All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Commvault Crypto Library

Certificate#4989StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCommvault Systems, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 16 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date3/17/2027
CaveatInterim Validation. When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
VendorCommvault Systems, Inc.

Approved Algorithms (13)

AlgorithmACVP Cert
AES-CBC-CS2A2412
AES-ECBA2412
Counter DRBGA2412
HMAC-SHA-1A2412
HMAC-SHA2-256A2412
HMAC-SHA2-512A2412
RSA KeyGen (FIPS186-4)A2412
RSA SigGen (FIPS186-4)A2412
RSA SigVer (FIPS186-2)A2412
RSA SigVer (FIPS186-4)A2412
SHA-1A2412
SHA2-256A2412
SHA2-512A2412

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Commvault Crypto Library
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>self-test<br/>Status output<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Commvault Crypto Library
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>self-test<br/>Status output<br/>Show Status</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Commvault Systems, Inc. Commvault Crypto Library Software Version: 3.0 FIPS 140-3 Non-Proprietary Security Policy Level 1 Validation November 2024 Prepared by: www.acumensecurity.net Public Material

Page 2
Table of Contents
#SectionPage
Page 3

1. General Introduction Federal Information Processing Standards Publication 140-3

Page 4

This document describes the cryptographic module security policy for the Commvault Crypto Library (also referred to as the “module” hereafter) with software version 3.0 from Commvault Systems, Inc. The module type is software and has a multi-chip standalone embodiment. It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard. The following table lists the level of validation for each area in FIPS 140-3: ISO/IEC 24759 FIPS 140-3 Section Title Security Level Section 6. [Number Below]

1 General 1
2 Cryptographic module specification 1
3 Cryptographic module interfaces 1
4 Roles, services, and authentication 1
5 Software/Firmware security 1
6 Operational environment 1
7 Physical security N/A
8 Non-invasive security N/A
9 Sensitive security parameter management 1
10 Self-tests 1
11 Life-cycle assurance 1

12 Mitigation of other attacks N/A

Table 1

Page 5

2. Cryptographic module specification The tested platforms are as follows: # Operating System Hardware Processor PAA/Acceleration Platform

1 Microsoft Windows Server 2019 Fujitsu RX2530 M5 Intel Xeon R Silver 4208 With AES-NI

2 Microsoft Windows Server 2019 Fujitsu RX2530 M5 Intel Xeon R Silver 4208 Without AES-NI

3 Red Hat Enterprise Linux 8.4 Fujitsu RX2530 M5 Intel Xeon R Silver 4208 With AES-NI

4 Red Hat Enterprise Linux 8.4 Fujitsu RX2530 M5 Intel Xeon R Silver 4208 Without AES-NI

Table 2

1 Red Hat Enterprise Linux 8.5 Fujitsu RX2530 M5 with Intel Xeon Platinum 8370C

2 Red Hat Enterprise Linux 8.6 Fujitsu RX2530 M5 with Intel Xeon Platinum 8370C

3 Oracle Linux 8.5 Fujitsu RX2530 M5 with Intel Xeon Platinum 8370C

4 Oracle Linux 8.6 Fujitsu RX2530 M5 with Intel Xeon Platinum 8370C

5 Microsoft Windows Server 2022 Fujitsu RX2530 M5 with Intel Xeon Platinum 8370C

Table 3

256 CTR_DRBG algorithms in the approved mode. The module type is software and has a multichip

stand-alone embodiment. Commvault Crypto Library is packaged as a dynamic (shared) software module exporting the cryptographic API to any software that supports C calling conventions. The cryptographic module’s operational environment is a modifiable operational environment. The cryptographic boundary of the software module consists of cvcl.dll and libcvcl.so, per the image in Figure 1. No components have been excluded from the cryptographic boundary of the module. Public Material

Page 6

Figure 1

Page 7

General Purpose Computing Platform Figure 2

Page 8

The module claims an overall Security Level of

  1. The module does not implement any non-invasive security mitigations or mitigations of other attacks and thus the requirements per these sections are not applicable. Modes of operation The module supports both an approved and non-approved mode of operation. Both modes of operation are determined by this security policy, as the module does not enforce the rules associated with each mode. It is the responsibility of the caller to ensure that only approved algorithms and services are utilized. The module provides an indicator for each available algorithm, which specifies whether the algorithm is approved or non-approved. The module must always be zeroised when switching between the approved mode of operation and the non-approved mode of operation and vice-versa. Approved mode To use the module in the approved mode, it must be installed and operated in accordance with the rules described in this section. After the module initializes, all services are available to the user, and it is the user’s responsibility to only call approved or allowed services to ensure the module is operating in the approved mode of operation. Please see Section 11 of this document for secure setup and initialization requirements. Module security policy rules The module will operate in the approved mode only if approved cryptographic services are used. Since the module provides both approved and non-approved services, it is the application loading the module that is responsible to ensure that it is using only approved services. (Please refer to Table 9 for the list and classification of all module services.) For the Backup and Recovery user, the correct data encryption method should be selected in the properties of each of the client machines in the CommCell. Non-approved mode If non-approved cryptography and services are selected, the module will be operating in the nonapproved mode. These algorithms and services shall not be used when operating in the approved mode of operation. Degraded operation The module does not support a degraded mode of operation. Overall security rules of operation The module design corresponds to the security rules below. The term shall in this context specifically refers to a requirement for correct usage of the module in the Approved mode; all other statements indicate a security rule implemented by the module.
  2. Self-tests do not require any operator action. Public Material – May be reproduced only in its original entirety (without revision).
Page 9
  1. Data output is inhibited during SSP generation, self-test execution, zeroisation, and error states.
  2. Status information does not contain SSPs or sensitive data that if misused could lead to a compromise of the module.
  3. There are no restrictions on which SSPs are zeroised by the zeroisation service. Successful zeroisation (by either restart or function call procedure) for the operator is implicitly indicated by the successful completion of the procedural zeroisation service method.
  4. The module does not support a maintenance interface or role.
  5. The module does not output intermediate key values.
  6. The module does not output plaintext CSPs.
  7. The Crypto Officer shall retain control of the module while zeroisation is in process.
  8. From the perspective of the Backup and Recovery user, the correct data encryption method should be selected in the properties of each of the client machines in the CommCell. CAVP Algorithm and Description/Key Mode/Method Use/Function Cert 1 Standard Sizes/Key Strengths AES-CBC-CS2 Symmetric (FIPS 197, SP 800-38A, Key length: 128, 256 Encryption, A2412 AES-CBC-CS2 SP 800-38A bits Symmetric Addendum) Decryption Symmetric AES-ECB Key length: 128, 256 Encryption, A2412 AES-ECB (FIPS 197, SP 800-38A) bits Symmetric Decryption Counter DRBG Pseudo-Random A2412 Counter DRBG 256 bits (SP 800-90Ar1) Number Generation HMAC-SHA-1 Message A2412 HMAC-SHA-1 Key Length: 8-1024 bits (FIPS 198-1) Authentication HMAC-SHA2-256 Key Length: 8-1024 bits Message A2412 HMAC-SHA2-256 (FIPS 198-1) Authentication HMAC-SHA2-512 Message A2412 HMAC-SHA2-512 Key Length: 8-1024 bits (FIPS 198-1) Authentication There are algorithms, modes, and key/moduli sizes that have been CAVP-tested but are not used by any approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli shown in this table are used by an approved service of the module. Public Material – May be reproduced only in its original entirety (without revision).
Page 10

CAVP Algorithm and Description/Key Mode/Method Use/Function Cert 1 Standard Sizes/Key Strengths Modulo: 2048, 3072, RSA KeyGen RSA KeyGen Generate A2412 4096 bits with SHA2(FIPS186-4) (FIPS186-4) B.3.2 asymmetric key pairs RSA SigGen Modulo: 2048, 3072, RSA SigGen A2412 (FIPS186-4) ANSI 4096 bits with SHA2- Signature Generation (FIPS186-4) X9.31, PKCS v1.5 256, SHA2-512 Modulo: 1024, 2048, SigVer RSA SigVer 3072, 4096 bits with Legacy Signature A2412 [ANSI X9.31, (FIPS186-2) SHA-1, SHA2-256, SHA2- Verification PKCS v1.5] Modulo: 1024, 2048, RSA SigVer RSA SigVer 3072, 4096 bits with Signature A2412 (FIPS186-4) ANSI (FIPS186-4) SHA-1, SHA2-256, SHA2- Verification X9.31, PKCS v1.5 SHA-1 Message Length: 0A2412 SHA-1 Message Digest (FIPS 180-4) 65536 SHA2-256 Message Length: 0A2412 SHA2-256 Message Digest (FIPS 180-4) 65536 SHA2-512 Message Length: 0A2412 SHA2-512 Message Digest (FIPS 180-4) 65536 Symmetric key and asymmetric key seed generation in Vendor CKG accordance with SP Counter DRBG N/A Affirmed 2 (SP 800-133rev2) 800-133rev2 (Sections 4, 5.1, and 6.1) and IG D.H with B=U Table 4

Page 11

Triple-DES 3-ECB, CBC modes (non-compliant) Symmetric Data Encryption/Decryption Blowfish – ECB, CBC modes with 128/256-bit keys Symmetric Data Encryption/Decryption Serpent – ECB, CBC modes with 128/256-bit keys Symmetric Data Encryption/Decryption Twofish – ECB, CBC modes with 128/256-bit keys Symmetric Data Encryption/Decryption MD5 Message Digest Algorithm HMAC-MD5 Data Authentication Asymmetric Data Encryption/Decryption with 2048, Asymmetric Data Encryption/Decryption and RSA Key 3072, and 4096-bit keys and RSA 186-2 Key Pair Generation Generation GOST with 256-bit keys Symmetric Data Encryption/Decryption Table 5 – Non-Approved Algorithms Not Allowed in the Approved Mode of Operation

  1. Cryptographic module interfaces Data that passes over Physical port Logical interface 4 port/interface The API C calls that accept input N/A Data input interface data for processing through their arguments The API C calls that return by means of their return codes or N/A Data output interface arguments generated or processed data back to the caller The API C calls that are used to Control input interface N/A initialize and control the operation of the CVCL module The API C calls that are used to query the status of the CVCL module. Cvcl.log file where the N/A Status output interface status is being output to after completion of initialization and pre-operational self-tests Table 6 – Ports and Interfaces
  2. Roles, services, and authentication The module supports a Crypto Officer (CO) role. The maintenance role is not supported, nor is authentication. The module also does not support concurrent operators. The Crypto-Officer role is implicitly assumed, and the module does not provide an authentication mechanism for the supported role. The module relies on the underlying operating system to implement fine-grained access control. The OS authentication mechanisms should be enabled by the administrator of the OS. The Triple-DES algorithm was CAVP tested but does not comply with the requirements of IG C.G, so is therefore classified as a non-Approved algorithm. The module does not support a control output interface. Public Material – May be reproduced only in its original entirety (without revision).
Page 12

Role Service Input Output Initialization of the Process startup CVCL.log Crypto Officer module Power-on self-test Power-up Status Success/Error Entropy data Random bits Key Generation RSA modulus bits RSA object (asymmetric) (asymmetric) Key Zeroisation API Call None Show Status API Call State Show Version API Call Version Symmetric Data Plain/Cipher text, key Cipher/Plain text Encryption/Decryption Digest Algorithms Buffer Digest Message Authentication Digest Result Signature Message/Signature, key Signature, result Generation/Verification Pseudo-Random Number Entropy Buffer Generation Table 7

Page 13

Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSP’s and conditional known answer tests are run Return code: 7- Error state

6 – Not initialized
0 – Initialized

If the return code is none of the above, then self-tests completed successfully Key Generation Generation of

6 – Not initialized
0 - Initialized

Show Version Queries the version of N/A N/A CO N/A API: the module cvcl_get_version() Public Material

Page 14

Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSP’s Symmetric Data Encrypts or decrypts

1 - Approved, 0 –

Non-approved Digest Algorithms Generates a message

1 - Approved, 0 –

Non-approved Message Generates or verifies

1 - Approved, 0 -

Non-approved Public Material

Page 15

Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSP’s Signature Generates or verifies

1 - Approved, 0 -

Non-approved Pseudo-Random Generates random

1 - Approved, 0 –

Non-approved Table 9

Page 16

Service Description Algorithms Accessed Role Indicator Symmetric Data Encrypts or

0 – Non-approved

GOST with 256-bit keys Digest Algorithms Generates a

0 – Non-approved

Asymmetric Data Encrypts or

0 – Non-approved

Data Authentication Generates or

0 – Non-approved

Table 10

Page 17
  1. Software/Firmware security The module is shipped with a precomputed RSA signature file, (cvcl.dll.sig or libcvcl.so.sig). The signature is generated using an RSA EMSA-PKCS1-v1_5 4096-bit with SHA2-512 private key. The public/private RSA 4096-bit key pair is generated during manufacturing. The public key is hard coded in the module and is used for signature verification. The RSA public key used for the integrity test is not considered an SSP. As part of the software integrity check, the entire cvcl.dll Windows module or libcvcl.so Unix based module shared library is verified against this signature. If the signature verification fails, the module transitions to the error state, and finally back to the non-initialized state, where no further cryptographic operations are possible.
  2. Operational environment The module is designed to work on a General-Purpose Computer with one of the supported modifiable operating systems: • Microsoft Windows Server 2019 (Tested on Intel Xeon R Silver 4208 with and without AES-NI) • Red Hat Enterprise Linux 8.4 (Tested Intel Xeon R Silver 4208 with and without AES-NI) The operating system segregates the computing environment into processes spaces. Though all processes share the same hardware resources, they are logically separated from each other by the operating system. Each process has an independent pool of virtual memory, and the module functions completely within the address space of the process that loads it. The module does not attempt to communicate with other processes or other components of the operating system, and the operating system shouldn’t allow other processes to interfere with the module. It is the administrator’s responsibility to configure the operating system authentication mechanisms and ensure that only authorized users have access to the software that is loading the module. Since the Commvault Crypto Library is a software module executing within a general-purpose computer, and the physical cryptographic perimeter is drawn through the hardware interfaces of the computer, (i.e.: Ethernet or SCSI Bus), all major data paths within the computer must be protected. The replacement or modification of the module by unauthorized parties is explicitly prohibited. There are no restrictions on the configuration of the operational environment.
  3. Physical security Physical security is not applicable to this software module at Security Level 1.
  4. Non-invasive security The module does not implement non-invasive security measures.
  5. Sensitive security parameter management Implemented algorithms Public Material – May be reproduced only in its original entirety (without revision).
Page 18

The module provides low-level key generation and management routines for all algorithms listed in Table 4 of this Security Policy. Since the module implements both approved and non-approved algorithms, it is the responsibility of the user to ensure that only the approved services are being used (please refer to the sub-sections “Secure setup and initialization” and “Module security policy rules” for more details). Key generation The module provides services to generate pseudo-random symmetric and asymmetric keys and is passively receiving entropy. The module sets a function callback whenever entropy is required using “void cvcl_set_getentropy_cb(cvcl_get_rand_t get_rand)” API. The callback function requires a minimum of 384 bits of entropy. Symmetric keys are generated using the direct output of the CTR_DRBG. For asymmetric key generation, a provable prime method is used in accordance with FIPS 186-4 standard. Key entry and output The module does not import or export keys across the physical cryptographic perimeter. It is the responsibility of the application that loads the module to protect keys when they’re being exported or imported across the physical cryptographic perimeter. It is also the responsibility of the application to ensure that only Approved cryptographic algorithms are being used for key protection. The module accepts and passes keys across the cryptographic boundary as parameters via API calls. Key storage The module does not provide any long-term key storage. Keys stored in the NVRAM are protected from unauthorized disclosure, access or modification by the operating system that is responsible for allocating isolated and independent virtual memory for the module and the process using it. Zeroisation of keys All data output is inhibited during the zeroisation of SSPs. The following precautions are taken to make sure that all keys and seeds are being destroyed properly:

Page 19

Security Key/SSP Function Strength Generation Import/Export Establishment Storage Zeroisation Use & related keys Name/Type and Cert. Number Internally Import and At the end of the 128, 256 computed Export via API Volatile Used in data Symmetric AES-CBC, ECB, operation, power cycle bits using the SP Call N/A memory encryption/decryption AES Keys CKG (A2412) or the destroy 800-90Ar1 (Electronic (plaintext) and key protection function DRBG Entry) Internally computed Import and At the end of the 80, 112, using Export via API Volatile RSA Public RSA SigVer, operation, power cycle Used to perform 128, 152 provable Call N/A memory Keys CKG (A2412) or the destroy Signature verification bits prime (Electronic (plaintext) function method from Entry) FIPS 186-4 Internally computed Import and At the end of the 112, RSA KeyGen, using Export via API Volatile RSA Private operation, power cycle Used to perform 128, 152 SigGen, CKG provable Call N/A memory Keys or the destroy Signature generation bits (A2412) prime (Electronic (plaintext) function method from Entry) FIPS 186-4 HMAC-SHA-1, Internally Import and At the end of the HMAC-SHA2- computed Export via API Volatile

112 - operation, power cycle Used to generate and

HMAC keys 256, HMAC- using the SP Call N/A memory

256 bits or the destroy verify HMAC

SHA2-512, CKG 800-90Ar1 (Electronic (plaintext) function (A2412) DRBG Entry) AES-CTR The internal The internal state is Volatile DRBG V Counter DRBG Internally state is not zeroised by the Used in random bit

256 bits N/A memory

(IG D.L (A2412) computed imported or cvcl_destroy() generation (plaintext) compliant) exported command (Commvault Systems, Inc. © 2024) Version Public Material

Page 20

Security Key/SSP Function Strength Generation Import/Export Establishment Storage Zeroisation Use & related keys Name/Type and Cert. Number AES-CTR The internal The internal state is Volatile DRBG Key Counter DRBG Internally state is not zeroised by the Used in random bit

256 bits N/A memory

(IG D.L (A2412) computed imported or cvcl_destroy() generation (plaintext) compliant) exported command Entropy input Entropy Imported via Volatile The entropy input data Input Counter DRBG Used in random bit

384 bits N/A API Call N/A memory is zeroised at the end

(IG D.L (A2412) generation (Electronic (plaintext) of the operation compliant) Entry) AES-CTR The internal The internal state is Volatile DRBG Seed Counter DRBG Internally state is not zeroised by the Used in random bit

256 bits N/A memory

(IG D.L (A2412) computed imported or cvcl_destroy() generation (plaintext) compliant) exported command Import and At the end of the Used as seed in Export via API Volatile DRBG Counter DRBG AES-CTR operation, power cycle asymmetric key pair

256 bits Call N/A memory

Output (A2412) DRBG or the destroy generation or (Electronic (plaintext) function symmetric key Entry) Table 11

Page 21

Entropy sources Minimum number of bits Details of entropy Passive (external) 384-bits The module is passively receiving the entropy while [IG 9.3.A, Scenario 2b] exercising no control over the amount or the quality of the obtained entropy. The following caveat applies to the module: No assurance of the minimum strength of generated SSPs (e.g., keys) Table 12

Page 22
Page 23

Once the Commvault product is installed, there are no other procedures for secure installation, initialization and startup of the cryptographic module. Once the hardware platform is powered on, the module will be in initialized state. To validate that the module has been installed successfully and is operating in the approved mode, the following action is required:

8924 3d68 06/28 16:44:21 ### Cvcl::init() - CVCL: Running in FIPS
8924 3d68 06/28 16:44:21 ### Cvcl::init() - 3DES: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - AES: FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - Blowfish: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - DES: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - GOST: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - RSA sign/verify: FIPS-approved

8924 3d68 06/28 16:44:21 ### Cvcl::init() - RSA encrypt/decrypt: Not FIPS-approved

8924 3d68 06/28 16:44:21 ### Cvcl::init() - Serpent: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - Twofish: Not FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - SHA1: FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - SHA256: FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - SHA512: FIPS-approved
8924 3d68 06/28 16:44:21 ### Cvcl::init() - MD5: Not FIPS-approved

Figure 3

Page 24

software release, a release-specific symbolic tag is assigned to all source files and documents thereby creating a snapshot of the components included in the release. Development The module is written using high level language “C” with several time-critical pieces optimized using architecture-specific low-level assembler instructions on some platforms (AES-NI). A software defect tracking software called Silk Radar is being used to log defects discovered during testing and to keep track of their resolution by the development team. As part of the build sequence the module is compiled, linked, self-tested and signed. For every build released to the system test, a series of acceptance tests is conducted to verify at a higher level that cryptographic operations are working as expected. End-of-life The module can be sanitized by resetting the host platform on which it is run, zeroising all SSPs. 12. Mitigation of other attacks The module does not mitigate against any specific attacks outside of the scope of FIPS 140-3. Public Material