSapproved DRBG.1The operator shall ensure that the number of 64-bit blocks encrypted by the same key does not exceed2 20 with a single Triple-DES key when Triple-DES is the encryption algorithm for TLS.2The module’s AES-GCM implementation conforms to IG A.5 scenario #1 following RFC 5288 for TLS andRFC 5647 for SSH. Per RFC 5246, if the module is the party that encounters this condition it will trigger ahandshake to establish a new encryption key. Per RFC 5647 the module ensures that if the invocationcounter reaches its maximum value 2 64 – 1, the next AES GCM encryp
2400 Research Blvd, Suite 395 Rockville, MD 20850 www.acumensecurity.net FireEye NX Series: NX1500V, NX2500V, . This is a non-proprietary FIPS 140-2 Security Policy for the FireEye NX Series virtual appliances: NX1500V, NX2500V, NX2550V, NX4500V, NX6500V. Below are the details of the product validated:
