All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cradlepoint Cryptographic Module

Certificate#4770StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorEricsson Enterprise Wireless Solutions, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 4 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date8/19/2026
CaveatInterim Validation, No assurance of the minimum strength of generated keys
VendorEricsson Enterprise Wireless Solutions, Inc.

Approved Algorithms (33)

AlgorithmACVP Cert
AES-CBCA2584
AES-CTRA2584
AES-ECBA2584
Counter DRBGA2584
DSA KeyGen (FIPS186-4)A2584
DSA PQGGen (FIPS186-4)A2584
DSA PQGVer (FIPS186-4)A2584
DSA SigGen (FIPS186-4)A2584
DSA SigVer (FIPS186-4)A2584
ECDSA KeyGen (FIPS186-4)A2584
ECDSA KeyVer (FIPS186-4)A2584
ECDSA SigGen (FIPS186-4)A2584
ECDSA SigVer (FIPS186-4)A2584
HMAC-SHA-1A2584
HMAC-SHA2-224A2584
HMAC-SHA2-256A2584
HMAC-SHA2-384A2584
HMAC-SHA2-512A2584
KAS-ECC-SSC Sp800-56Ar3A2584
KAS-FFC-SSC Sp800-56Ar3A2584
PBKDFA2584
RSA KeyGen (FIPS186-4)A2584
RSA SigGen (FIPS186-4)A2584
RSA SigVer (FIPS186-4)A2584
Safe Primes Key GenerationA2584
SHA-1A2584
SHA2-224A2584
SHA2-256A2584
SHA2-384A2584
SHA2-512A2584
TDES-CBCA2584
TDES-ECBA2584
TLS v1.2 KDF RFC7627A2584

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cradlepoint Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C3,C5,C6 clue;
  class I3,I5,I6 infer;
  class R3,R5,R6 risk;
  class E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cradlepoint Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Ericsson Enterprise Wireless Solutions, Inc. Ericsson Cradlepoint Cryptographic Module Software Version: 1.0 FIPS Security Level: 1 Document Version: 0.6 Prepared for: Prepared by: Ericsson Enterprise Wireless Corsec Security, Inc. Solutions, Inc.

1100 W. Idaho Street, Suite 800 12600 Fair Lakes Circle, Suite 210

Boise, ID 83702-5389 Fairfax, VA 22033 United States United States of America Phone: +1 855 813 3385 Phone: +1 703 267 6050 www.cradlepoint.com www.corsec.com

Page 2

Abstract This is a non-proprietary Cryptographic Module Security Policy for the Ericsson Cradlepoint Cryptographic Module (version: 1.0) from Ericsson Enterprise Wireless Solutions, Inc. (Ericsson). This Security Policy describes how the Ericsson Cradlepoint Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in its Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Ericsson Cradlepoint Cryptographic Module is referred to in this document as Cradlepoint Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1 – Security Level per FIPS 140-3 Section5
Table 2 – Tested Operational Environments6
Table 3 – Vendor-Affirmed Operational Environments6
Table 4 – Approved Algorithm Validation Certificates7
Table 5 – Non-Approved Algorithms Allowed in the Approved Mode of Operation10
Table 6 – Ports and Interfaces13
Table 7 – Roles, Service Commands, Input and Output14
Table 8 – Approved Services15
Table 9 – Keys21
Table 10 – Other SSPs22
Table 11 – Acronyms and Abbreviations30
Figure 1 – GPC Block Diagram11
Figure 2 – Module Block Diagram (with Cryptographic Boundary)12
Page 5
  1. General Ericsson is a global leader in cloud-delivered 4G and 5G wireless network edge solutions. Ericsson’s NetCloud™ platform and cellular routers deliver a pervasive, secure, and software-defined Wireless WAN1 edge to connect people, places, and things – anywhere. More than 28,500 businesses and government agencies worldwide, including many Global 2000 organizations and top public sector agencies, rely on Ericsson to keep mission-critical sites, points of commerce, field forces, vehicles, and IoT 2 devices always connected. Ericsson’s NetCloud for Branch makes it easy to accelerate connecting to the Internet and critical applications from anywhere. Designed for traditional medium branches or locations requiring flexible connectivity, reliable performance, and simplified management, this all-in-one, compact endpoint includes full-featured routing, security, and Wi-Fi without needing extra hardware or complicated configurations. The Ericsson Cradlepoint Cryptographic Module version 1.0 is a cryptographic library as part of the NetCloud operating system (OS) kernel that provides cryptographic services for Ericsson endpoints. The module offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and SSP establishment functions to secure dataat-rest/data-in-flight and to support secure communications protocols (including TLS 3 1.2). The Ericsson Cradlepoint Cryptographic Module is validated at the FIPS 140-3 section levels shown in Table
  2. Table 1 – Security Level per FIPS 140-3 Section ISO/IEC 24759 Section
  3. FIPS 140-3 Section Title Security Level [Number Below]
1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services, and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment 1
7 Physical Security N/A
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 1
10 Self-tests 1
11 Life-Cycle Assurance 1
12 Mitigation of Other Attacks N/A

The module has an overall security level of 1.

1 WAN – Wide Area Network
2 IoT – Internet of Things
3 TLS – Transport Layer Security

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 6

2. Cryptographic Module Specification The Ericsson Cradlepoint Cryptographic Module (version 1.0) is a software module with a multi-chip standalone embodiment. The module is designed to operate within a modifiable operational environment.

2.1 Operational Environments

The module was tested and found to be compliant with FIPS 140-3 requirements on the environment listed in Table 2. Table 2

1 NetCloud OS 7 Cradlepoint E3000 ARM Cortex-A (ARMv8-A) With

2 NetCloud OS 7 Cradlepoint E3000 ARM Cortex-A (ARMv8-A) Without

Each test environment includes a Qualcomm 802.11ax SoC 4 with four ARM Cortex-A processing cores. These processing cores support the ARMv8 Cryptography Extensions. The Cryptography Extensions include A64, A32, and T32 instructions for accelerating AES and SHA implementations. The module is designed to utilize the extended instruction sets when available. The vendor affirms the module’s continued validation compliance when operating on the environments listed in Table 3. Table 3

1 NetCloud OS 7 Ericsson Cradlepoint R920
2 NetCloud OS 7 Ericsson Cradlepoint R2105/R2155
3 NetCloud OS 7 Ericsson Cradlepoint R1900
4 NetCloud OS 7 Ericsson Cradlepoint E300
5 NetCloud OS 7 Ericsson Cradlepoint S700/S750
6 NetCloud OS 7 Ericsson Cradlepoint R980
7 NetCloud OS 7 Ericsson Cradlepoint E400
8 NetCloud OS 7 Ericsson Cradlepoint S400/S450
9 NetCloud OS 7 Ericsson Cradlepoint R2400

The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC uses any single-user operating system/mode specified on the validation certificate,

4 SoC – System on a Chip

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 7

or another compatible single-user operating system. The CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when ported to an operational environment not listed on the validation certificate. The sections below describe the module boundary, modes of operation, and algorithm implementations.

2.2 Algorithm Implementations

Validation certificates for each Approved security function are listed in Table 4 below. Table 4

5 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

6 PUB – Publication
7 CBC – Cipher Block Chaining
8 CTR – Counter
9 ECB – Electronic Code Book
10 CKG – Cryptographic Key Generation
11 CVL – Component Validation List
12 TLS – Transport Layer Security

No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.

14 No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.

15 DRBG – Deterministic Random Bit Generator
16 DSA – Digital Signature Algorithm
17 ECDSA – Elliptic Curve Digital Signature Algorithm

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 8

CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate5 Standard Key Strengths - P-224, P-256, P-384 Public key verification (SHA2-256, SHA2-384, SHA2-512) - P-224, P-256, P-384 Digital signature generation (SHA2-256, SHA2-384, SHA2-512) - P-224, P-256, P-384 (SHA- Digital signature verification 1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) A2584 HMAC SHA-1, SHA2-224, SHA2- 112 (minimum) Message authentication FIPS PUB 198-1 256, SHA2-384, SHA2-512 A2584 KAS18 KAS-ECC-SSC with TLS 1.2 P-224, P-256, P-384 Key agreement19 NIST SP 800-56Arev3 KDF RFC7627 NIST SP 800-135rev1 SSP establishment methodology RFC 7627 provides between 112 and 256 bits of encryption strength. KAS-FFC-SSC with TLS 1.2 FB, FC, MODP-2048, Key agreement20 KDF RFC7627 MODP-3072, MODP-4096 SSP establishment methodology provides 112 bits of encryption strength. A2584 KAS-ECC-SSC21 EphemeralUnified P-224, P-256, P-384 Shared secret computation NIST SP 800-56Arev3 A2584 KAS-FFC-SSC22 dhEphem FB, FC, MODP-2048, Shared secret computation NIST SP 800-56Arev3 MODP-3072, MODP-4096 A2584 KTS23 AES with HMAC 128, 192, 256 Key wrap/unwrap FIPS PUB 197 (encryption//decryption with FIPS PUB 198-1 message authentication) 24 SSP establishment methodology provides 112 bits of encryption strength. A2584 KTS Triple-DES25 with HMAC 168 (KO1) Key unwrap (decryption with NIST SP 800-67rev2 message authentication) 26 FIPS PUB 198-1 SSP establishment methodology provides 168 bits of encryption strength. A2584 PBKDF227 Section 5.4, option 1a SHA-1, SHA2-224, SHA2- Password-based key derivation NIST SP 800-132 256, SHA2-384, SHA2-512

18 KAS – Key Agreement Scheme

19 Key agreement method complies with FIPS 140-3 Implementation Guidance D.F, scenario 2(1).

20 Key agreement method complies with FIPS 140-3 Implementation Guidance D.F, scenario 2(1).

21 KAS-ECC-SSC

22 KAS-FFC-SSC

KTS

24 Per FIPS 140-3 Implementation Guidance D.G, AES in any Approved mode with HMAC is an Approved key transport technique.

25 DES – Data Encryption Standard

26 Per FIPS 140-3 Implementation Guidance D.G, Triple DES in any Approved mode with HMAC is an Approved key transport technique.

27 PBKDF2 – Password-based Key Derivation Function 2

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 9

CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate5 Standard Key Strengths A2584 RSA28 Key generation mode: 2048, 3072, 4096 Key pair generation FIPS PUB 186-4 B.3.3 ANSI X9.31 2048, 3072, 4096 (SHA2- Digital signature generation 256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-256, SHA2384, SHA2-512) PKCS#1 v1.5 2048, 3072, 4096 (SHA2- Digital signature generation 224, SHA2-256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512) PSS29 2048, 3072, 4096 (SHA2- Digital signature generation 224, SHA2-256, SHA2-384, SHA2-512) 1024, 2048, 3072, 4096 Digital signature verification (SHA-1, SHA2-224, SHA2256, SHA2-384, SHA2-512) A2584 Safe Primes - MODP-2048, MODP-3072, Key generation NIST SP 800-56Arev3, MODP-4096 Appendix D A2584 SHS30 SHA-1, SHA2-224, SHA2- - Message digest FIPS PUB 180-4 256, SHA2-384, SHA2-512 A2584 Triple-DES CBC, ECB 168 (KO1) Encryption/decryption NIST SP 800-67rev2 NIST SP 800-38A The encrypt function is used only to support self-testing. During operation, it is not available in the Approved mode. The vendor affirms the following cryptographic security methods:

28 RSA – Rivest Shamir Adleman
29 PSS – Probabilistic Signature Scheme
30 SHS – Secure Hash Standard

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 10

Table 5

128 and 256 bits of encryption strength. mode)

Triple-DES (Cert. A2584) SSP establishment methodology provides between Key unwrapping (using any approved

112 and 168 bits of encryption strength. mode with two-key or three-key)

The module does not implement any non-Approved algorithms allowed in the Approved mode of operation for which no security is claimed. The module does not implement any non-Approved algorithms not allowed in the Approved mode of operation.

2.3 Cryptographic Boundary

As a software cryptographic module, the module has no physical components. Therefore, the physical perimeter of the cryptographic module is defined by each host device on which the module is installed. Figure 1 below illustrates a block diagram of a typical general-purpose computer (GPC) and the module’s physical perimeter. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 11

Hardware Network DVD RAM Management Interface HDD Clock SCSI/SATA Generator Controller LEDs/LCD CPU Serial I/O Hub Audio Cache PCI/PCIe Slots USB BIOS Power Graphics PCI/PCIe Interface Controller Slots External Power Supply KEY: BIOS

31 HMAC – Keyed-Hash Message Authentication Code

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 12

libssl libssl.hmac Calling Application KEY: libcrypto libcrypto.hmac Cryptographic Boundary Physical Perimeter Operating System Data Input Data Output Control Input Control Output Status Output CPU Memory Storage Ports System Calls Host Device Figure 2

2.4 Modes of Operation

The module only implements one mode of operation, the Approved mode, in which the Approved and allowed cryptographic functions are available. The module transitions to the Approved mode of operation automatically after the module completes its pre-operational self-tests. No configuration is necessary for the module to operate and remain in the Approved mode. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 13
  1. Cryptographic Module Interfaces FIPS 140-3 defines the following logical interfaces for cryptographic modules: • Data Input • Data Output • Control Input • Control Output • Status Output As a software library, the cryptographic module has no direct access to any of the host platform’s physical ports, as it communicates only to the calling application via its well-defined API. A mapping of the FIPS-defined interfaces and the module’s interfaces can be found in Table
  2. Note that the module does not output control information, and thus has no specified control output interface. Table 6 – Ports and Interfaces Physical Port Logical Interface Data That Passes Over Port/Interface Physical data input port(s) of Data Input • Data to be encrypted, decrypted, signed, the tested platforms • API input arguments that provide verified, or hashed input data for processing • Keys to be used in cryptographic services • Random seed material for the module’s DRBG • Keying material to be used as input to key establishment services Physical data output port(s) of Data Output • Data that has been encrypted, the tested platforms • API output arguments that return decrypted, or verified generated or processed data back • Digital signatures to the caller • Hashes • Random values generated by the module’s DRBG • Keys established using module’s key establishment methods Physical control input port(s) of Control Input • API commands invoking cryptographic the tested platforms • API input arguments that are services used to initialize and control the • Modes, key sizes, etc. used with operation of the module cryptographic services Physical status output port(s) Status Output • Status information regarding the module of the tested platforms • API call return values • Status information regarding the invoked service/operation Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.
Page 14

4. Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods.

4.1 Authorized Roles

The module supports a Crypto Officer that authorized operators can assume. The CO role performs cryptographic initialization or management functions and general security services. The module also supports the following role(s):

32 MAC – Message Authentication Code

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 15

Role Service Input Output User Perform key wrap API call parameters, wrapping Status, encrypted key key, plaintext key User Perform key unwrap API call parameters, wrapping Status, decrypted key key, wrapped key User Compute shared secret API call parameters Status, shared secret User Derive TLS keys API call parameters, TLS pre- Status, TLS keys master secret User Derive key via PBKDF2 API call parameters, password Status, key

4.2 Authentication Methods

The module does not support authentication methods; operators implicitly assume an authorized role based on the service selected.

4.3 Services

Descriptions of the Approved services available to the authorized roles are provided in Table 8 below. The module is an integrated component of Ericsson’s NetCloud OS and offers crypto functions to applications installed on the Cradlepoint devices. While the module includes implementations of non-Approved security functions that can be called by other Ericsson modules, all such invocations will return failure codes to the caller. This effectively limits the service offerings to Approved services only. As allowed for this scenario per section C.H of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global FIPS mode indicator) and an implicit indication (via the API return value of the service). The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 16

Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or Indicator Function(s) SSPs Show versioning Return module None None CO N/A N/A information versioning information Perform Encrypt plaintext AES (Cert. A2584) AES key User AES key

Page 17

5. Software/Firmware Security All software components within the cryptographic boundary are verified using an Approved integrity technique implemented within the cryptographic module itself. The module implements an HMAC SHA2-256 for the integrity test of each library file; failure of the integrity check for either library file will cause the module to enter a critical error state. The module’s integrity check is performed automatically at module instantiation (i.e., when the module is loaded into memory for execution) without action from the module operator. The CO can initiate the pre-operational tests and conditional CASTs on demand by re-instantiating the module or issuing the FIPS_selftest() API command. The Ericsson Cradlepoint Cryptographic Module is not delivered to end-users as a standalone offering. Rather, it is a pre-built integrated component of Ericsson’s solutions. Ericsson does not provide end-users with any mechanisms to directly access the module, its source code, its APIs, or any information sent to/from the module. Thus, end-users have no ability to independently load the module onto target platforms. No configuration steps are required to be performed by end-users, and no end-user action is required to initialize the module for operation. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 18

6. Operational Environment The Ericsson Cradlepoint Cryptographic Module comprises a software cryptographic library that executes in a modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host device’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environment provides the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environment. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Please refer to section 2.1 of this document for a list/description of the applicable operational environments. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 19

7. Physical Security The cryptographic module is software module and does not include physical security mechanisms. Therefore, per ISO/IEC 19790:2021 section 7.7.1, requirements for physical security are not applicable. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 20

8. Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 21

9. Sensitive Security Parameter Management

9.1 Keys and Other SSPs

The module supports the keys and other SSPs listed Table 9 and Table 10 below. Table 9

Page 22

Key/SSP Strength Security Function Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type and Cert. Number Keys RSA private key Between 80 RSA Generated Imported in - Not persistently Unload module; Digital (CSP) and 150 bits (Cert. A2584) internally via plaintext via API stored by the Remove power signature approved DRBG parameter module generation Exported in plaintext via API parameter RSA public key Between 80 RSA Generated Imported in - Not persistently Unload module; Digital (PSP) and 150 bits (Cert. A2584) internally via plaintext via API stored by the Remove power signature approved DRBG parameter module verification Exported in plaintext via API parameter DH private 112 bits KAS-FFC-SSC Generated Imported in - Not persistently Unload module; DH shared component (Cert. A2584) internally via plaintext via API stored by the Remove power secret (CSP) approved DRBG parameter module computation Exported in plaintext via API parameter DH public 112 bits KAS-FFC-SSC Generated Imported in - Not persistently Unload module; DH shared component (Cert. A2584) internally via plaintext via API stored by the Remove power secret (PSP) approved DRBG parameter module computation Exported in plaintext via API parameter ECDH private Between 112 KAS-ECC-SSC Generated Imported in - Not persistently Unload module; ECDH shared component and 256 bits (Cert. A2584) internally via plaintext via API stored by the Remove power secret (CSP) approved DRBG parameter module computation Exported in plaintext via API parameter ECDH public Between 112 KAS-ECC-SSC Generated Imported in - Not persistently Unload module; ECDH shared component and 256 bits (Cert. A2584) internally via plaintext via API stored by the Remove power secret (PSP) approved DRBG parameter module computation Exported in plaintext via API parameter Table 10

Page 23

Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert. Number Keys TLS master - KDF (TLS) - Never imported Derived internally Not persistently Unload module; Derivation of secret (Cert. A2584) using the TLS pre- stored by the Remove power the AES/AES(CSP) Never exported master secret via module GCM key and TLS KDF HMAC key used for securing TLS connections DRBG entropy - DRBG - Imported in - Not persistently Unload module; Entropy input (Cert. A2584) plaintext via API stored by the Remove power material for (CSP) parameter 33; module DRBG Never exported DRBG seed - DRBG Generated Never imported - Not persistently Unload module; Seeding (CSP) (Cert. A2584) internally using stored by the Remove power material for nonce along Never exported module DRBG with DRBG entropy input DRBG ‘V’ value - DRBG Generated Never imported - Not persistently Unload module; State value for (CSP) (Cert. A2584) internally stored by the Remove power DRBG Never exported module DRBG ‘Key’ - DRBG Generated Never imported - Not persistently Unload module; State value for value (Cert. A2584) internally stored by the Remove power DRBG (CSP) Never exported module

9.2 DRBGs

The module implements the following Approved DRBG:

9.3 SSP Storage Techniques

There is no mechanism within the module’s cryptographic boundary for the persistent storage of SSPs. The module stores DRBG state values for the lifetime of the DRBG instance. The module uses SSPs passed in on the stack by the calling application and does not store these SSPs beyond the lifetime of the API call. 33The module relies on entropy input received from the calling application, which is outside of the cryptographic boundary. Thus, there is no assurance of the minimum strength of generated keys. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 24
9.4 SSP Zeroization Methods

As a software cryptographic module, there is no mechanism within the module boundary for the persistent storage of keys and CSPs. Maintenance, including protection and zeroization, of any keys and CSPs that exist outside the module’s cryptographic boundary are the responsibility of the end-user. For the zeroization of keys in volatile memory, module operators can unload the module from memory or reboot/power-cycle the host device.

9.5 RGB Entropy Sources

The cryptographic module’s entropy scheme follows the scenario given in FIPS 140-3 Implementation Guidance 9.3.A, section 2(b). The module invokes a GET command to obtain entropy for random number generation (the module requests 256 bits of entropy from the calling application per request), and then passively receives entropy from the calling application while having no knowledge of the entropy source and exercising no control over the amount or the quality of the obtained entropy. The calling application and its entropy sources are located within the physical perimeter of the module’s operational environment but outside its cryptographic boundary. Thus, there is no assurance of the minimum strength of the generated SSPs. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 25

10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.

10.1 Pre-Operational Self-Tests

The module performs the following pre-operational self-test(s):

10.2 Conditional Self-Tests

The module performs the following conditional self-tests:

34 KAT – Known Answer Test

Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 26

To ensure all CASTs are performed prior to the first operational use of the associated algorithm, all CASTs are performed during the module’s initial power-up sequence. The SHA and HMAC KATs are performed prior to the pre-operational software integrity test; all other CASTs are executed after the successful completion of the software integrity test.

10.3 Self-Test Failure Handling

The module reaches the critical error state when any self-test fails. Upon test failure, the module immediately terminates the calling application’s API call with a returned error code and sets an internal flag, signaling the error condition. For any subsequent request made by the calling application for cryptographic services, the module will return a failure indicator, thereby disabling all access to its cryptographic functions, sensitive security parameters (SSPs), and data output services while the error condition persists. To recover, the module must be re-instantiated by the calling application. If the pre-operational self-tests complete successfully, then the module can resume normal operations. If the module continues to experience self-test failures after reinitializing, then the module will not be able to resume normal operations, and the CO should contact Ericsson Enterprise Wireless Solutions, Inc. for assistance. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 27

11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

11.1 Secure Installation

The module is distributed as a package containing the binaries and HMAC digest files that the Crypto Officer is to install onto a target platform specified in section 6 or one where portability is maintained.

11.2 Initialization

This module is designed to support vendor applications, and these applications are the sole consumers of the cryptographic services provided by the module. No end-user action is required to initialize the module for operation; the calling application performs any actions required to initialize the module. The pre-operational integrity test and cryptographic algorithm self-tests are performed automatically via a DEP when the module is loaded for execution, without any specific action from the calling application or the end-user. End-users have no means to short-circuit or bypass these actions. Failure of any of the initialization actions will result in a failure of the module to load for execution.

11.3 Startup

No startup steps are required to be performed by end-users.

11.4 Administrator Guidance

There are no specific management activities required of the CO role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Ericsson Customer Support should be contacted. The following list provides additional guidance for the CO:

Page 28
11.5 Non-Administrator Guidance

The following list provides additional policies for non-administrators:

Page 29

12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 30

Appendix A. Acronyms and Abbreviations Table 11 provides definitions for the acronyms and abbreviations used in this document. Table 11

Page 31

Term Definition GMAC Galois Message Authentication Code GPC General-Purpose Computer HMAC (keyed-) Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding MD Message Digest NIST National Institute of Standards and Technology OCB Offset Codebook OFB Output Feedback OS Operating System PBKDF Password-Based Key Derivation Function PCT Pairwise Consistency Test PKCS Public Key Cryptography Standard PSS Probabilistic Signature Scheme PUB Publication RC Rivest Cipher RNG Random Number Generator RSA Rivest Shamir Adleman SHAKE Secure Hash Algorithm KECCAK SHA Secure Hash Algorithm SHS Secure Hash Standard SP Special Publication SSC Shared Secret Computation TDES Triple Data Encryption Standard TLS Transport Layer Security XEX XOR Encrypt XOR XTS XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing Ericsson Cradlepoint Cryptographic Module ©2026 Ericsson Enterprise Wireless Solutions, Inc.

Page 32

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com Web: www.corsec.com