All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Tablo Medical Informatics System

Certificate#4812StandardFIPS 140-3Level1TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorOutset Medical, Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 22 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date9/23/2026
CaveatInterim validation
VendorOutset Medical, Inc.

Approved Algorithms (48)

AlgorithmACVP Cert
AES-CBCA2699
AES-CBCA2701
AES-CCMA2699
AES-CCMA2701
AES-CTRA2699
AES-CTRA2701
AES-GCMA2699
AES-GCMA2701
Counter DRBGA2699
Counter DRBGA2701
DSA KeyGen (FIPS186-4)A2699
DSA SigVer (FIPS186-4)A2699
DSA SigVer (FIPS186-4)A2701
ECDSA KeyGen (FIPS186-4)A2699
ECDSA KeyVer (FIPS186-4)A2699
ECDSA SigVer (FIPS186-4)A2699
ECDSA SigVer (FIPS186-4)A2701
HMAC-SHA-1A2699
HMAC-SHA-1A2701
HMAC-SHA2-256A2699
HMAC-SHA2-256A2701
HMAC-SHA2-384A2699
HMAC-SHA2-384A2701
HMAC-SHA2-512A2699
HMAC-SHA2-512A2701
KAS-ECC-SSC Sp800-56Ar3A2699
KAS-ECC-SSC Sp800-56Ar3A2701
KAS-FFC-SSC Sp800-56Ar3A2699
KDF SSHA2703
KDF TLSA2699
KDF TLSA2702
RSA SigVer (FIPS186-4)A2699
RSA SigVer (FIPS186-4)A2699
RSA SigVer (FIPS186-4)A2699
RSA SigVer (FIPS186-4)A2701
RSA SigVer (FIPS186-4)A2701
RSA SigVer (FIPS186-4)A2701
SHA-1A2699
SHA-1A2701
SHA2-224A2699
SHA2-224A2701
SHA2-256A2699
SHA2-256A2701
SHA2-384A2699
SHA2-384A2701
SHA2-512A2699
SHA2-512A2701
SHA3-256A2700

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Tablo Medical Informatics System
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Tablo Medical Informatics System
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Outset Medical, Inc. Tablo Medical Informatics System Hardware Version: 1.0 Hardware Part Number: PN-0002824 Firmware Version: MIES 4.9.12.6269 FIPS Security Level: 1 Document Version: 1.2 Prepared for: Prepared by: Outset Medical, Inc. Corsec Security, Inc.

3052 Orchard Drive 12600 Fair Lakes Circle, Suite 210

San Jose, CA 95134 Fairfax, VA 22033 United States of America United States of America Phone: +1 669 231-8200 Phone: +1 703 267 6050 www.outsetmedical.com www.corsec.com

Page 2

Abstract This is a non-proprietary Cryptographic Module Security Policy for Tablo Medical Informatics System (firmware version: MIES 4.9.12.6269) from Outset Medical, Inc. (Outset). This Security Policy describes how Tablo Medical Informatics System meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. Tablo Medical Informatics System is referred to in this document as Medical Informatics System or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3
Table of Contents
#SectionPage
Page 4
List of Tables
ItemPage
Table 1 – Security Levels6
Table 2 – Cryptographic Module Tested Configuration7
Table 3 – Cryptographic Algorithm Sources7
Table 4 – Approved Algorithms Validation Certificates8
Table 5 – Non-Approved Algorithms Allowed in the Approved Mode of Operation10
Table 6 – Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed10
Table 7 – Ports and Interfaces12
Table 8 – LED Indicator13
Table 9 – Roles, Service Commands, Input and Output14
Table 10 – Approved Services15
Table 12 – SSPs22
Table 13 – Non-Deterministic Random Number Generation Specification25
Table 14 – Acronyms30
Figure 1 – Tablo Hemodialysis System Functions5
Figure 2 – Tablo Medical Informatics System PN-000282410
Figure 3 – Module Block Diagram (with Cryptographic Boundary)11
Figure 4 – Status/Show Version Screen17
Page 5

1. General The Outset Tablo is a dialysis machine designed from the inside out to offer a better and easier experience for patients and providers. The Outset Tablo machine creates an all-in-one solution that reduces care and infrastructure costs, expands the variety of eligible users, and enables new care delivery models. The Tablo Hemodialysis System is an automated machine designed to filtrate blood and offers multiple automated maintenance functions. It consists of a water purification system, Tablo cartridge, Non-invasive blood pressure cuff, and a two-way data communication. The Tablo Hemodialysis System is a mobile indoor unit that establishes a two-way data communication that automatically sends treatment data as well as machine performance to the Outset Tablo Cloud. The Tablo machine includes touchscreen guidance that contains animations and conversational instructions. Figure 1

Page 6

The Tablo machine feature set includes inexpensive operations, direct connection to the Tablo Cloud, automated functions, and effective hemodialysis features:

1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services, and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment 1
7 Physical Security 1
8 Non-Invasive Security N/A1
9 Sensitive Security Parameter Management 1
10 Self-tests 1
11 Life-Cycle Assurance 1
12 Mitigation of Other Attacks N/A

The module has an overall security level of 1.

1 N/A – Not Applicable

Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 7

2. Cryptographic Module Specification Tablo Medical Informatics System is a hardware module with a multi-chip embedded embodiment. The module is a single board computer (embedded within the Tablo dialysis machine) that securely protects and transmits patient data.

2.1 Operational Environments

Table 2 below lists the module configuration(s) used for validation testing. Table 2

2.2 Algorithm Implementations

Table 3 lists the cryptographic algorithm sources employed by the module. Table 3

Page 8

Table 4

2 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.

No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.

4 The methods of shared secret computation are approved per FIPS 140-3 IG D.F

Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 9

CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / function Certificate2 Standard Key Strengths A2701 AES CBC, CTR 128, 256 Encryption/decryption FIPS PUB 197 NIST SP 800-38A A2701 AES CCM 128, 256 Encryption/decryption NIST SP 800-38C A2701 AES GCM 128, 256 Encryption/decryption NIST SP 800-38D Vendor CKG - - Cryptographic key generation Affirmed NIST SP 800-133rev2 A2701 DRBG Counter-based (derivation 256-bit AES-CTR Deterministic random bit NIST SP 800-90Arev1 function

5 ECC CDH – Elliptic Curve Cryptography Cofactor Diffie-Hellman

No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP.

7 No part of the SSH protocol, other than the KDF, has been tested by the CAVP and CMVP.

Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 10

OpenSSL DRBG cert. A2701 and Bouncy Castle DRBG cert. A2699) as both symmetric keys and seeds for generating asymmetric key pairs. The module’s DRBGs are seeded via entropy generated from the module’s internal entropy mechanism. The module implements the non-Approved but allowed algorithms shown in Table 5 below, in both the Tablo Medical Informatics System OpenSSL Cryptographic Library and Tablo Medical Informatics System Bouncy Castle Cryptographic Library. Table 5

2.3 Cryptographic Boundary

The cryptographic boundary of the module is defined by the physical perimeter of the Tablo Medical Informatics System (shown in Figure 2). A logical block diagram of the module’s hardware components is provided in Figure 3 below. Figure 2

Page 11

Figure 3

2.4 Excluded Components

There are no excluded hardware or firmware components.

2.5 Modes of Operation

The module supports an Approved mode of operation only. When installed, configured, and operated according to this Security Policy, the module does not support a non-Approved mode of operation. Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 12
  1. Cryptographic Module Interfaces The module supports the following logical interfaces: • Data Input • Data Output • Control Input • Status Output • Power A mapping of the physical ports to the module’s logical interfaces can be found in Table
  2. Note that the module does not output control information, and thus has no specified control output interface. Table 7 – Ports and Interfaces Physical Port Logical Interface Data That Passes Over Port/Interface RS8-232/UART • Control Input • System state information • Status Output • Network configuration information • MIES firmware version • MIES operational status Ethernet • Data Input • Black box log data • Data Output • Treatment data • Control Input • Patient Data • Status Output • License information USB9 • Data Input • Wi-Fi configuration and status data • Data Output • Patient data files • Provisioning Wi-Fi • Data Input • Black box log data • Data Output • Treatment data • Control Input • Patient Data • Status Output • License information 12V DC10-Input • Power • N/A LED • Status Output • N/A GPIO11 • Status Output • N/A USB OTG12 (Not in Use) SD/MMC13 (Not in Use) SIM14 Card slot (Not in Use) RS – Recommended Standard
9 USB – Universal Serial Bus
10 DC – Direct Current
11 GPIO – General Purpose Input/Output
12 USB OTG – Universal Serial Bus On-The-Go

SD/MMC

14 SIM – Subscriber Identity Module

Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 13

Physical Port Logical Interface Data That Passes Over Port/Interface SATA15 (Not in Use) I2C16 (Not in Use) I2S17 (Not in Use) SPI18 (Not in Use) CAN19 (Not in Use) HDMI20 (Not in Use) VGA21 (Not in Use) Audio (Not in Use) Table 8

1 blink Module is loaded
2 blinks Module is performing self-tests
3 blinks Module has entered normal operation
4 blinks Module has entered critical error state
8 blinks Module performing “Import Legacy Data” operation
16 I2C – Inter-Integrated Circuit
17 I2S – Inter-IC Sound
18 SPI – Serial Peripheral Interface
19 CAN – Controller Area Network

HDMI

21 VGA – Video Graphics Array

Tablo Medical Informatics System ©2024 Outset Medical, Inc.

Page 14

4. Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods.

4.1 Authorized Roles

The module supports a Crypto Officer (CO) role and a User role. The CO role performs cryptographic initialization or management functions and general security services. The User role performs general security services, including cryptographic operations and other approved security functions. The operator assumed a Crypto Officer role implicitly by invoking a service allocated to the Crypto Officer and assumes a User role implicitly by invoking a service allocated to the User. The module does not support multiple concurrent operators. Table 9

Page 15
4.2 Operator Services

Descriptions of the services available to the authorized roles are provided in Table 10 below. Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 16

Service Description Approved Security Keys/SSPs Roles Access rights to Keys/SSPs Indicator Function(s) Establish SSH Session Establishes a SSH session AES (CBC, CTR, GCM) AES GCM IV User AES GCM IV

Page 17

The operator can verify the module firmware version on the Tablo Status Screen: Figure 4

4.3 Authentication

The module does not support authentication mechanisms; roles are implicitly selected based on the service invoked. Refer to Table 10 above for a listing of the services associated with each authorized role. ©2024 Outset Medical, Inc.

Page 18

5. Software/Firmware Security All firmware components within the cryptographic boundary are verified using an integrity technique implemented within the cryptographic module itself. The module implements a CRC-32 integrity test of the module firmware. Failure of the integrity check for the module will cause the module to enter a critical error state. Tablo Medical Informatics System is not delivered to end-users as a standalone offering and is only used in conjunction with the Outset Tablo. The CO can initiate the pre-operational tests on demand by power-cycling the Outset Tablo. The module does not support firmware upgrade. In order to provision the module, the CO must first invoke the “Import Provision File” service and obtain the specified indicator that the service was executed successfully (note this step is not required to operate the module in Approved mode). ©2024 Outset Medical, Inc.

Page 19

6. Operational Environment The operational environment of the module does not provide access to a general-purpose operating system (OS). The module employs a non-modifiable operational environment. The operating system offers no mechanism whereby the operator can modify software/firmware components, nor can the operator load and execute software or firmware that was not included as part of the validation of the module. The module’s operating system is Linux 4.1.15 LTS23. LTS

Page 20

7. Physical Security As a multi-chip embedded module, the module is composed of production-grade components necessary to meet FIPS 140-3 level 1 physical security requirements. All components of the hardware are coated with commercial standard passivation. ©2024 Outset Medical, Inc.

Page 21

8. Non-Invasive Security There are currently no approved non-invasive mitigation techniques referenced in ISO/IEC 19790:2021 Annex F. ©2024 Outset Medical, Inc.

Page 22

9. Sensitive Security Parameter Management The module supports the keys and other SSPs listed in Table 11

Page 23

Key/SSP Strength Security Function Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type and Cert. Number Keys ECDH Public All approved KAS-SSC-ECC Generated No / Yes No Plaintext in Reboot; Generation of Key P/B/K curves (Certs. A2699 internally via volatile remove power; SSH and TLS Component and A2701) approved memory session shared secrets DRBG termination TLS Session AES AES (Certs. No No / No Derived Plaintext in Reboot; Encryption and Key AES-GCM A2699 and internally volatile remove power; decryption of A2701) using the TLS memory session TLS session Master termination packets; AES AES-GCM (Cert. Secret GCM IV is used A2701) with the TLS Session key. TLS HMAC (Certs. No No / No Derived Plaintext in Reboot; Authentication Authentication A2699 and internally volatile remove power; of TLS session Key A2701) using the TLS memory session packets Master termination Secret Other SSPs SSH Password - SSH KDF (Cert. ) No No / No Preloaded Encrypted in No Password used non-volatile to authenticate memory MIES to Wi-Fi module SSH Shared - No No / No Computed Plaintext in Reboot; Derivation of Secret via DH/ECDH volatile remove power; the SSH Session shared secret memory session and computation termination authentication Keys; AES GCM IV is used with the SSH Session key. TLS Premaster - TLS 1.2 KDF No No / No Computed Plaintext in Reboot; Derivation of Secret (Cert. A2702) via DH/ECDH volatile remove power; the TLS master shared secret memory session secret computation termination TLS Master - - No No / No Derived Plaintext in Reboot; Derivation of Secret internally volatile remove power; the TLS session using the TLS memory session (AES) and Premaster termination authentication Secret via (HMAC) keys, TLS KDF and the GCM IV. AES GCM IV - AES GCM (Certs. No No / No Derived Plaintext in Reboot; Initialization A2699 and internally volatile remove power; vector for AES A2701) using the TLS memory session GCM Master termination Secret24 or generated for SSH in compliance with RFC 564725. DRBG entropy - DRBG N/A No / No Produced Plaintext in Upon module Establishment of input (Certs. A2699 internally via RAM reboot seed for and A2701) Approved CTR_DRBG entropy Upon session source termination DRBG seed - DRBG N/A No / No Established Plaintext in Upon module Generation of (Certs. A2699 internally RAM reboot random number and A2701) using entropy Upon session input string termination via DRBG DRBG ‘V’ value - DRBG Generated No / No N/A Plaintext in Upon module State value for (Certs. A2699 internally RAM reboot CTR_DRBG and A2701) within DRBG Upon session termination

24 The IV generation method complies with technique #1 (for TLS 1.2 GCM Cipher Suites) in FIPS 140-3 IG C.H. RFC 5246 defines the TLS 1.2 protocol; RFC

5288 defines the use of the AES-GCM encryption with the TLS protocol. Each IV is generated and used only within each protocol’s implementation.

25 The IV generation method complies with technique #1 (for SSHv2 protocol) in FIPS 140-3 IG C.H. Each IV is generated and used only within each

protocol’s implementation. ©2024 Outset Medical, Inc.

Page 24

Key/SSP Strength Security Function Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type and Cert. Number Keys DRBG ‘Key’ - DRBG Generated No / No N/A Plaintext in Upon module State value for value (Certs. A2699 internally RAM reboot CTR_DRBG and A2701) within DRBG Upon session termination

9.1 Algorithm Specific Information
9.1.1 AES-GCM

The AES-GCM IV is used in the following protocols:

9.1.2 KAS

The module performs all applicable key assurances for its DH and ECDH implementations as specified in section 9 of NIST SP 800-56Arev3. These tests are performed as conditional tests.

9.2 SSP Zeroization

In order to zeroize all keys and CSPs present within the module, the operator shall decommission the module by performing the following steps:

  1. Upload patient log files to the cloud and clear from MI board
  2. Erase volatile storage in MIES unit
  3. Clear log files from black box USB For further detailed information on each step please refer to the “Tablo X Hemodialysis System De-Installation Procedure”, steps 4, 5, and
  4. For the zeroization of keys in volatile memory, module operators can power-cycle the Tablo machine.
9.3 RBG Entropy Sources

Table 12 below specifies the module’s entropy sources. RFC

Page 25

Table 12

Page 26

10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time a cryptographic module is powered on or instantiated (after being powered off, reset, rebooted, cold-start, power interruption, etc.) and before the module transitions to the operational state. Conditional selftests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.

10.1 Pre-Operational Self-Tests

The module performs the following pre-operational self-test(s):

10.2 Conditional Self-Tests

The module performs the following conditional cryptographic algorithm self-tests (CASTs):

Page 27
10.3 On-Demand Self-Tests

The CO can initiate the pre-operational self-test (as well as the conditional CASTS) on demand for periodic testing of the module by power-cycling the Tablo machine. The LED will blink 2 times to indicate that self-tests are running.

10.4 Self-Test Failure Handling

Upon failure of any self-test, the module will set an internal flag and enter a critical error state. In this state, the module will no longer perform cryptographic services or output data over the data output interfaces. For any subsequent request for cryptographic services, the module will return a failure indicator. To recover, the module must be reinitialized by power-cycle of the Tablo machine. If the pre-operational self-tests complete successfully, then the module can resume normal operations. If the module continues to experience self-test failures after reinitializing, then the module will not be able to resume normal operations, and the CO should contact Outset Medical, Inc. for assistance. ©2024 Outset Medical, Inc.

Page 28

11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration. Module operators shall follow all guidance provided guidance in this section to ensure the module is operating in a compliant manner. Operating the module without following this guidance (including the use of undocumented services) will result in non-compliant behavior and is outside the scope of this Security Policy.

11.1 Secure Installation

The Medical Informatics System is delivered to the end user contained within the larger Outset Tablo machine, and there are no further installation procedures required by the operator.

11.2 Initialization

No initialization steps are required to be performed by end-users.

11.3 Startup

No setup steps are required to be performed by end-users.

11.4 Administrator Guidance

There are no specific management activities required of the CO role to ensure that the module runs securely. However, if any irregular activity is noticed or the module is consistently reporting errors, then Outset Customer Support should be contacted. Module operators can view the module’s operational status via the Tablo machine GUI.

11.5 Non-Administrator Guidance

The following list provides guidance for the User role:

11.6 Common Vulnerabilities and Exposures

There are no known CVEs associated with the cryptographic module. ©2024 Outset Medical, Inc.

Page 29

12. Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 1 requirements for this validation. ©2024 Outset Medical, Inc.

Page 30

13. Acronyms and Abbreviations Table 13 provides definitions for the acronyms and abbreviations used in this document. Table 13

Page 31

Term Definition GMAC Galois Message Authentication Code GPC General-Purpose Computer HMAC (keyed-) Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding MD Message Digest NIST National Institute of Standards and Technology OCB Offset Codebook OFB Output Feedback OS Operating System PBKDF Password-Based Key Derivation Function PCT Pairwise Consistency Test PKCS Public Key Cryptography Standard PSS Probabilistic Signature Scheme PUB Publication RC Rivest Cipher RNG Random Number Generator RSA Rivest Shamir Adleman SHAKE Secure Hash Algorithm KECCAK SHA Secure Hash Algorithm SHS Secure Hash Standard SP Special Publication TLS Transport Layer Security XEX XOR Encrypt XOR XTS XEX-Based Tweaked-Codebook Mode with Ciphertext Stealing ©2024 Outset Medical, Inc.

Page 32

Prepared by: Corsec Security, Inc.

2600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com