| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 10/10/2029 |
| Caveat | Interim Validation. When installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper-evident seals are installed/applied as indicated in the Security Policy. |
| Vendor | Cloud Software Group |
flowchart LR
%% Deterministic review-risk graph for NetScaler MPX
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware load<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for NetScaler MPX
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware load<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Cloud Software Group NetScaler MPX Hardware Models: 8900 FIPS, 9100 FIPS, 15000-50G FIPS series Part numbers: 8905 FIPS, 8910 FIPS, 8920 FIPS, 9120 FIPS, 9130 FIPS, 9140 FIPS, 9160 FIPS, 9180 FIPS, 9195 FIPS, 15030-50G FIPS, 15040-50G FIPS, 15060-50G FIPS, 1508050G FIPS, 15100-50G FIPS, 15120-50G FIPS Firmware Version: 13.1.FIPS FIPS Security Level: 2 Document Version: 0.4 Prepared for: Prepared by: Cloud Software Group Corsec Security, Inc.
Fort Lauderdale, FL 33309 Fairfax, VA 22033 United States of America United States of America Phone: +1 954 267 3000 Phone: +1 703 267 6050 www.cloud.com www.corsec.com
Abstract This is a non-proprietary Cryptographic Module Security Policy for the NetScaler MPX (version: 13.1.FIPS) from Cloud Software Group (Cloud). This Security Policy describes how the NetScaler MPX meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 2 FIPS 140-3 validation of the module. The NetScaler MPX is referred to in this document as NetScaler MPX or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:
| # | Section | Page |
|---|
List of Tables NetScaler MPX ©2024 Cloud Software Group
| Item | Page |
|---|---|
| Figure 1 – Typical NetScaler MPX Deployment | 7 |
| Figure 2 – NetScaler MPX 89xx FIPS Front Panel | 17 |
| Figure 3 – NetScaler MPX 89xx FIPS Rear Panel | 18 |
| Figure 4 – NetScaler MPX 91xx FIPS Front Panel | 18 |
| Figure 5 – NetScaler MPX 91xx FIPS Rear Panel | 18 |
| Figure 6 – NetScaler MPX 15xxx-50G FIPS Front Panel | 18 |
| Figure 7 – NetScaler MPX 15xxx-50G FIPS Rear Panel | 19 |
| Figure 8 – Front Cover of the MPX 89xx FIPS | 46 |
| Figure 9 – Back Panel of the MPX 89xx FIPS | 47 |
| Figure 10 – Left Side of the MPX 89xx FIPS | 47 |
| Figure 11 – Right Side of the MPX 89xx FIPS | 47 |
| Figure 12 – Front Cover of the MPX 91xx FIPS | 47 |
| Figure 13 – Back Panel of the MPX 91xx FIPS | 48 |
| Figure 14 – Left Side of the MPX 91xx FIPS | 48 |
| Figure 15 – Right Side of the MPX 91xx FIPS | 48 |
| Figure 16 – Front Cover of the MPX 15xxx-50G FIPS | 48 |
| Figure 17 – Back Panel of the MPX 15xxx-50G FIPS | 49 |
| Figure 18 – Left Side of the MPX 15xxx-50G FIPS | 49 |
| Figure 19 – Right Side of the MPX 15xxx-50G FIPS | 49 |
1. General The Netscaler product line optimizes delivery of applications over the Internet and private networks. It is an Application Delivery Controller (ADC) that performs application-specific traffic analysis to intelligently distribute, optimize, and secure L4-L71 network traffic for web-applications. All these capabilities are combined into a single, integrated appliance for increased productivity, with lower overall total cost of ownership. These hardware-based appliances employ a multi-core processor design and are available in a wide range of appliance configurations, from sub gigabit throughput to 50 Gbps2. Each leverages a fully hardened and secure operating system. These appliances are installed in the data center between the clients and the internal customer network. All client requests and server responses pass through it. The internal customer network hosts all load-balancing and authentication services, such as LDAP 3 , Kerberos, and SAML 4 . The module’s features are enabled, and the configured policies are then applied to incoming and outgoing traffic. Figure 1 is an illustration of a typical deployment.
LDAP
NetScaler MPX ©2024 Cloud Software Group
Client Internet Netscaler Internal Customer Network Authentication Services Server 1 Server 2 Kerberos LDAP Server 3 SAML/DFA/ Oauth/OpenID Figure 1
TCP
NetScaler MPX ©2024 Cloud Software Group
malicious requests. It provides built-in defenses against denial-of-service (DoS) attacks and supports features that protect against legitimate surges in application traffic that would otherwise overwhelm the servers. An available built-in firewall protects web applications from Application Layer attacks, including buffer overflow exploits, SQL8 injection attempts, cross-site scripting attacks, and more. In addition, the firewall provides identity theft protection by securing confidential corporate information and sensitive customer data. • Optimization features – Optimization features offload resource-intensive operations, such as SSL 9 processing, data compression, client keep-alive, TCP buffering, and the caching of static and dynamic content from servers. This improves the performance of the servers in the server farm and therefore speeds up applications. The MPX supports several transparent TCP optimizations, which mitigate problems caused by high latency and congested network links, accelerating the delivery of applications while requiring no configuration changes to clients or servers. The NetScaler MPX hardware platform consists of a Control Plane processing function (providing all configuration and management processing functions) and one to seven Data Plane(s), which provide data packet processing functions. All configuration and management activities are performed at the workstation through the web-based GUI 10 , REST 11 ful Nitro API 12 , and CLI 13 interfaces. The GUI includes a configuration utility for configuring the appliance and a statistical utility called Dashboard. NetScaler MPX is validated at the FIPS 140-3 section levels shown in Table
1 General 2
2 Cryptographic Module Specification 2
3 Cryptographic Module Interfaces 2
4 Roles, Services, and Authentication 3
5 Software/Firmware Security 2
6 Operational Environment N/A
7 Physical Security 2
8 Non-Invasive Security N/A14
9 Sensitive Security Parameter Management 2
10 Self-tests 2
11 Life-Cycle Assurance 2
12 Mitigation of Other Attacks N/A
SQL
CLI
NetScaler MPX ©2024 Cloud Software Group
2. Cryptographic Module Specification NetScaler MPX is a hardware module with a multiple-chip standalone embodiment.
The module was tested and found to be compliant with FIPS 140-3 requirements using the hardware models listed in Table 2. Note that all models within a model family employ the same chassis, ports/interfaces, and memory/storage devices. All models across all families run the same operating system and application firmware. Table 2
8900 FIPS series 8905 FIPS 13.1.FIPS
8910 FIPS 13.1.FIPS
8920 FIPS 13.1.FIPS
9100 FIPS series 9110 FIPS 13.1.FIPS
9120 FIPS 13.1.FIPS
9130 FIPS 13.1.FIPS
9140 FIPS 13.1.FIPS
9160 FIPS 13.1.FIPS
9180 FIPS 13.1.FIPS
9195 FIPS 13.1.FIPS
NetScaler MPX ©2024 Cloud Software Group
Model Hardware Firmware Version Distinguishing Features (Part Number and Version) 15060-50G FIPS 13.1.FIPS
The module includes the following cryptographic libraries that provide basic cryptographic functionalities and support secure networking protocols:
Table 3 lists the Approved algorithms implemented in the Netscaler Control Plane Cryptographic Library. Table 3
GCM
NetScaler MPX ©2024 Cloud Software Group
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate17 Standard Key Strengths A3942 CVL24 KDF (IKE25 v1/v2, SSH26, - Key derivation NIST SP 800-135rev1 SNMP27, TLS28 v1.0/v1.1) No parts of the IKE, SSH, SNMP and TLS protocols, other than the KDFs, have been tested by the CAVP and CMVP. A3942 CVL KDF (TLS v1.2) - Key derivation RFC29 5246 RFC 7627 No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. A3942 DRBG30 Counter-based w/ AES-256 Deterministic random bit NIST SP 800-90Arev1 derivation function generation A3942 ECDSA31 Secret generation modes: P-224, P-256, P-384, P-521 Key pair generation FIPS PUB 186-4 Testing candidates, extra bits - P-224, P-256, P-384, P-521 Public key validation - P-224, P-256, P-384, P-521 Digital signature generation (SHA2-224, SHA2-256, SHA2384, SHA2-512) - P-224, P-256, P-384, P-521 Digital signature verification (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) A3942 HMAC32 SHA-1, SHA2-256, SHA2- 112 (minimum) Message authentication FIPS PUB 198-1 384, SHA2-512 The module supports the truncation of HMAC SHA-1 to 96 bits according to NIST SP 800-107rev1. A3942 KAS33 KAS-ECC-SSC with SSH KDF P-224, P-256, P-384, P-521 Key agreement NIST SP 800-56Arev3 NIST SP 800-135rev1 Key establishment methodology Compliant to IG D.F. provides between 112 and 256 bits of Scenario 2, Path 2. encryption strength KAS-ECC-SSC with TLS P-224, P-256, P-384, P-521 Key agreement v1.0/v1.1 KDF Key establishment methodology provides between 112 and 256 bits of encryption strength KAS-FFC-SSC with IKE MODP-2048, MODP-3072, Key agreement v1/v2 KDF MODP-4096, MODP-6144 Key establishment methodology provides between 112 and 176 bits of encryption strength
SNMP
HMAC
NetScaler MPX ©2024 Cloud Software Group
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate17 Standard Key Strengths KAS-FFC-SSC with SSH KDF MODP-2048, MODP-4096 Key agreement Key establishment methodology provides between 112 and 176 bits of encryption strength KAS-FFC-SSC with TLS ffdhe2048, ffdhe3072, Key agreement v1.0/v1.1 KDF ffdhe4096, ffdhe6144 Key establishment methodology provides between 112 and 176 bits of encryption strength A3942 KAS KAS-ECC-SSC with TLS v1.2 P-224, P-256, P-384, P-521 Key agreement NIST SP 800-56Arev3 KDF RFC34 7627 Key establishment methodology Compliant to IG D.F. provides between 112 and 256 bits of Scenario 2, Path 2. encryption strength KAS-FFC-SSC with TLS v1.2 ffdhe2048, ffdhe3072, Key agreement KDF ffdhe4096, ffdhe6144 Key establishment methodology provides between 112 and 176 bits of encryption strength A3942 KAS-ECC-SSC35 EphemeralUnified P-224, P-256, P-384, P-521 Shared secret computation NIST SP 800-56Arev3 A3942 KAS-FFC-SSC36 dhEphem MODP-2048, MODP-3072, Shared secret computation NIST SP 800-56Arev3 MODP-4096, MODP-6144, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144 A3942 KTS-IFC37 rsakpg1-basic KTS-OAEP-basic Key transport NIST SP 800-56Brev2 Compliant to IG D.G. Key establishment methodology provides 112 bits of encryption strength A3942 PBKDF238 Section 5.4, option 1a HMAC SHA-1 Password-based key derivation NIST SP 800-132 A3942 RSA39 Key generation mode: 2048, 3072 Key pair generation FIPS PUB 186-4 B.3.3 2048, 3072 (SHA2-256, SHA2- Digital signature generation 384, SHA2-512) PKCS#1 v1.5 2048, 3072 (SHA-1, SHA2-256, Digital signature verification SHA2-384, SHA2-512) A3942 Safe Primes - MODP-2048, MODP-3072, Key generation NIST SP 800-56Arev3, MODP-4096, MODP-6144, Appendix D ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144
35 KAS-ECC-SSC
36 KAS-FFC-SSC
PBKDF2
NetScaler MPX ©2024 Cloud Software Group
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate17 Standard Key Strengths - MODP-2048, MODP-3072, Key verification MODP-4096, MODP-6144, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144 A3942 SHS40 SHA-1, SHA2-256, SHA2- - Message digest FIPS PUB 180-4 384, SHA2-512 The Netscaler Control Plane Cryptographic Library uses PBKDF option 1a for PEM41 key establishment. The PBKDF takes an input salt that is 128 bits in length with a password/passphrase containing at least 8 characters and produces a random value of 256 bits for AES keys. A password length of 8 characters is enforced by the module (see section 11.2.2 Configure the Passphrase Requirements). In addition, the function has an iteration count of 2,048. The underlying pseudorandom function used in this derivation is HMAC SHA-1. The keys derived from these PBKDF functions are only used for storage applications. The vendor affirms the following cryptographic security methods implemented by the Netscaler Control Plane Cryptographic Library:
Table 5 lists the Approved algorithms implemented in the Netscaler Data Plane Cryptographic Library.
PEM
42 Per FIPS 140-3 Implementation Guidance 2.4.A, this hashing technique with TLS 1.0/1.1 is allowed in the Approved mode with no security claimed.
NetScaler MPX ©2024 Cloud Software Group
Table 5
A3943 CVL KDF (TLS v1.0/1.1) - Key derivation NIST SP 800-56Arev3 No part of TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. A3943 CVL KDF (TLS v1.2) - Key derivation RFC 5246 RFC 7627 No part of the TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. A3943 CVL KDF (TLS v1.3) - Key derivation RFC 8446 No part of TLS protocol, other than the KDF, has been tested by the CAVP and CMVP. A3943 DRBG Hash-based - Deterministic random bit NIST SP 800-90Arev1 generation A3943 ECDSA Secret generation mode: P-224, P-256, P-384, P-521 Key pair generation FIPS PUB 186-4 Testing candidates - P-224, P-256, P-384, P-521 Public key validation - P-224, P-256, P-384, P-521 Digital signature generation (SHA2-224, SHA2-256, SHA2384, SHA2-512) - P-224, P-256, P-384, P-521 Digital signature verification (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) A3943 HMAC SHA-1, SHA2-224, SHA2- 112 (minimum) Message authentication FIPS PUB 198-1 256, SHA2-384, SHA2-512 The cryptographic library supports the truncation of HMAC SHA-1 to 96 bits according to NIST SP 800-107rev1. A3943 KAS-ECC-SSC EphemeralUnified P-224, P-256, P-384, P-521 Shared secret computation NIST SP 800-56Arev3 A3943 KBKDF Counter HMAC-SHA2-256 Key derivation NIST SP 800-108
43 This table includes vendor-affirmed algorithms that are approved but CAVP testing is not yet available.
NetScaler MPX ©2024 Cloud Software Group
CAVP Algorithm and Mode / Method Description / Key Size(s) / Use / Function Certificate43 Standard Key Strengths A3943 KTS-IFC rsakpg1-basic KTS-OAEP-basic Key transport NIST SP 800-56Brev2 Compliant to IG D.G. Key establishment methodology provides 112 bits of encryption strength A3943 RSA PKCS#1 v1.5 4096 (SHA-1, SHA2-224, SHA2- Digital signature verification FIPS PUB 186-2 256, SHA2-384, SHA2-512) A3943 RSA PKCS#1 v1.5 2048, 3072, 4096 (SHA2-224, Digital signature generation FIPS PUB 186-4 SHA2-256, SHA2-384, SHA2512) 1024, 2048, 3072, 4096 (SHA-1, Digital signature verification SHA2-224, SHA2-256, SHA2384, SHA2-512) A3943 SHS SHA-1, SHA2-224, SHA2- - Message digest FIPS PUB 180-4 256, SHA2-384, SHA2-512 *Not all tested algorithms/modes are used by the module. The vendor affirms the following cryptographic security methods implemented by the Netscaler Data Plane Cryptographic Library:
Table 6 lists the Approved algorithms implemented in the module’s Intel Communication Chipset 8955 hardware cryptographic accelerator. Random values are provided by the NetScaler Data Plane Cryptographic Library to cryptographic functions requiring it. NetScaler MPX ©2024 Cloud Software Group
Table 6
Table 6 lists the Approved algorithms implemented in the module’s CPU Jitter Entropy Source. Table 7
The cryptographic boundary of the module is defined by the enclosure of each NetScaler MPX appliance chassis. This includes all ports, physical interfaces, and removable covers. The NetScaler MPX 89xx FIPS appliance is illustrated in Figure 2 and Figure 3. Figure 2
Figure 3 – NetScaler MPX 89xx FIPS Rear Panel The NetScaler MPX 91xx FIPS appliance is illustrated in Figure 4 and Figure
Figure 7
There are no excluded components.
When installed, configured, and operated according to this Security Policy, the module supports the Approved mode of operation only; non-Approved operations are not supported. NetScaler MPX ©2024 Cloud Software Group
Physical Port Logical Interface Data That Passes Over Port/Interface Control Output Control information is sent to remote machines supporting LDAP and RADIUS in order for the module to communicate with these machines. Status Output Status information used to remotely monitor the appliance independently of the firmware via the LightsOut Management (LOM) feature 50G Ethernet port Data Input Network traffic (ingress) Data Output Network traffic (egress) Control Input Administrative data; Management data used to remotely manage the appliance independently of the firmware via the Lights-Out Management (LOM) feature Control Output Control information is sent to remote machines supporting LDAP and RADIUS in order for the module to communicate with these machines. Status Output Status information used to remotely monitor the appliance independently of the firmware via the LightsOut Management (LOM) feature RS-232 serial port Control Input Initial configuration data from a connected computer Status Output Status information sent to a connected computer regarding initial configuration activities LCD Keypad Control Input Initial configuration information from a connected computer; status information (available only on the 89xx FIPS & 15xxx-50G FIPS models) Status Output IP information, system status updates, system information, current selection, or input information Disable Alarm button** Control Input Button used to stop the power alarm from sounding. NMI45 button Control Input Button used (at the request of Technical Support) to initiate a core dump. Power interface Power N/A *1G copper transceivers are supported in 10G slots; 1G fiber transceivers are not supported. **The Disable Alarm button is functional only if a second power supply is installed.
NetScaler MPX ©2024 Cloud Software Group
4. Roles, Services, and Authentication The sections below describe the module’s authorized roles, services, and operator authentication methods.
The module supports a Crypto Officer (CO) that authorized operators can assume. The CO role performs administrative services on the module, such as initialization, configuration, and monitoring of the module. The CO role includes the privileges listed under the read-only, operator, network, and sysadmin command policies. The module also supports the following role(s):
NetScaler MPX ©2024 Cloud Software Group
Role Service Input Output CO, User Establish IPsec session Command Status output / connection success CO Backup and restore Command / backup files Status output / backup files CO Manage encryption keys Command Status output CO Manage HMAC keys Command Status output CO Configure traffic management Command and parameters Command response / status output CO, User Establish TLS session Command Status output / connection success CO, User Resume TLS session Command Status output / connection success CO Apply data policies Command Status output CO Configure security Command and parameters Command response / status output CO Configure Gateway Command and parameters Command response / status output CO Establish Gateway connection Command and parameters Command response / status output / connection success CO Configure external servers for system, AAA, Command and parameters Command response / status output and Gateway authentication CO Configure SNMPv3 Command and parameters Command response / status output CO SNMPv3 traps None Status output CO Zeroize KEK Command Status output (non-error message on success) CO Zeroize SSH private keys Command Status output (non-error message on success) CO, User Authenticate operators Password or certificate Status output / login success CO Firmware load Command and firmware image Status output / new firmware loaded and version The module supports up to 10 concurrent connections. Operators connect to the module via an SSH connection (using the CLI or REST API) of via a TLS connection (using the Web GUI). Each operator authenticates using a username/password or a certificate associated with the correct protocol in order to set up secure communication channels. Each secure session for simultaneous operators is distinguished and kept separate by unique session information, which is provided by the session protocol and protected by the OS. Each session remains active (logged in) and secured until the operator logs out or is automatically logged out from inactivity (inactivity default is 900 seconds).
The module supports identity-based authentication; operators explicitly assume their role based on the authentication credentials used. Each role determines the functionality available to the operator within the module. Operators authenticate to the module using either:
60 seconds) = 6x1010 = 60,000,000,000 bits of data can be transmitted in one minute. The minimum
password is 64 bits (8 bits per character x 8 characters), meaning 9.375x108 passwords can be passed to the module (assuming there is no overhead). This equates to a 1:4,591,650 chance of a random attempt will succeed, or a false acceptance will occur in a one-minute period, which is less than the required probability. Certificate Using conservative estimates and equating a 2048-bit RSA key to a 112-bit symmetric key, the probability for a random attempt to succeed is:
Descriptions of the services available are provided in Table 11 below. As allowed per section 2.4.C of FIPS 140-3 Implementation Guidance, the module provides indicators for the use of Approved services through a combination of an explicit indication (via a global Approved mode indicator) and an implicit indication (via the successful completion of the service). Please note that the keys and Sensitive Security Parameters (SSPs) listed in the table indicate the access rights required using the following notation:
NetScaler MPX ©2024 Cloud Software Group
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Function(s) Configure Add, edit, delete KDF TLS (Cert. A3942) TLS Extended Master Secret CO TLS Extended Master Secret –W/E Command Line system profiles system profiles AES (Cert. A3942) TLS Ticket Encryption Key TLS Ticket Encryption Key
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Function(s) Configure SSH Configure SSH CKG (Vendor Affirmed) SSH Private Key CO SSH Private Key
NetScaler MPX ©2024 Cloud Software Group
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Function(s) Configure Configure TLS; AES (Certs. A3942, A3943) CA54 Public Key CO CA Public Key
ZSK
NetScaler MPX ©2024 Cloud Software Group
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Function(s) Configure Configure DNS None None CO N/A Command Line security security profiles, Interface application firewall profiles and policies, reputation settings, protection features, and content inspection policies Configure Configure AES (Cert. A3942 RDP59 PSK CO RDP PSK
SAML
NetScaler MPX ©2024 Cloud Software Group
Service Description Approved Security Keys and/or SSPs Roles Access Rights to Keys and/or SSPs Indicator Function(s) Configure Configure SNMP AES (Cert. A3942) SNMPv3 Authentication CO SNMPv3 Authentication Passphrase
66 The operator shall be aware the new firmware version may not be a FIPS validated version.
NetScaler MPX ©2024 Cloud Software Group
5. Software/Firmware Security All firmware within the cryptographic boundary is verified using an approved integrity technique implemented within the cryptographic module itself. The module implements a 2048-bit RSA digital signature verification with a SHA-512 hash to ensure the integrity of its firmware components. The module’s pre-operational integrity check is performed automatically at module power-up. This integrity check can also be performed on demand by the module operator by performing a reboot. NetScaler MPX ©2024 Cloud Software Group
6. Operational Environment The module employs a limited operational environment. The module does not provide access to a general-purpose operating system (OS). All services provided by the module are provided by the module’s firmware and external interfaces. All firmware upgrades are digitally signed, and a conditional self-test (RSA signature verification) is performed with each upgrade. Therefore, per ISO/IEC 19790:2021 section 7.6.1, requirements for this section are not applicable. NetScaler MPX ©2024 Cloud Software Group
7. Physical Security As a multi-chip standalone hardware module, the module includes an enclosure composed of hard, productiongrade, metal components necessary to meet FIPS 140-3 level 2 physical security requirements. The module enclosure completely encloses all of its internal components, and all integrated circuits are coated with commercial standard passivation. The MPX enclosure has removable front and back covers. Each cover is secured with screws and serialized tamperevident seals. Tamper-evident seals are applied at the factory to the modules to protect against unauthorized access to the module. When the module is received, the operator must confirm placement of all tamper-evident seals. Table 12
8. Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in ISO/IEC 19790:2021 Annex F. NetScaler MPX ©2024 Cloud Software Group
9. Sensitive Security Parameter Management
The module supports the keys and other SSPs listed in Table 13 and Table 14 below. Table 13
NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert # Keys CA Public Key [RSA public RSA - Imported in - Plaintext on disk No68 TLS certificate (PSP) key] (Cert. A3942) plaintext form via authentication Between 80 local console or in and 150 bits KTS-IFC encrypted form via 1024-bit RSA (Cert. A3942) TLS or SSH session / public keys are [ECDSA public exits the module in used for key] plaintext form signature Between 112 verification only and 256 bits DH Private Key [for SSH KAS-FFC-SSC Generated Never imported; - Plaintext in Reboot; Generation of (CSP) sessions] (Cert. A3943) internally via never exported volatile memory remove power; SSH, TLS, and IKE Between 112 Approved DRBG session shared secrets and 201 bits termination [for TLS sessions] Between 112 and 150 bits [for IKE sessions]
DH Public Key [for SSH KAS-FFC-SSC [for the module] [for the module] - Plaintext in Reboot; Generation of (PSP) sessions] (Cert. A3943) Generated Exits the module in volatile memory remove power; SSH, TLS, and IKE Between 112 internally via plaintext form session shared secrets and 201 bits Approved DRBG termination [for TLS [for a peer] sessions] Input in plaintext Between 112 form / and 150 bits Never exits the module [for IKE sessions]
ECDH Private Key Between 112 KAS-ECC-SSC Generated Never imported; - Plaintext in Reboot; Generation of (CSP) and 256 bits (Certs. A3942, A3943) internally via never exported volatile memory remove power; SSH and TLS Approved DRBG session shared secrets termination ECDH Public Key Between 112 KAS-ECC-SSC [for the module] [for the module] - Plaintext in Reboot; Generation of (PSP) and 256 bits (Certs. A3942, A3943, Generated Exits the module in volatile memory remove power; SSH and TLS A3944) internally via plaintext form session shared secrets Approved DRBG termination [for a peer] Input in plaintext form / Never exits the module RSA Private Key 112 or 128 RSA Generated Never imported; - Encrypted on disk N/A67 Generation of TLS (CSP) bits (Cert. A3942) internally via never exported (via KEK) shared secrets Approved DRBG RSA Public Key 112 or 128 RSA [for the module] [for the module] - Plaintext in No68 Generation of TLS (PSP) bits (Cert. A3942) Generated Exits the module in volatile memory shared secrets internally via plaintext form KTS-IFC Approved DRBG (Cert. A3942) [for a peer] Input in plaintext form / Never exits the module
68 NetScaler MPX detects modification of Public Security Parameters listed in this table.
NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert # Keys SSH Private Key [RSA private RSA Generated Exits the module in - Plaintext on disk CLI command Authentication (CSP) key] (Cert. A3942) internally via encrypted form as during SSH
112 or 128 Approved DRBG part of config session
bits ECDSA backup file negotiation; (Cert. A3942) RBA69 [ECDSA Authentication private key] for LDAP; GSLB Between 112 configuration and 256 bits sync SSH Public Key [RSA public RSA Generated Exits the module in - Plaintext in No68 Authentication (PSP) key] (Cert. A3942) internally via encrypted form as volatile memory during SSH
112 or 128 Approved DRBG part of config session
bits ECDSA backup file negotiation; RBA (Cert. A3942) Authentication [ECDSA public for LDAP; GSLB key] configuration Between 112 sync and 256 bits SSH Session Key Between 128 AES (CBC, CTR modes) - Never imported; Derived internally Plaintext in Reboot; Encryption and AES key (CBC and and 256 bits (Cert. A3942) never exported via SSH KDF volatile memory remove power; decryption of SSH CTR mode) session session packets (CSP) termination SSH Between 160 HMAC - Never imported; Derived internally Plaintext in Reboot; Authentication of Authentication and 512 bits (Cert. A3942) never exported via SSH KDF volatile memory remove power; SSH session Key session packets HMAC key termination (CSP) IKE/IPsec Pre- - - - input in plaintext Derived Plaintext in Reboot; Authentication shared key (PSK) form via local internally via volatile memory remove power; during IKE/IPsec (CSP) console / shared secret session session Exits the module in computation termination negotiation encrypted form as part of config [IKEv1 Only] backup file Derivation of the IKE/IPsec Session Keys and IKE/IPsec Authentication Keys IKE/IPsec Session Between 128 AES Generated Never imported; - Plaintext in Reboot; Encryption and Key and 256 bits (Cert. A3942) internally via IKE never exported volatile memory remove power; decryption of (AES key) KDF session IKE/IPsec session (CSP) termination packets IKE/IPsec Between 160 HMAC Derived internally Never imported; Derived internally Plaintext in Reboot; Authentication of Authentication and 512 bits (Cert. A3943) via IKE KDF never exported via IKE KDF volatile memory remove power; IKE/IPsec session Key session packets (HMAC key) termination (CSP) RDP Session Key 256 bits AES - Never exits the Key Derivation Plaintext in Reboot; Encryption and (CSP) (Cert. A3942) module volatile memory remove power; decryption of session RDP user and termination target information DFA Session Key 256 bits AES - Never exits the Key Derivation Plaintext in Reboot; DFA (CSP) (Cert. A3943) module volatile memory remove power; authentication to session the module termination
NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert # Keys TLS Private Key [RSA private RSA Generated Imported in Encrypted on disk N/A67 TLS (CSP) key] (Cert. A3942) internally via plaintext form via (via PEM key) authentication; Between 112 Approved DRBG local console or in and 150 bits ECDSA encrypted form via SAML (Cert. A3942) TLS or SSH session / authentication [ECDSA Exits the module in (RSA only); private key] encrypted form as Between 112 part of config OpenID and 256 bits backup file authentication (RSA only) TLS Session Key [AES key] AES - Never imported; Derived internally Plaintext in Reboot; Encryption and (CSP) 128 or 256 (Certs. A3942, A3943) never exported using the TLS Pre- volatile memory remove power; decryption of TLS bits Master Secret via session session packets AES (GCM mode) TLS KDF termination (Certs. A3942, A3943) [AES GCM key]
bits TLS Between 160 HMAC - Never imported; Derived internally Plaintext in Reboot; Authentication of Authentication and 384 bits (Certs. A3942, A3943) never exported using the TLS Pre- volatile memory remove power; TLS session Key Master Secret via session packets (HMAC key) TLS KDF termination (CSP) TLS Ticket 128 bits AES Generated Imported in - Reboot; Encryption and Encryption Key (Cert. A3943) internally via encrypted form via Plaintext in remove power; decryption of TLS (AES key) Approved DRBG TLS session / Never volatile memory session session tickets (CSP) exits the module termination TLS Ticket 256 bits HMAC Generated Imported in - Computes the Authentication (Certs. A3942, A3943) internally via encrypted form via Plaintext in Reboot; digest of TLS Key Approved DRBG TLS session / Never volatile memory remove power; session tickets (HMAC key) exits the module session (CSP) termination SNMPv3 Privacy 128 bits AES - Never imported; Derived internally Plaintext in Reboot; Encryption and Key (Cert. A3942) never exported via SNMP KDF volatile memory remove power; decryption of (AES key) session SNMPv3 packets (CSP) termination SNMPv3 160 bits HMAC - Never imported; Derived internally Plaintext in Reboot; Authentication of Authentication (Cert. A3942) never exported via SNMP KDF volatile memory remove power SNMPv3 packets Key (HMAC key) (CSP) Public DNS KSK Between 112 RSA Generated Imported in - Plaintext on disk No68 Public DNS ZSK (RSA public key) and 150 bits (Cert. A3942) internally via encrypted form via authentication (PSP) Approved DRBG SSH session / Exits the module in plaintext form as part of config backup file Private DNS KSK Between 112 RSA Generated Imported in - Encrypted on disk N/A67 Public DNS ZSK (RSA private key) and 150 bits (Cert. A3942) internally via encrypted form via (via PEM key) signature (CSP) Approved DRBG SSH session / Exits generation the module in encrypted form as part of config backup file Public DNS ZSK Between 112 RSA Generated Imported in - Plaintext on disk No68 DNS zone (RSA public key) and 150 bits (Cert. A3942) internally via encrypted form via authentication (PSP) Approved DRBG SSH session / Exits the module in plaintext form as part of config backup file NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function and Generation Import / Export Establishment Storage Zeroization Use & Related Name/Type Cert # Keys Private DNS ZSK Between 112 RSA Generated Imported in - Encrypted on disk N/A67 DNS zone (RSA private key) and 150 bits (Cert. A3942) internally via encrypted form via (via PEM key) signature (CSP) Approved DRBG SSH session / Exits generation the module in encrypted form as part of config backup file *Keys derived from the PBKDF function are only used for storage applications. Table 14
70 The indicators provided by zeroization methods specified in this column are implicit as the normal, non-error, status output of the function performing
71 In compliance with TLS 1.2 GCM Cipher Suites for TLS and Section 8.2.1 of NIST SP 800-38D
NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization70 Use &Related Name/Type and Cert. Number Keys TLS Extended - TLS KDF - Never exits the Derived Plaintext in Reboot; Derivation of Master Secret (Certs. A3942, module internally via volatile remove the TLS (CSP) A3943) TLS KDF memory power; Session Key session and TLS termination Authentication Key Hash DRBG - DRBG - Never exits the - Plaintext in Reboot; Entropy input Entropy (Cert. A3943) module volatile remove power for Hash DRBG (CSP) memory Hash DRBG - DRBG Generated Never exits the - Plaintext in Reboot; Seed material Seed (Cert. A3943) internally via module volatile remove power for Hash DRBG (CSP) Approved DRBG memory Hash DRBG ‘V’ - DRBG Generated Never exits the - Plaintext in Reboot; Internal state Value (Internal (Cert. A3943) internally via module volatile remove power value used state value) Approved DRBG memory with Hash (CSP) DRBG Hash DRBG ‘C’ - DRBG Generated Never exits the - Plaintext in Reboot; Internal state Value (Cert. A3943) internally via module volatile remove power value used (Internal state Approved DRBG memory with Hash value) DRBG (CSP) CTR DRBG - DRBG Generated Never exits the - Plaintext in Reboot; Entropy input Entropy (Cert. A3942) internally via module volatile remove power for CTR DRBG (CSP) CPU Jitter memory Entropy Source CTR DRBG - DRBG Generated Never exits the - Plaintext in Reboot; Seed material Seed (Cert. A3942) internally via module volatile remove power for CTR DRBG (CSP) Approved DRBG memory CTR DRBG ‘V’ - DRBG Generated Never exits the - Plaintext in Reboot; Internal state Value (Cert. A3942) internally via module volatile remove power value used (CSP) Approved DRBG memory with CTR DRBG CTR DRBG - DRBG Generated Never exits the - Plaintext in Reboot; Internal state ‘Key’ Value (Cert. A3942) internally via module volatile remove power value used (AES key) Approved DRBG memory with CTR DRBG (CSP) SNMPv3 - - - Input in plaintext - Encrypted on N/A67 Derivation of Privacy form via local disk (via KEK) the SNMPv3 Passphrase console or in Privacy Key (Alphanumeric encrypted form string) (CSP) via TLS or SSH session / Exits the module in encrypted form as part of config backup file SNMPv3 - - - Input in plaintext - Encrypted on N/A67 Derivation of Authentication form via local disk (via KEK) the SNMPv3 Passphrase console or in Authentication (Alphanumeric encrypted form Key string) (CSP) via TLS or SSH session / Exits the module in encrypted form as part of config backup file LDAP Admin - - - Input in plaintext - Encrypted on N/A67 Used to bind Password form via local disk (via KEK) to the LDAP (Alphanumeric console or in server string) (CSP) encrypted form via TLS or SSH session / Exits the module in encrypted form as part of config backup file NetScaler MPX ©2024 Cloud Software Group
Key/SSP Strength Security Function Generation Import/Export Establishment Storage Zeroization70 Use &Related Name/Type and Cert. Number Keys RDP PSK - KBKDF - Input in plaintext - Encrypted on N/A67 (Shared secret) (Cert. A3943) form via local disk (via KEK) Used as input (CSP) console or in to derive RDP encrypted form Session Key via TLS or SSH session / Exits the module in encrypted form as part of config backup file Oauth Client - - - Input in plaintext - Encrypted on N/A67 Oauth and Secret form via local disk (via KEK) Oauth IDP72 (Shared secret) console or in authentication (CSP) encrypted form to the module via TLS or SSH session / Exits the module in encrypted form as part of config backup file DFA Shared - KBKDF - Input in plaintext - Encrypted on N/A67 Used as input Secret (Cert. A3943) form via local disk (via KEK) to derive DFA (CSP) console or in Session Key encrypted form via TLS or SSH session / Exits the module in encrypted form as part of config backup file ZebOS Router - - - Input in plaintext Key Entry Encrypted on N/A67 Router Password form via local disk (via KEK) authentication (Alphanumeric console or in string) (CSP) encrypted form via TLS or SSH session / Exits the module in encrypted form as part of config backup file Cluster - - - Input in plaintext Key Entry Encrypted on N/A67 Used to Password form via local disk (via KEK) connect nodes (Alphanumeric console or in to the cluster string) (CSP) encrypted form coordinator via TLS or SSH session / Exits the module in encrypted form Operator - - - Input in plaintext Key Entry Plaintext in Reboot; Authenticate Password form via TLS or volatile remove power the operator (Alphanumeric SSH session / Exits memory to the module string) (CSP) the module in via an external encrypted form authentication service Firmware Load 2048 bits RSA (Cert. A3942) - Input in plaintext Key Entry Plaintext in Reboot; Used to verify Integrity Key volatile remove power the new (RSA public memory firmware load key) (PSP) All RSA and ECDSA keys at 2048 and 3072-bit modulus size are generated internally by the Netscaler Control Plane Cryptographic Library. All RSA and ECDSA keys at the 4096-bit modulus size are generated outside of the module and input either in plaintext form via local console or encrypted form via a TLS or SSH session.
NetScaler MPX ©2024 Cloud Software Group
AES GCM encryption is used in the context of the TLS 1.2 protocol. The module supports acceptable AES GCM cipher suites from section 3.3.1 of NIST SP 800-52r2 and meets the (key/IV) pair uniqueness requirements from NIST SP 800-38D. The mechanism for IV generation is compliant with RFC 5288 per scenario 1 in FIPS 140-3 IG C.H. The counter portion of the IV is strictly increasing. The nonce explicit part of the IV does not exhaust the maximum number of possible values for a given session key. This condition is implicitly ensured by the design of the TLS protocol, in which the nonce_explicit is denied exhaustion by the control exerted by the protocol’s (and hence also the module’s) management logic (wherein the nonce_explicit is incremented per each TLS record). This management logic also implies that the probability of an exhaustion of all 264 - 1 values of the nonce_explicit for the same TLS session in a realistic time frame is not significant.
The following table specifies the module’s entropy sources. Table 15
10. Self-Tests Both pre-operational and conditional self-tests are performed by the module. Pre-operational tests are performed between the time the cryptographic module is powered up and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions.
The module performs the following pre-operational self-test(s):
The module performs the following conditional self-tests:
NetScaler MPX ©2024 Cloud Software Group
If the module fails the pre-operational integrity test, the module enters a critical error state and logs an error message. In this state, the boot sequence and entire system is halted. The only action available from this state is to reboot the module to trigger the re-execution of the integrity test. The error condition is considered to have been cleared if the module successfully passes the pre-operational integrity test. If the module continues to return to a halted state, the module is considered to be malfunctioning or compromised, and Cloud Customer Support must be contacted. If the module enters the critical error state due to a failure of any of the conditional CASTs, cryptographic operations are halted, and the module inhibits all data output from the module. The module logs an error message and automatically reboots to clear the error state. The CO must contact Cloud Software Group if this error occurs. The successful completion or failure of the pre-operational self-tests and conditional CASTs can be verified by checking the log files.
11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:
The module is shipped to the customer in a non-configured state. The CO is responsible for all initial setup activities, including installing and configuring the module firmware. Prior to the installation, the CO should read the document entries within the Citrix ADC 13.1
Tamper-evident seals are applied at the factory to the modules to protect against unauthorized access to the module. When the module is received, the operator must confirm placement of all tamper-evident seals. The MPX 89xx FIPS will have a total of four (4) tamper-evident seals installed.
Figure 9
Figure 13
Figure 17
For detailed guidance regarding the installation of the module, please see the Citrix ADC 13.1
ADC licensing overview webpage on Citrix’s online product documentation portal. Once the license files are installed, reboot the module so all licenses are applied.
After the appliance has been setup, the CO is responsible for the general configuration of the module. The Web GUI or CLI can be used for the general configuration of the module. All general configuration must be complete before performing configuration necessary to place the module in a Approved mode of operation. The general configuration requirements and instructions are described in the “Quick Start Installation and Configuration” section of the Citrix ADC Deployment Guide found on Citrix’s online product documentation portal.
The CO is responsible for the security-relevant configuration of the module. To initialize the module for Approved mode of operation, the CO must:
Passphrases are used to derive keys using PBKDF. The CO must configure strong passphrase requirements. This is accomplished with the following steps from the Web GUI:
By default, the module includes a factory-provisioned RSA certificate for TLS connections (ns-server.cert and ns-server.key). This certificate is not intended for use in production deployments and must be replaced. The CO must replace the default certificate with a newly-generated certificate after the initial installation. To replace the default TLS certificate, the CO must follow these steps:
• In the SSL Certificates section, click the Create Certificate Request link. • Make sure to provide values for all the required fields marked with an “*” and then click Create. Note that the Common Name field will contain the value of hostname created in step 1 above.
The CO protects traffic to the administrative interface and Web GUI, by configuring the module to use HTTPS74. Once the module has been configured to use new TLS and SSH certificates, disable HTTP access to the GUI management interface with the following CLI command: set ns ip <NSIP> -gui SECUREONLY
The nsroot account is a default account with root CLI access (superuser) privileges that is required for initial configuration. During initial configuration, the CO shall disable local system authentication to block access to all local accounts (including the nsroot account), and the CO must ensure that superuser privileges are not assigned to any user account. To disable local system authentication and enable external system authentication, the CO must run the following CLI command: set system parameter -localauth disabled
Once the module is configured in Approved mode and the nsroot account is disabled, then external authentication must be configured. Follow the instructions on the Citrix ADC 13.1
NetScaler MPX ©2024 Cloud Software Group
No additional startup steps are required to be performed by end-users.
Once installed and configured, the Crypto Officer is responsible for maintaining and monitoring the status of the module to ensure that it is running in its Approved mode. Please refer to this section for guidance that the Crypto Officer must follow to ensure that the module is operating in a Approved manner.
Although pre-operational self-tests are performed automatically during module power up, they can also be manually launched on demand. Self-tests can be executed by:
There are many CSPs within the module’s cryptographic boundary including symmetric keys, private keys, public keys, and passphrases. CSPs reside in multiple storage media including the RAM and system memory. All ephemeral keys are zeroized on module reboot, power removal, or session termination. The KEK is stored as plaintext in non-volatile memory. Zeroizing the KEK renders all passphrases and passwords stored in the non-volatile memory unrecoverable, effectively zeroizing them. The KEK is zeroized via the following CLI command: rm system csps -type KEK SSH private keys are stored as plaintext in non-volatile memory. SSH private keys are zeroized via the following CLI command: rm system csps -type SSH_HOST_KEYS The output (indicator) of both zeroization commands above is successful return from the command line without any error showing on the console. If the commands fails, an error will show on the console before returning control to the user. After the module’s integrity test is complete the firmware clears out all values when the signature verification operation is complete (zeroizes temporary values used in the integrity test). NetScaler MPX ©2024 Cloud Software Group
The CO shall be responsible for regularly monitoring the module’s status for the Approved mode of operation. When configured according to the CO’s guidance, the module only operates in the Approved mode. Thus, the current status of the module when operational is always in the Approved mode. An operator can view the versioning information by:
This section notes additional policies below that must be followed by COs:
NetScaler MPX ©2024 Cloud Software Group
Operators with the User role do not have the ability to configure sensitive information on the module. They must be diligent to select strong passwords and must not reveal their password to anyone. Additionally, they must be careful to protect any secret or private keys in their possession. NetScaler MPX ©2024 Cloud Software Group
12. Mitigation of Other Attacks The module does not claim to mitigate any attacks beyond the FIPS 140-3 Level 2 requirements for this validation. Therefore, per ISO/IEC 19790:2021 section 7.12, requirements for this section are not applicable. NetScaler MPX ©2024 Cloud Software Group
Appendix A. Acronyms and Abbreviations Table 16 provides definitions for the acronyms and abbreviations used in this document. Table 16
Term Definition FFC Finite Field Cryptography FIPS Federal Information Processing Standard GCM Galois/Counter Mode GSLB Global Server Load Balancing GMAC Galois Message Authentication Code GPC General-Purpose Computer GUI Graphical User Interface HMAC (keyed-) Hash Message Authentication Code HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol IKE Internet Key Exchange KAS Key Agreement Scheme KAS-SSC Key Agreement Scheme-Shared Secret Computation KAT Known Answer Test KDF Key Derivation Function KEK Key Encryption Key KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding LDAP Lightweight Directory Access Protocol LOM Lights Out Management MD5 Message Digest 5 MLE Medium and Large Enterprise MODP Modular Exponentiation NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology NTP Network Time Protocol OID Object Identifier OS Operating System PBKDF Password Based Key Derivation Function PCT Pairwise Consistency Test PEM Privacy-Enhanced Mail PKCS Public Key Cryptography Standard PSK Pre-shared Key PSS Probabilistic Signature Scheme PUB Publication NetScaler MPX ©2024 Cloud Software Group
Term Definition RBA Role Based Authentication RDP Remote Desktop Protocol REST Representational State Transfer RNG Random Number Generator RSA Rivest, Shamir, and Adleman SAML Security Assurance Markup Language SHA Secure Hash Algorithm SME Small and Medium Enterprise SHS Secure Hash Standard SNMP Simple Network Management Protocol SP Special Publication SQL Structured Query Language SSL Secure Sockets Layer TCP Transmission Control Protocol TGS Ticket Granting Service TLS Transport Layer Security UDP User Datagram Protocol URL Uniform Resource Locator XML eXtensible Markup Language NetScaler MPX ©2024 Cloud Software Group
Prepared by: Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com