| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software-hybrid |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 11/12/2029 |
| Caveat | Interim validation. When operated with module Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 validated to FIPS 140-3 under Cert. #4775 operating in approved mode, and module Junos® OS Evolved Kernel Cryptographic Module version 2.0 validated to FIPS 140-3 under Cert. #4776, operating in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy |
| Vendor | Juniper Networks, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-GCM | A4089 |
| AES-GCM | A4089 |
| HMAC-SHA2-256 | A4246 |
| HMAC-SHA2-256 | A4247 |
| HMAC-SHA2-256 | A4248 |
| HMAC-SHA2-256 | A4249 |
flowchart LR
%% Deterministic review-risk graph for Juniper Express 4 MACsec Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status Output<br/>Show status<br/>Self-test</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>library named: openssl<br/>library named: nss</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Juniper Express 4 MACsec Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status Output<br/>Show status<br/>Self-test</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>library named: openssl<br/>library named: nss</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Juniper Express 4 MACsec Cryptographic Module Software version: 1.0 Hardware version: JTAG ID 20611361 Version 1.1 Last update: 2024-10-10 Prepared by: Prepared for: atsec information security corporation Juniper Networks, Inc.
4516 Seton Center Parkway, Suite 250 1133 Innovation Way
Austin, TX 78759 Sunnyvale, CA 94089 www.atsec.com www.juniper.net © 2024 Juniper Networks, Inc. / atsec information security 1
Juniper Express 4 MACsec Cryptographic Module Table of Contents
2.5.3 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security
© 2024 Juniper Networks, Inc. / atsec information security 2
Juniper Express 4 MACsec Cryptographic Module © 2024 Juniper Networks, Inc. / atsec information security 3
Juniper Express 4 MACsec Cryptographic Module List of Tables List of Figures © 2024 Juniper Networks, Inc. / atsec information security 4
Juniper Express 4 MACsec Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for the Juniper Express 4 MACsec Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 software-hybrid module. This Security Policy has a one-to-one mapping to the [SP 800-140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. including this notice. Other documentation is proprietary to their authors.
In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
The following sections describe the cryptographic module and how it conforms to the FIPS 140-3 specification in each of the required areas. ISO/IEC 24759 Section 6. FIPS 140-3 Section Title Security Level [Number Below]
1 General 1
2 Cryptographic Module Specification 1
3 Cryptographic Module Interfaces 1
4 Roles, Services and Authentication 1
5 Software/Firmware Security 1
6 Operational Environment 1
7 Physical Security 1
8 Non-invasive Security N/A
9 Sensitive Security Parameter Management 1
10 Self-Tests 1
11 Life-cycle Assurance 1
12 Mitigation of Other Attacks N/A
Overall Security Level 1 Table 1 - Security Levels © 2024 Juniper Networks, Inc. / atsec information security 5
Juniper Express 4 MACsec Cryptographic Module
The Juniper Express 4 MACsec Cryptographic Module (hereafter referred to as “the module”) is a software-hybrid module. The module is composed by the MACsec blocks in hardware (contained in the Juniper Networks® Express 4 processor), which provides the AES GCM and XPN algorithm implementations for encrypting and decrypting MACsec traffic, and a device driver in software, which provides the functionality to comply with FIPS 140-3 requirements (i.e. integrity test, self-tests), as well as the API to configure the hardware component. The module is also bound to the following cryptographic modules:
The diagram below shows the components that comprise the cryptographic module (in yellow), its cryptographic boundary (enclosed by dotted blue boxes) , and the interfaces with the operational environment. Figure 1
Table 2 below enumerates the components that comprise the module with their versions and their location in the target platform. © 2024 Juniper Networks, Inc. / atsec information security 6
Juniper Express 4 MACsec Cryptographic Module Component Version Components Description Type Software 1.0 /usr/lib64/libmacsecv2.so MACsec device driver shared library. /usr/lib64/.libmacsecv2.so.hmac Integrity check HMAC value for the shared library. Hardware JTAG ID Juniper Express 4 MACsec blocks MACsec blocks are part of the Juniper
20611361 Express 4 processor. Each MACsec block
implements AES GCM and AES XPN encryption and decryption. Table 2
The module has been tested on the following platforms with the corresponding module variants and configuration options: # Operating System Hardware Platform Processor PAA/Acceleration
1 Junos® OS Juniper Networks® Packet Intel® Xeon® Not applicable
Evolved 22.4 Transport Router Model D-2163IT PTX10001-36MR Table 3
The module supports only the approved mode of operation. When the module starts up successfully, after passing all the pre-operational self-tests and conditional cryptographic algorithm self-tests (CASTs), the module is operating in the approved mode of operation. The module does not implement a degraded mode of operation.
Table 4 below lists all security functions of the module, including specific strengths employed for approved services. CAVP Cert Algorithm and Mode / Method Description / Key Size(s) / Use Standard Key Strength(s) #A4089 AES GCM with external IV 128, 256-bit keys with key Symmetric encryption [FIPS197], strength of 128 or 256 bits Symmetric decryption [SP800-38D] © 2024 Juniper Networks, Inc. / atsec information security 7
Juniper Express 4 MACsec Cryptographic Module CAVP Cert Algorithm and Mode / Method Description / Key Size(s) / Use Standard Key Strength(s) #A4089 AES XPN with external IV 128, 256-bit keys with key Symmetric encryption [FIPS197], and salt strength of 128 or 256 bits Symmetric decryption [IEEE 802.1AE] Table 4
The module does not implement non-approved algorithms allowed in the approved mode of operation.
2.5.3 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security
Claimed The module does not implement non-approved algorithms.
The module does not implement non-approved algorithms. © 2024 Juniper Networks, Inc. / atsec information security 8
Juniper Express 4 MACsec Cryptographic Module
Ports and interfaces implemented are shown in the following table. The Control Output interface is omitted because the module does not implement it. Network ports and the power supply port correspond to the Juniper Express 4 processor where the MACsec blocks are contained. All data output via data output interface is inhibited when the module is performing self-tests or zeroization, or when the module is in the error state. Logical Interface Physical Port Data that passes over port/interface Data Input Network ports Decrypted/encrypted data received from network ports, API input parameters for data input. Data Output Network ports Encrypted/decrypted data sent to network ports. Control Input None API function calls, API input parameters for control input. Status Output None API return codes, API output parameters for status output. Power Input Power supply port N/A Table 6
Juniper Express 4 MACsec Cryptographic Module
The module supports the Crypto Officer role only. This sole role is implicitly assumed by the operator of the module when performing a service. The module does not support concurrent operators. Role Service Input Output Crypto Symmetric encryption for Plaintext, AES key, Secure Ciphertext, Authentication Tag Officer AES-128-GCM Channel Identifier (SCI), Packet (CO) AES-256-GCM Number (PN) Symmetric decryption for Ciphertext, AES key, Secure Plaintext AES-128-GCM Channel Identifier (SCI), Packet AES-256-GCM Number (PN), Authentication Tag Symmetric encryption for Plaintext, AES key, Short Secure Ciphertext, Authentication Tag AES-128-XPN Channel Identifier (SSCI), Packet AES-256-XPN Number (PN), salt Symmetric decryption for Ciphertext, AES key, Short Plaintext AES-128-XPN Secure Channel Identifier (SSCI), AES-256-XPN Packet Number (PN), salt, Authentication Tag Show module name and version None Module name and version Show status None Return codes and/or log messages Self-tests None Pass/fail Zeroization Port group ID Pass/fail Table 7
The module does not implement authentication.
The module only provides approved services, which are shown in Table 8.
The module provides an approved service indicator as specified in the “Indicator” column in Table 8.
The table below shows the services available in the Approved mode. For each service, the table lists the associated cryptographic algorithm(s), the role to perform the service, the cryptographic keys or SSPs involved, and their access type(s). The following convention is used to specify access rights to an SSP:
Juniper Express 4 MACsec Cryptographic Module
The module does not implement non-approved services. © 2024 Juniper Networks, Inc. / atsec information security 11
Juniper Express 4 MACsec Cryptographic Module
The integrity of the module is ensured with the HMAC-SHA-256 value stored in the corresponding /usr/lib64/.libmacsecv2.so.hmac file that is computed at build time for the shared library. During PreOperational Self-Tests, the module invokes the fips_chk_hmac utility provided by the bound Kernel module (and whose cryptographic functionality is provided by the bound OpenSSL module) to calculate the HMAC value of the shared library, and then compares it with the prestored value. If the two HMAC values do not match, the test fails and the module enters the error state. The integrity of the fips_chk_hmac utility itself is performed before the integrity tests of the module, and ensured with the HMAC-SHA2-256 value stored in the corresponding .hmac file that is computed at build time of the utility. The fips_chk_hmac utility calculates the HMAC value, and then compares it with the prestored value. If the two HMAC values do not match, the test fails and the module enters the error state.
Integrity tests are performed as part of the Pre-Operational Self-Tests, and can be invoked by powering-off and reloading the module which cause the module to run the power-up tests again.
The module consists of the device driver that controls the Juniper Express 4 MACsec blocks, in the form of a shared library as stated in Table 2. © 2024 Juniper Networks, Inc. / atsec information security 12
Juniper Express 4 MACsec Cryptographic Module
The module operates in a modifiable operational environment per FIPS 140-3 level 1 specifications. The module runs on a commercially available general-purpose operating system executing on the hardware specified in Table 3.
The module shall be installed as stated in Section 11 . If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. The module does not support concurrent operators . The module does not have the capability of loading software or firmware from an external source. Instrumentation tools like the ptrace system call, gdb and strace utilities, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-tested operational environment. © 2024 Juniper Networks, Inc. / atsec information security 13
Juniper Express 4 MACsec Cryptographic Module
The Juniper Express 4 processor (an ASIC silicon) is the hardware that contains the MACsec blocks that constitute the hardware component of the module. The embodiment of the chip is a single chip consisting of production-grade components. The coating is a standard sealing coat applied over the single chip. The module provides no additional physical security techniques. Figure 2 - Juniper Express 4 processor The module inherits the physical characteristics of the host running it. Figure 3 illustrates the Juniper Networks® Packet Transport Router Model PTX10001-36MR that represents the testing platform and includes the hardware component of the cryptographic module. The router includes three Juniper Express 4 ASIC chips to provide forwarding traffic and supporting MACsec for its 36 multi-rate ports. Figure 3 - Packet Transport Router Model PTX10001-36MR © 2024 Juniper Networks, Inc. / atsec information security 14
Juniper Express 4 MACsec Cryptographic Module
The module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2024 Juniper Networks, Inc. / atsec information security 15
Juniper Express 4 MACsec Cryptographic Module
Table 9 summarizes the Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. Key /SSP Strengt Security Generatio Import /export Establish Storag Zeroization Use & Name/Ty h Function n ment e Related pe and Cert. Keys Number AES key 128, AES-GCM, N/A Import: CM from N/A MACse macsecv2_dr Use:
256 bits AES-XPN TOEPP Path. c block v_port_tx_sa_ Symmetric
#A4089 Passed into the registe delete encryption; module via API rs Symmetric parameters in decryption; plaintext (P) Related form. SSPs: N/A Export: N/A Table 9 - SSPs
The module does not provide this security function.
The module does not implement any SSP generation methods.
The module does not support any approved key agreement methods.
The module does not support any key transport methods.
The module only supports SSP entry from the calling application running on the same operational environment. This corresponds to manual distribution, electronic entry/output (“CM Software to/from App via TOEPP Path”) per FIPS 140-3 IG 9.5.A Table 1. There is no entry of cryptographically protected SSPs. The module does not output any SSPs.
The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in RAM for the device driver and registers for the Juniper Express 4 MACsec blocks. SSPs are provided to the module by the calling process and are destroyed when released by the appropriate zeroization function calls.
The RAM occupied by SSPs is allocated by regular memory allocation operating system calls. The module calls internally the appropriate zeroization functions (i.e. memset) to zeroize any intermediate values used to configure the MACsec blocks and before returning to the calling application. The © 2024 Juniper Networks, Inc. / atsec information security 16
Juniper Express 4 MACsec Cryptographic Module zeroization functions overwrite the memory occupied by SSPs with “zeros” and deallocate the memory with the regular memory deallocation operating system call. The module also zeroizes the registers when the MACsec block is no longer used when the macsecv2_drv_port_tx_sa_delete() function is invoked. The completion of this function will indicate that the zeroization of the SSPs included in the MACsec block finished successfully. © 2024 Juniper Networks, Inc. / atsec information security 17
Juniper Express 4 MACsec Cryptographic Module
The module performs the pre-operational and conditional cryptographic algorithms self-tests automatically when the module is loaded into memory. These self-tests ensure that the module is not corrupted and that the cryptographic algorithms work as expected. While the module is executing the pre-operational and the conditional cryptographic algorithms self-tests, services are not available, and input and output are inhibited. The module is not available for use by the calling application until the self-tests are completed successfully. If any of the self-tests fails, an error message is returned and the module transitions to error state. See Section 10.4 for descriptions of possible self-test errors and recovery procedures.
The module performs a pre-operational software integrity test automatically when the module is powered on before the module transitions into the operational state. The details on the integrity test are specified in Section 5.1.
Table 10 lists the cryptographic algorithm self-tests (CASTs). The CASTs for the integrity mechanism are performed by the bound Kernel module, which provides that functionality. The details of the integrity test are provided in Section 5.1. Each KAT includes comparison of the calculated output with the expected known answer, hard coded as part of the test vectors used in the test. Data output through the data output interface is inhibited during the self-tests. If the values do not match, the KAT fails and the module transitions to the error state. Algorithm Power-Up Tests AES
The module does not perform any pairwise consistency test.
On-demand self-tests can be invoked by powering-off and reloading the module which cause the module to run the pre-operational and conditional cryptographic algorithms self-tests.
When the module fails any pre-operational self-test, the module will enter the Error state. Any further cryptographic operation is inhibited. The calling application can obtain the module state by calling the macsecv2_drv_fips_kat_ok() and the macsecv2_drv_integrity_chk_ok() API functions. The function will return a boolean code indicating whether the CAST or the integrity tests passed or failed. © 2024 Juniper Networks, Inc. / atsec information security 18
Juniper Express 4 MACsec Cryptographic Module The Crypto Officer can recover from the Error state by restarting the hardware platform on which the module is running. Error State Cause of Error Status Indicator Error state Failure of CAST macsecv2_drv_fips_kat_ok() function returns false. Failure of integrity tests macsecv2_drv_integrity_chk_ok() function returns false. Table 11 - Error States © 2024 Juniper Networks, Inc. / atsec information security 19
Juniper Express 4 MACsec Cryptographic Module
The binary of the module is contained in the base Junos Evolved installation image. The Crypto Officer shall follow this Security Policy to configure the operational environment and install the module to be operated as a FIPS 140-3 validated module.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory.
The module is already pre-installed on the image file (junos-evo-install-ptx-fixed-x86-64-22.4R2.11S1-EVO.iso). The crypto officer is responsible to verify the correct installation of the module by executing the following command: show macsec drv version Verify that the command returns the following name and version of the software and hardware components of the module, which matches the versions shown in Table 2: Junos OS Evolved MACsec Cryptographic Driver Library, version 1.0 : ASIC JTAG ID 20611361
The AES GCM IV generation is compliant with IEEE 802.1AE and shall only be used for the MACsec protocol to be compliant with [FIPS140-3_IG] IG C.H, provision 1.c (“MACsec protocol IV generation”). The module is part of the Juniper Packet Transport Router Model PTX10001-36MR, which supports MACsec using static connectivity association key (CAK) security mode. In this mode, a pre-shared key (PSK) is exchanged between the devices on each end of the point-to-point Ethernet link. Each appliance plays the role of either the Peer or the Authenticator in the context of the MACsec protocol. No authentication server is involved. When supporting the MACsec protocol in the approved mode, the module should only be used together with the same appliance or other appliances that are also FIPS 140-3 validated and operating in the approved mode. In addition, the link between the Peer and the Authenticator should be secured to prevent the possibility for an attacker to introduce foreign equipment into the local area network. In line with the MACsec protocol, the IV has a length of 96 bits and it is constructed externally by concatenating:
Juniper Express 4 MACsec Cryptographic Module
The module does not implement any mitigation mechanism. © 2024 Juniper Networks, Inc. / atsec information security 21
Juniper Express 4 MACsec Cryptographic Module
AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions API Application Program Interface CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CMVP Cryptographic Module Validation Program CSP Critical Security Parameter ECB Electronic Code Book EE Electronic Entry FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code IG Implementation Guidance KAT Known Answer Test MD Manual Distribution NIST National Institute of Science and Technology PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test SHA Secure Hash Algorithm SCI Secure Channel Identifier SSCI Short Secure Channel Identifier TOEPP Tested Operational Environment’s Physical Perimeter XPN Extended Packet Number © 2024 Juniper Networks, Inc. / atsec information security 22
Juniper Express 4 MACsec Cryptographic Module
IEEE-802.1AE IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Security https://1.ieee802.org/security/802-1ae December 2018 FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program October 2022 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf KERNEL-SP Junos® OS Evolved Kernel Cryptographic Module version 2.0 - FIPS 140-3 NonProprietary Security Policy August 2023 https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/security-policies/140sp4776.pdf OPENSSL-SP Junos® OS Evolved OpenSSL Cryptographic Module version 3.0.8 - FIPS 140-3 August 2023 https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validationprogram/documents/security-policies/140sp4775.pdf SP800-38Arev1 NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2024 Juniper Networks, Inc. / atsec information security 23
Juniper Express 4 MACsec Cryptographic Module © 2024 Juniper Networks, Inc. / atsec information security 24