All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Cambium Networks PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C, PTP 850E

Certificate#4999StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorCambium Networks Ltd.
Low review priority  ·  no TCB surface named  ·  last validated 15 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date4/15/2030
CaveatWhen operated in approved mode, installed, initialized and configured as specified in Section 11.3 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.
VendorCambium Networks Ltd.

Approved Algorithms (35)

AlgorithmACVP Cert
AES-CBCA2755
AES-CBCA2758
AES-CFB128A2758
AES-CTRA680
AES-CTRA2758
AES-ECBA2758
AES-GCMA2758
AES-KWA2758
AES-OFBAES 4014
Counter DRBGA2758
DSA KeyGen (FIPS186-4)A2758
ECDSA KeyGen (FIPS186-4)A2758
ECDSA KeyVer (FIPS186-4)A2758
ECDSA SigGen (FIPS186-4)A2758
ECDSA SigVer (FIPS186-4)A2758
HMAC-SHA-1A2758
HMAC-SHA2-256A2755
HMAC-SHA2-256A2758
HMAC-SHA2-384A2758
HMAC-SHA2-512A2758
KAS-ECC-SSC Sp800-56Ar3A2758
KAS-FFC-SSC Sp800-56Ar3A2758
KDF IKEv1A2756
KDF SNMPA2757
KDF SSHA2758
RSA KeyGen (FIPS186-4)A2758
RSA SigGen (FIPS186-4)A2758
RSA SigVer (FIPS186-4)A2758
SHA-1A2758
SHA2-256A2755
SHA2-256A2758
SHA2-384A2758
SHA2-512A2758
TLS v1.2 KDF RFC7627A2758
TLS v1.3 KDFA2758

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Cambium Networks PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C, PTP 850E
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update<br/>firmware load</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>status output</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Cambium Networks PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C, PTP 850E
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update<br/>firmware load</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>status output</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IKEV</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

Cambium Networks PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C, PTP 850E Firmware: 12.0.1 Hardware: PTP 820N and PTP 820A, with TEL P/N: BS-0341-2 and with components:

2400 Research Blvd

Rockville, MD 20850 www.acumensecurity.net

Page 2

Cambium Networks Ltd. assumes no liability resulting from any inaccuracies or omissions in this document, or from use of the information obtained herein. Cambium reserves the right to make changes to any products described herein to improve reliability, function, or design, and reserves the right to revise this document and to make changes from time to time in content hereof with no obligation to notify any person of revisions or changes. Cambium does not assume any liability arising out of the application or use of any product, software, or circuit described herein; neither does it convey license under its patent rights or the rights of others. It is possible that this publication may contain references to, or information about Cambium products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that Cambium intends to announce such Cambium products, programming, or services in your country. This document, Cambium products, and 3rd Party software products described in this document may include or memories or other media. Laws in the United States and other countries preserve for Cambium, its licensors, and Cambium products described in this document may not be copied, reproduced, reverse engineered, distributed, merged or modified in any manner without the express written permission of Cambium. Furthermore, the purchase of Cambium products shall not be deemed to grant either directly or by implication, estoppel, or supplied software, except for the normal non-exclusive, royalty free license to use that arises by operation of law in the sale of a product. Restrictions of the software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, without prior written permission of Cambium. License Agreements The software described in this document is the property of Cambium and its licensors. It is furnished by express license agreement only and may be used only in accordance with the terms of such an agreement. High Risk Materials Cambium and its supplier(s) specifically disclaim any express or implied warranty of fitness for any high-risk activities or uses of its products including, but not limited to, the operation of nuclear facilities, aircraft navigation or aircraft communication systems, air traffic control, life support, or weapons systems (“High Risk Use”). Any High Risk is unauthorized, is made at your own risk and you shall be responsible for any and all losses, damage or claims arising out of any High-Risk Use. Public Material

Page 3
Table of Contents
#SectionPage
Page 4

List of Figures Public Material

Page 5

Introduction This is a non-proprietary FIPS 140-3 Security Policy for Cambium Networks Ltd. and the following Cambium Networks products: PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C, and PTP 850E. Below are the details of the certified products: Hardware Version #:

Page 6
  1. General The Cambium Networks PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 820N, PTP 820A, PTP 850C and PTP 850E (the module) are multi-chip standalone hardware modules validated at FIPS 140-3 Security Level
  2. Specifically, the modules meet that following security levels for individual sections in FIPS 140-3 standard: Section FIPS 140-3 Section Title Security Level
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A

Table 1 - Security Levels 2. Cryptographic Module Specification The PTP 820 and PTP 850 series radios provide a service-centric microwave platform for HetNet1 hauling. The platform includes a full complement of wireless products that provide backhaul and fronthaul solutions. Powered by a software-defined engine and sharing a common operating system, PTP 820 and PTP 850 Release 12.0.1, the PTP 820 and PTP 850 platforms deliver ultra-high capacities while supporting any radio transmission technology, any network topology, and any deployment configuration.

2.1 Cryptographic Boundary

The cryptographic boundary for the modules is defined as encompassing the "top," "front," "left," "right," and "bottom" surfaces of the case and all portions of the "backplane" of the case. The following figures provide a physical depiction of the cryptographic modules: Heterogenous Network Public Material

Page 7

Figure 1

Page 8

Figure 4

Page 9

Figure 7

Page 10

Model Hardware Firmware Distinguishing Version Features PTP 820N PTP 820N with TEL P/N: BS-0341-2 12.0.1 Modular IDU. and with components:

2.2 Modes of Operation

The module operates in the Approved mode of operation (when configured as per the instructions in Section 11 of this document). Any usage of the non-Approved services described in Table 17 would result in a non-Approved mode of operation. Public Material

Page 11
2.3 Cryptographic Algorithms

The following table lists the Approved algorithms supported by the modules: CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Management Security Algorithms Implementation (Firmware) A2758 AES CBC Direction: Decrypt, Encrypt Used for control/ (FIPS Key Length: 128, 256 management plane 197) ECB Direction: Decrypt, Encrypt encryption/ Key Length: 128, 256 decryption CTR Direction: Decrypt, Encrypt Key Length: 128, 192, 256 Payload Length: 8-128 Increment 8 Incremental Counter Counter Tests Performed CFB128 Direction: Decrypt, Encrypt Key Length: 128 GCM4 Direction: Decrypt, Encrypt IV Generation: Internal IV Generation Mode: 8.2.1 Key Length: 128, 256 Tag Length: 32, 64, 96, 104, 112, 120, 128 IV Length: 96-1024 Increment 8 Payload Length: 8-65536 Increment 8 AAD Length: 0-65536 Increment 8 KW Direction: Decrypt, Encrypt Cipher: Cipher, Inverse Key Length: 256 Payload Length: 128-524288 Increment SHS SHA-1 Message Length: 0-65536 Increment 8 Used for control/ (FIPS SHA2-256 management plane 180-4) SHA2-384 message digests. SHA2-512 SHA-1 is permitted within SSH, TLS and IPSec protocols, and legacy GCM IV generation tested in accordance with IG C.H, scenario 1 TLSv1.2 following RFCs 5516, 5246, 5288, and

5289 as well as SSH following RFCs 4251, 4252, 4253, 4254 and 5647. The IV is generated only for use with GCM

encryption within the protocol being used. The TLS cipher suites supported by the module are identified in section

11.4.2 of this document which are included in SP 800-52 Rev2 section 3.3.1. The module also internally generates

IVs for TLS 1.3 (RFC 8446) in accordance with scenario 5 in IG C.H. In the case the module’s power is lost and then restored, a new key for use with AES-GCM encryption/decryption is established. Public Material

Page 12

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d signature verification only. HMAC HMAC- MAC: 32-160 Increment 8 Key Length: 8- Used for control/ (FIPS SHA1 524288 Increment 8 management plane 198-1) HMAC- MAC: 32-256 Increment 8 Key Length: 8- message SHA2-256 524288 Increment 8 authentication HMAC- MAC: 32-384 Increment 8 Key Length: 8SHA2-384 524288 Increment 8 HMAC- MAC: 32-512 Increment 8 Key Length: 8SHA2-512 524288 Increment 8 DRBG CTR_DRBG Capabilities: Used for control/ (SP800- Mode: AES-256 management plane 90Arev1) Derivation Function Enabled: Yes random bit Additional Input: 0-256 Increment 256 generation Entropy Input: 2048 Increment 128 Nonce: 128 Personalization String Length: 0-256 Increment 256 Returned Bits: 256 ECDSA KeyGen, Capabilities: Curve: P-256 Hash Algorithm: Used for control/ (FIPS KeyVer, SHA2-256, SHA2-384, SHA2-512 management plane 186-4) SigGen, Secret Generation Mode: Testing key generation, SigVer Candidates signature generation, and signature verification DSA KeyGen Capabilities: Used for control/ (FIPS L: 2048 management plane 186-4) N: 224 FCC key generation L: 2048 N: 256 L: 3072 N: 256 RSA KeyGen Capabilities: Used for control/ (FIPS Key Generation Mode: B.3.3 management plane 186-4) Properties: key generation, Modulo: 2048 signature Primality Tests: Table C.2 generation, and Properties: signature Modulo: 3072 verification Primality Tests: Table C.2 Properties: Modulo: 4096 Public Material

Page 13

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Primality Tests: Table C.2 Info Generated By Server Public Exponent Mode: Random Private Key Format: Standard SigGen Capabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 2048 Salt Length: 28 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Public Material

Page 14

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Salt Length: 64 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Capabilities: Signature Type: ANSI X9.31 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Public Material

Page 15

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 SigVer Capabilities: Signature Type: PKCS 1.5 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: ANSI X9.31 Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Public Material

Page 16

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Properties: Modulo: 4096 Hash Pair: Hash Algorithm: SHA2-256 Hash Pair: Hash Algorithm: SHA2-384 Hash Pair: Hash Algorithm: SHA2-512 Capabilities: Signature Type: PKCSPSS Properties: Modulo: 2048 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Properties: Modulo: 3072 Hash Pair: Hash Algorithm: SHA2-256 Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Properties: Moduli: 4096 Hash Pair: Hash Algorithm: SHA2-256 Public Material

Page 17

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d Salt Length: 32 Hash Pair: Hash Algorithm: SHA2-384 Salt Length: 48 Hash Pair: Hash Algorithm: SHA2-512 Salt Length: 64 Public Exponent Mode: Random KTS-1 AES AES-256 in KW mode Used for key transport on the data plane; key establishment methodology provides 256 bits of encryption strength KTS-2 AES AES-128 and AES-256 in GCM mode Used for key transport on the management plane within TLS and SSH; key establishment methodology provides 128 or

256 bits of

encryption strength KTS-3 AES AES-128, AES-192 and AES-256 in CTR Used for key HMAC mode with HMAC SHA-1 transport on the management plane within SSH; key establishment methodology provides between

128 and 256 bits of

encryption strength KTS-5 AES AES-128 and AES-256 in CBC mode with Used for key HMAC HMAC-SHA-1 or HMAC SHA-256 transport on the management plane within TLS; key establishment methodology provides 128 or Public Material

Page 18

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d

256 bits of

encryption strength KAS-FFC- Diffie- Domain Parameter Generation Methods: Used for key SSC Hellman FB, FC, ffdhe2048, ffdhe3072 transport on the (SP800- Scheme: management plane 56arev3) dhEphem: using DiffieKAS Role: initiator, responder Hellman; key establishment methodology provides 112 and

128 bits of

encryption strength KAS-ECC- Ephemeral Domain Parameter Generation Methods: Used for key SSC Unified P-256 transport on the (SP800- Scheme: management plane 56arev3) ephemeralUnified: using Elliptic Curve KAS Role: initiator, responder Diffie-Hellman; key establishment methodology provides 128 bits of encryption strength CVL KDF Hash Algorithm: SHA2-256, SHA2-384, Used for key RFC 7627 TLSv1.2 SHA2-512 derivation within CVL KDF HMAC Algorithm: SHA2-256, SHA2-384 management RFC 8446 TLSv1.3 KDF Running Modes: DHE, PSK, PSK-DHE protocols CVL5 KDF SSHv2 AES-128, AES-192, AES-256 (SP800- SHA-1, SHA2-256, SHA2-384, SHA2-512 135-r1) Vendor- CKG6 SP800- §4: Using the Output of a Random Bit Symmetric key and affirmed 133rev2 Generator asymmetric seed §5: Generation of Key Pairs for generation Asymmetric-Key Algorithms Note that no parts of the SSH, SNMPv3, IKEv1 and TLS protocols, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. In accordance with FIPS 140-3 IG D.H, the cryptographic module performs Cryptographic Key Generation (CKG) as per SP 800-133r2 (vendor affirmed). The resulting generated symmetric keys and the seed used in the asymmetric key generation are the unmodified output from an NIST SP 800-90A DRBG. Public Material

Page 19

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d §6.1: The “Direct Generation” of Symmetric Keys §6.2: Derivation of Symmetric Keys A2758 KAS-1 KAS-FFC-SSC Cert. #A2758 with CVL Certs. Diffie-Hellman key A2756 #A2758 and #A2756 establishment ffdhe2048, ffdhe3072 providing 112 and using KAS-FFC-SSC

128 bits of encryption strength with SP 800-135

SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF A2758 KAS-2 KAS-ECC-SSC Cert. #A2758 with CVL Certs. Elliptic Curve DiffieA2756 #A2758, #A2756 and #A2757 Hellman key P-256 providing 128 bits of encryption establishment strength using KAS-ECC-SSC with SP 800-135 SSHv2 KDF, IKEv1 KDF, RFC 7627 TLSv1.2 KDF and RFC 8446 TLSv1.3 KDF IKE KDF Implementation (Firmware) A2756 KDF KDF IKEv1 Capabilities: Authentication Method: Pre- Used for key IKEv1 shared Key Initiator Nonce Length: 64- derivation within CVL 2048 Increment 8 Responder Nonce IPsec (SP800- Length: 64-2048 Increment 8 Preshared Not implemented 135-r1) Key Length: 8-8192 Increment 8 Diffie- on Freescale P1021 Hellman Shared Secret Length: 3072 Hash or ARM based Algorithm: SHA2-256 platforms SNMP KDF Implementation (Firmware) A2757 CVL KDF Password Length: 64, 256 Used for key (SP800- SNMPv3 Engine ID: derivation within 135-r1) 3078313130663331626636303532333062 management 64, protocols 3078333964653663643936303437353165 Linux Kernel Crypto Implementation (Firmware) A2755 AES CBC Direction: Decrypt, Encrypt Key Length: Used for data (FIPS 256; tested but not used on Freescale encryption/ 197) P1012 or ARM based platforms decryption within IPsec Public Material

Page 20

CAVP Algorith Mode/Me Description / Key Size(s) / Key Use / Function Cert m and thod Strength(s) Standar d HMAC HMAC- MAC: 128; Key Length: 256; tested but not Used for message (FIPS SHA2-256 used on Freescale P1012 or ARM based authentication 198-1) platforms within IPSec SHS SHA2-256 Message Length: 0-51200 Increment 8; Used for message (FIPS not used on Freescale P1012 or ARM digests within IPsec 180-4) based platforms KTS-4 AES AES-256 in CBC mode with HMAC SHA-256 Used for key HMAC transport on the management plane within IPsec; key establishment methodology provides 256 bits of encryption strength AES Core Implementation (Hardware) AES 4014 AES OFB Direction: Decrypt, Encrypt Used for data plane (FIPS Key Length: 256 encryption/ 197) decryption (PTP 820C, 820S, 820CHP) A680 AES CTR Direction: Decrypt, Encrypt Used for data plane (FIPS Key Length: 256 encryption/ 197) Payload Length: 128 decryption (PTP Incremental Counter 850C, 850E, 820G, Counter Tests Performed 820A, 820N) Entropy Source ENT (P) Ring-oscillator noise source with no conditioning function Conformant to SP 800-90B and IG D.J and D.K. Minentropy: 1.9 bits per byte Table 3

Page 21

3. Cryptographic Module Interfaces The modules provide a number of physical ports/logical interfaces to the device, and the physical ports provided by the module are mapped to four FIPS 140-3 defined logical interfaces: data input, data output, control input, and status output. The physical ports/logical interfaces and their mapping are described in the following diagrams/tables: Figure 8

Page 22

Serial console (Terminal) (1x) RJ-45 Terminal Interface Status Output Alarm signaling (DB9) TLS v1.2/1.3, SSH, IPSec, and (1x) FE Management Interfaces SNMPv3 management traffic (1x) DB9 External Alarms (FE) LEDs Serial console (Terminal) Activity (LED) (1x) -48V DC Power Interface Power Input N/A Table 5

Page 23

Physical port Logical interface Data that passes over port/interface (1x) RJ-45 Data Port (PoE) Data Input TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface Data traffic (Data Port, Antenna (2x) Data port (Electrical or Ports) Optical) (2x) Antenna Ports (1x) RJ-45 Data Port (PoE) Data Output TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface Data traffic (Data Port, Antenna (2x) Data port (Electrical or Ports) Optical) (2x) Antenna Ports (1x) Source Sharing Control Input TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface Signaling (Source Sharing) (1x) RSL Indication Status Output TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface RSL signaling (RSL) (1x) -48V DC Power Interface Power Input N/A (1x) RJ-45 Data Port (PoE) Table 6

Page 24

Figure 10

Page 25

Figure 11

Page 26

Physical port Logical interface Data that passes over port/interface (2x) Data port (Electrical or Data traffic (Data Ports, Optical) Antenna Ports) (2x) Antenna Ports (1x) Source Sharing Control Input TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface Signaling (Source Sharing) (1x) RSL Indication Status Output TLS v1.2/1.3, SSH, IPSec, and SNMPv3 management traffic (1x) RJ-45 Management (RJ-45) Interface RSL signaling (RSL) (1x) -48V DC Power Interface Power Input N/A Table 8

Page 27

Physical port Logical interface Data that passes over port/interface (1x) ACT LED Serial console (Terminal) (1x) RJ45 External Alarms Activity (LED) Alarm signaling (RJ45) Table 9

Page 28

Table 10 –PTP820 TCC-B2-XG-MC: N000082H003 (PTP 820N and PTP 820A) Ports and Interfaces Figure 14

Page 29

Figure 15 - PTP 850C Physical Ports9 Physical port Logical interface Data that passes over port/interface (1x) 1/2.5/10GbE Electrical Data Input TLS v1.2/1.3, SSH, and SNMPv3 Interface management traffic (RJ-45) (1x) 1/2.5 GbE Electrical or Data traffic (Antenna ports, Optical Interface GbE) (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports (1x) 1/2.5/10GbE Electrical Data Output TLS v1.2/1.3, SSH, and SNMPv3 Interface management traffic (RJ-45) (1x) 1/2.5 GbE Electrical or Data traffic (Antenna ports, Optical Interface GbE) (2x) 1/10GbE Electrical or Optical Interface (1x) RJ-45 GbE Management Interface (2x) Antenna Ports (1x) RJ-45 GbE Management Control Input TLS v1.2/1.3, SSH, and SNMPv3 Interface management traffic (RJ-45) The WiFi port is disabled. Public Material

Page 30

Physical port Logical interface Data that passes over port/interface (1x) Source Sharing Signaling (Source Sharing) (1x) RJ-45 GbE Management Status Output TLS v1.2/1.3, SSH, and SNMPv3 Interface management traffic (RJ-45) (1x) RSL Indication RSL signaling (RSL) (1x) -48V DC Power Interface Power Input N/A Table 12

Page 31

Figure 16 - PTP 850E Physical Ports Physical port Logical interface Data that passes over port/interface (1x) 1/2.5GbE Multiband Data Input TLS v1.2/1.3, SSH, IPSec, and Interface SNMPv3 management traffic (1x) 4x1/10GbE or 1x40GbE (RJ-45) Electrical or Optical Interface XPIC data (XPIC/IPsec) (1x) 1/10GbE Electrical Interface Data traffic (Antenna ports, (1x) RJ-45 GbE Management GbE) Interface (2x) Antenna Ports (1x) 1/2.5GbE Multiband Data Output TLS v1.2/1.3, SSH, IPSec, and Interface SNMPv3 management traffic (1x) 4x1/10GbE or 1x40GbE (RJ-45) Electrical or Optical Interface XPIC data (XPIC/IPsec) (1x) 1/10GbE Electrical Interface Data traffic (Antenna ports, (1x) RJ-45 GbE Management GbE) Interface (2x) Antenna Ports (1x) RJ-45 GbE Management Control Input TLS v1.2/1.3, SSH, IPSec, and Interface SNMPv3 management traffic (1x) Source Sharing (RJ-45) (1x) Protection/XPIC XPIC data (XPIC/IPsec) Signaling (Source Sharing) Public Material

Page 32

Physical port Logical interface Data that passes over port/interface (1x) RJ-45 GbE Management Status Output TLS v1.2/1.3, SSH, IPSec, and Interface SNMPv3 management traffic (1x) RSL Indication (RJ-45) XPIC data (XPIC/IPsec) RSL signaling (RSL) (1x) -48V DC Power Interface Power Input N/A (1x) RJ-45 GbE Management Interface (PoE) WIFI Port N/A This port is disabled Table 13

4.1 Authorized Roles

The module supports several different roles, including multiple Cryptographic Officer roles and a User role. Configuration of the module can occur over several interfaces and at different levels depending upon the role assigned. There are multiple levels of access for a Cryptographic Officer as follows:

Page 33

Role Service Input Output Crypto Officer Perform Self- Web GUI forms, CLI Web GUI status, CLI return Tests commands messages Crypto Officer Change Web GUI forms, CLI Web GUI status, CLI return Password commands messages User Transmit/Receive Data plane packets Data plane packets Data Crypto Officer Administrative Web GUI forms, CLI Web GUI status, CLI return access over SSH commands messages Crypto Officer Administrative Web GUI forms, CLI Web GUI status, CLI return access over Web commands messages EMS Crypto Officer SNMPv3 Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer Key Entry Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer IPSEC Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer Zeroize Web GUI forms, CLI Web GUI status, CLI return commands messages N/A Cycle Power N/A N/A N/A Status LED N/A LED Status Output Crypto Officer View Summaries Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer Platform Web GUI forms, CLI Web GUI status, CLI return Management commands messages Public Material

Page 34

Role Service Input Output Crypto Officer Fault Web GUI forms, CLI Web GUI status, CLI return Management commands messages Crypto Officer Radio Web GUI forms, CLI Web GUI status, CLI return Configuration commands messages Crypto Officer Ethernet Web GUI forms, CLI Web GUI status, CLI return Configuration commands messages Crypto Officer Sync Settings Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer Utilities Web GUI forms, CLI Web GUI status, CLI return commands messages Crypto Officer RBN Web GUI forms, CLI Web GUI status, CLI return commands messages Table 14

4.2 Authentication Mechanisms

The module supports role-based authentication. Module operators must authenticate to the module before being allowed access to services, which requires the assumption of an authorized role. The module employs the authentication methods described in the table below to authenticate Crypto-Officers and Users. Unauthenticated users are only able to access the module LEDs and power cycle the module. Role Authentication Method Authentication Strength CO Password/Username All passwords must be at least 8 characters and must include letters, numbers, and special characters. If (8) integers are used for an eight-digit password, the probability of randomly guessing the correct sequence is less than one (1) in 1,000,000 (this calculation is based on the assumption that the typical standard American QWERTY computer keyboard has 10 integer digits, 33 special characters, and 52 letter characters. The calculation should be 958 = 6,634,204,312,890,625). Therefore, the associated probability of a successful random attempt is less than 1 in 1,000,000. In order to successfully guess the sequence in one minute would require the ability to make over 110,570,071,881,510 guesses per second, which far exceeds the operational capabilities of the module. Users AES-256 Master Key When using AES key-based authentication, the key has a size of 256-bits. Therefore, an attacker would have a 1 in Public Material

Page 35

Role Authentication Method Authentication Strength 2^256 chance of randomly obtaining the key, which is much stronger than the one in a million chance. For AES based authentication, to exceed a 1 in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 3.25X10^32 attempts per minute, which far exceeds the operational capabilities of the modules to support. Table 15

4.3 Services

The services (approved and non-approved) that require operators to assume an authorized role (CryptoOfficer or User) as well as unauthenticated services are listed in the tables below. The module supports a global indicator of “enabled” when the module is in the Approved mode and an indicator of “disabled” when the module is in the non-Approved mode. Please note that the keys and Sensitive Security Parameters (SSPs) listed below use the following indicators to show the type of access required:

Page 36

Service Description Approved Keys and/or Role Access rights to Indicator Security SSPs s Keys/SSP’s Functions (Bypass KTS (AESmode when KW) feature is not enabled) Administrative Secure AES-CTR DRBG entropy CO DRBG entropy input (R) Admin access over SSH remote HMAC input DRBG Seed (R) status command KAS-ECC- DRBG Seed DRBG V (R/W/Z) (enabled) line SSC DRBG V DRBG Key (R/W/Z) and appliance KAS-FFC- DRBG Key Diffie-Hellman / EC session administrati SSC Diffie-Hellman Diffie Hellman Shared logs on over an KTS / EC Diffie Secret (R/W/Z) SSH tunnel. RSA Hellman Diffie Hellman / EC Diffie SHS Shared Secret Hellman private key SSH KDF Diffie Hellman (R/W/Z) DRBG / EC Diffie Diffie Hellman / EC Diffie CKG Hellman Hellman public key DSA private key (R/W/Z) ECDSA Diffie Hellman SSH Private Key (R/W) / EC Diffie SSH Public Key (R/W) Hellman public SSH Session Key (R/W/Z) key SSH Integrity Key SSH Private Key (R/W/Z) SSH Public Key SSH Session Key SSH Integrity Key Administrative Secure AES-CBC DRBG entropy CO DRBG entropy input (R) Admin access over remote GUI AES-GCM input DRBG Seed (R) status Web EMS appliance HMAC DRBG Seed DRBG V (R/W/Z) (enabled) administrati KAS-ECC- DRBG V DRBG Key (R/W/Z) and on over a SSC DRBG Key Diffie-Hellman / EC session TLS tunnel. KAS-FFC- Diffie-Hellman Diffie Hellman Shared logs SSC / EC Diffie Secret (R/W/Z) KTS Hellman Diffie Hellman / EC Diffie SHS Shared Secret Hellman private key RSA Diffie Hellman (R/W/Z) TLSv 1.2 / EC Diffie Diffie Hellman / EC Diffie KDF Hellman Hellman public key TLS v1.3 private key (R/W/Z) KDF Diffie Hellman TLS Private Key (R/W) DRBG / EC Diffie TLS Public Key (R/W) CKG Public Material

Page 37

Service Description Approved Keys and/or Role Access rights to Indicator Security SSPs s Keys/SSP’s Functions DSA Hellman public TLS Pre-Master Secret ECDSA key (G/E/Z) TLS Private Key TLS Master Secret TLS Public Key (G/E/Z) TLS Pre-Master TLS Session Encryption Secret Key (G/E/Z) TLS Master TLS Session Integrity Key Secret (G/E/Z) TLS Session Encryption Key TLS Session Integrity Key SNMPv3 Secure AES- SNMP Session CO SNMP Session Key Admin remote CFB128 Key (R/W/Z) status SNMPv3- HMAC SNMP Session SNMP Session (enabled) based SHS Authentication Authentication Key and system SNMP KDF Key (R/W/Z) session monitoring. SNMPv3 SNMPv3 password logs password (R/W/Z) Key Entry Enter key KTS Master Key CO Master Key (R/W) Admin over status managemen (enabled) t interfaces and session logs IPSec10 Control AES-CBC IKE session CO IKE session encrypt key Admin plane traffic HMAC encrypt key (R/W/Z) status encryption SHS IKE session IKE session (enabled) using IKEv1 KTS authentication authentication key for key KAS-FFC- key (R/W/Z) exchange SSC ISAKMP ISAKMP preshared key (Self- DSA preshared key (R/W) initiated IKEv1 KDF IPsec IPsec encryption key cryptograph encryption key (R/W/Z) ic output IPsec IPsec authentication key capability) authentication (R/W/Z) key Diffie Hellman Shared Diffie Hellman Secret (R/W/Z) Shared Secret Diffie Hellman private Diffie Hellman key (R/W/Z) private key Diffie Hellman public key (R/W/Z) Only available on MIPS CPU based models Public Material

Page 38

Service Description Approved Keys and/or Role Access rights to Indicator Security SSPs s Keys/SSP’s Functions Diffie Hellman public key Zeroize Zeroize all N/A All CSPs CO All CSPs (Z) Admin CSPs status (enabled) Cycle Power Reboot of N/A DRBG entropy N/A DRBG entropy input (Z) Console module input DRBG Seed (Z) log DRBG Seed DRBG V (Z) DRBG V DRBG Key (Z) DRBG Key Diffie-Hellman / EC Diffie-Hellman Diffie Hellman Shared / EC Diffie Secret (Z) Hellman Diffie Hellman / EC Diffie Shared Secret Hellman private key (Z) Diffie Hellman Diffie Hellman / EC Diffie / EC Diffie Hellman public key (Z) Hellman SSH Session Key (Z) private key SSH Integrity Key (Z) Diffie Hellman SNMPv3 session key (Z) / EC Diffie SNMPv3 session Hellman public authentication key key TLS Pre-Master Secret SSH Session (Z) Key TLS Master Secret (Z) SSH Integrity TLS Session Encryption Key Key (Z) SNMPv3 TLS Session Integrity Key session key (Z) SNMPv3 IKE session encrypt key session (Z) authentication IKE session key authentication key (Z) TLS Pre-Master IPsec encryption key (Z) Secret IPsec authentication key TLS Master (Z) Secret Session Key Tx (Z) TLS Session Session Key Rx (Z) Encryption Key TLS Session Integrity Key IKE session encrypt key Public Material

Page 39

Service Description Approved Keys and/or Role Access rights to Indicator Security SSPs s Keys/SSP’s Functions IKE session authentication key IPsec encryption key IPsec authentication key Session Key Tx Session Key Rx Status LED View status N/A N/A N/A N/A N/A Output via the modules’ LEDs View Summaries View unit N/A N/A CO N/A Admin summary status information (enabled) (Unit, Radio, Security) Platform Shelf N/A N/A CO N/A Admin Management managemen status t, unit (enabled) configuratio n, interfaces, firmware settings, activation key, and statistics Fault Alarm N/A N/A CO N/A Admin Management settings status (enabled) Radio Radio N/A N/A CO N/A Admin Configuration interface status settings (enabled) (includes Bypass setting and status) Ethernet Ethernet N/A N/A CO N/A Admin Configuration interface status settings (enabled) Public Material

Page 40

Service Description Approved Keys and/or Role Access rights to Indicator Security SSPs s Keys/SSP’s Functions Sync Settings Manage N/A N/A CO N/A Admin synchroniza status tion (enabled) Utilities Generic N/A N/A CO N/A Admin utilities status (enabled) RBN Bandwidth N/A N/A CO N/A Admin notification status (enabled) Table 16

Page 41
  1. Operational Environment FIPS 140-3 Operational Environment requirements are not applicable since the module is a hardware module with a limited operational environment. The module runs Release 12.0.1 which includes Wind River Linux 4.1.0 or 4.14 depending on the CPU architecture.
  2. Physical Security The appliances have a multi-chip standalone embodiment. The appliances are contained in a hard metal chassis, which is defined as the cryptographic boundary of the module. The appliances’ chassis is opaque within the visible spectrum. The enclosure of the appliances have been designed to satisfy Level 2 physical security requirements. Each of the appliances needs Tamper Evidence Labels (TELs) to meet Security Level 2 requirements. These labels are installed (as seen in the respective model images) at the factory before delivery to the customer, for the PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP, PTP 850C and PTP 850 E. For PTP 820N and PTP820A, the CO must place the twenty (20) TELs according to Figure 21-24 (below). The preparation instructions of the module prior to installation of the tamper seals are as follows: • Use caution to avoid touching the adhesive in such a way as to leave fingerprints and damage the labels. • The curing time (drying time) for the labels is at least sixty minutes. • The labels must be replaced whenever cards are added to or removed from the unit. Replacement labels can be ordered from Cambium Networks, part number BS-0341-2. • When replacing a label, gently cut the label, replace the module, and apply a new label in place of the previous label. The extra tamper seals shall be in possession of the CO at all times. The CO shall observe any changes to the module such as reconfigurations where the tamper evident seals are removed or installed to ensure the security of the module is maintained during such changes and the module is returned to an Approved mode of operation. The Crypto Officer shall periodically (defined by organizational security policy, recommendation is once a month) monitor the state of all applied TELs for evidence of tampering. If tamper is detected, the CO must take the device out of commission, inspect it and if deemed safe, return it to the Approved state. Physical Security Mechanism Recommended Frequency of Inspection/Test Guidance Inspection/Test Details Tamper Evidence Label During regular physical Inspect the labels for obvious maintenance operations. At signs of damage/removal. least every six months. Placement should be according to the figures below. Table 18 – Physical Security Inspection Guidelines Public Material – May be reproduced only in its original entirety (without revision).
Page 42

Figure 17

Page 43

Public Material

Page 44

Figure 18

Page 45

Figure 19

Page 46

Public Material

Page 47

Public Material

Page 48

Figure 20

Page 49

Figure 21 - PTP 820N and PTP 820A Bottom Figure 22

Page 50

Figure 23 - PTP 820N and PTP 820A Top Figure 24

Page 51

Figure 25

Page 52

8. Non-invasive Security FIPS 140-3 Non-invasive Security requirements are not applicable. Public Material

Page 53

9. Sensitive security parameter management The following table identifies each of the Keys/SSPs associated with the modules: Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number DRBG entropy 256-bit DRBG Generated N/A N/A Plaintext Device power Used for control/ input (CSP) A2758 using temporarily cycle or management plane module in RAM cleared after random bit generation entropy use source DRBG Seed (CSP) 256-bit DRBG Generated N/A N/A Plaintext Device power Seed used for DRBG A2758 using SP temporarily cycle or instantiation and reseed 800-90Ar1 in RAM cleared after DRBG seed use construction DRBG V (CSP) 256-bit DRBG SP 800- N/A N/A Plaintext Device power Used for control/ A2758 90Ar1 DRBG temporarily cycle or management plane Internal in RAM cleared after random bit generation State use DRBG Key (CSP) 256-bit DRBG SP 800- N/A N/A Plaintext Device power Used for control/ A2758 90Ar1 DRBG temporarily cycle or management plane Internal in RAM cleared after random bit generation State use Diffie Hellman 112 and KAS-FFC-SSC N/A N/A Established Plaintext Device power Used for key transport on Shared Secret 128 bits 2048 bits using SP temporarily cycle or the management plane (CSP) and 3072 800- in RAM cleared after using Diffie-Hellman; key bits A2758 56Arev3 use establishment KAS-SSC methodology provides

Page 54

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number Termination 112 and 128 bits of of protocol encryption strength session EC Diffie 128-bit KAS-ECC- N/A N/A Established Plaintext Device power Used for key transport on Hellman Shared SSC P-256 using SP temporarily cycle or the management plane Secret (CSP) A2758 800- in RAM cleared after using Elliptic Curve Diffie56Arev3 use Hellman; key KAS-SSC Termination establishment of protocol methodology provides session 128 bits of encryption strength Diffie Hellman 112 and KAS-FFC-SSC Generated N/A N/A Plaintext Device power Used for key transport on private key (CSP) 128 bits 2048 bits according to temporarily cycle or the management plane and 3072 SP 800- in RAM cleared after using Diffie-Hellman; key bits A2758; 56Arev3 use establishment DSA A2758 Termination methodology provides of protocol 112 and 128 bits of session encryption strength EC Diffie 128-bit KAS-ECC- Generated N/A N/A Plaintext Device power Used for key transport on Hellman private SSC P-256 according to temporarily cycle or the management plane key (CSP) A2758; SP 800- in RAM cleared after using Elliptic Curve DiffieECDSA 56Arev3 use Hellman; key A2758 Termination establishment of protocol methodology provides session 128 bits of encryption strength Cambium Networks Ltd. © 2025 Version Public Material

Page 55

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number Diffie Hellman 112 and KAS-FFC-SSC Generated Output in N/A Plaintext Device power Used for key transport on public key (PSP) 128 bits 2048 and according to plaintext temporarily cycle or the management plane

3072 bits SP 800- in RAM cleared after using Diffie-Hellman; key

A2758; 56Arev3 use establishment DSA A2758 Termination methodology provides of protocol 112 and 128 bits of session encryption strength EC Diffie 128-bit KAS-ECC- Generated Output N/A Plaintext Device power Used for key transport on Hellman public SSC P-256 according to electronically temporarily cycle or the management plane key (PSP) A2758; SP 800- in plaintext in RAM cleared after using Elliptic Curve DiffieECDSA 56Arev3 use Hellman; key A2758 Termination establishment of protocol methodology provides session 128 bits of encryption strength SSH Private Key 112-bit RSA 2048- Generated Entered N/A Plaintext Zeroization Used for control and (CSP) bit A2758 according to electronically persistently command management plane FIPS 186-4 in encrypted in Flash authentication form via approved KTS-2, KTS-3 or KTS-5 SSH Public Key 112-bit RSA 2048- Generated Output N/A Plaintext Zeroization Used for control and (PSP) bit according to electronically persistently command management plane A2758 FIPS 186-4 in plaintext in Flash authentication Cambium Networks Ltd. © 2025 Version Public Material

Page 56

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number SSH Session Key 128, 192 AES-CTR N/A N/A Derived Plaintext Device power Used for control and (CSP) or 256- (128, 192, using SP temporarily cycle or management plane bits 256), AES- 800- in RAM cleared after privacy GCM (128, 135rev1 use 256), SSH KDF Termination KDF A2758 of protocol session SSH Integrity Key 160, HMAC, SSH N/A N/A Derived Plaintext Device power Used for message integrity (CSP) 256 or KDF A2758 using SP temporarily cycle check in the control and 512-bits 800- in RAM Termination management plane 135rev1 of protocol KDF session SNMPv3 Shared SNMP KDF N/A Entered N/A Plaintext Zeroization Used for key derivation password (CSP) Secret, at A2757 electronically persistently command within management least eight in encrypted in Flash protocols characters form via approved KTS-2, KTS-3 or KTS-5 SNMPv3 session 128-bit SNMP KDF N/A N/A Derived Plaintext Device power Used for key (CSP) A2757, AES using SP temporarily cycle or encryption/decryption CFB128 800- in RAM cleared after within management A2758 135rev1 use protocols KDF Termination of protocol session Cambium Networks Ltd. © 2025 Version Public Material

Page 57

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number SNMPv3 session 160-bit SNMP KDF N/A N/A Derived Plaintext Device power Used for message integrity authentication A2757, using SP temporarily cycle or check within management key (CSP) HMAC 800- in RAM cleared after protocols A2758 135rev1 use KDF Termination of protocol session TLS Private Key 112-bit RSA 2048- Generated N/A N/A Plaintext Zeroization Used for authentication (CSP) bit according to persistently command within management A2758 FIPS 186-4 in Flash protocols TLS Public Key 112-bit RSA 2048- Generated Output N/A Plaintext Zeroization Used for authentication (PSP) bit according to electronically persistently command within management A2758 FIPS 186-4 in plaintext in Flash protocols TLS Pre-Master 384-bit KAS-FFC- N/A N/A Established Plaintext Device power Used for key derivation Secret (CSP) SSC, according to temporarily cycle or within the TLS KAS-ECC- SP 800- in RAM cleared after management protocol SSC A2758 56Arev3 use Termination of protocol session TLS Master 384-bit TLS 1.2 KDF N/A N/A Calculated Plaintext Device power Used for key derivation Secret (CSP) A2758 as an temporarily cycle or within the TLS element of in RAM cleared after management protocol. the TLS 1.2 use Derived from the TLS PreKDF Termination Master Secret of protocol session Cambium Networks Ltd. © 2025 Version Public Material

Page 58

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number TLS Session 128 or AES GCM, N/A N/A Derived Plaintext Device power Used for Encryption Key 256- bits AES CBC using SP temporarily cycle or encryption/decryption (CSP) A2758 800- in RAM cleared after within management TLS KDF 135rev1 use protocols A2758 KDF Termination of protocol session TLS Session 160, 256 HMAC SHA- N/A N/A Derived Plaintext Device power Used for message integrity Integrity Key or 384- 1, SHA2- using SP temporarily cycle or check in the control and (CSP) bits 256, SHA2- 800- in RAM cleared after management plane

384 135rev1 use

A2758 KDF Termination TLS KDF of protocol A2758 session IKE session 256-bit AES CBC N/A N/A Derived Plaintext Device power Used for encrypt key A2755, using SP temporarily cycle or encryption/decryption (CSP) IKEv1 KDF 800- in RAM cleared after within IPsec A2756 135rev1 use KDF Termination of protocol session IKE session 256-bit HMAC N/A N/A Derived Plaintext Device power Used for message authentication A2755, using SP temporarily cycle or authentication within key (CSP) IKEv1 KDF 800- in RAM cleared after IPsec A2756 135rev1 use KDF Cambium Networks Ltd. © 2025 Version Public Material

Page 59

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number Termination of protocol session ISAKMP Secret, IKEv1 KDF N/A Entered N/A Plaintext Zeroization Used for key derivation preshared (CSP) 32 A2756 electronically temporarily command within IPsec characters in encrypted in RAM form via approved KTS-2, KTS-3 or KTS-5 IPsec encryption 256-bit AES CBC N/A N/A Derived Plaintext Device power Used for key (CSP) 2755, using SP temporarily cycle or encryption/decryption IKEv1 KDF 800- in RAM cleared after within IPsec A2756 135rev1 use KDF Termination of protocol session IPsec 256-bit HMAC, N/A N/A Derived Plaintext Device power Used for message authentication SHA2-256 using SP temporarily cycle or authentication within key (CSP) A2755, 800- in RAM cleared after IPsec IKEv1 KDF 135rev1 use A2756 KDF Termination of protocol session Session key Tx 256-bit AES CTR Generated Electronically N/A Plaintext Device power Used for (CSP) A680 using DRBG entered and temporarily cycle or encryption/decryption or output in in RAM within data plane Cambium Networks Ltd. © 2025 Version Public Material

Page 60

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number AES OFB encrypted cleared after

4014 form via use

approved Data plane KTS-1 or KTS- rekey Session key Rx 256-bit AES CTR Generated Electronically N/A Plaintext Device power Used for (CSP) A680 using DRBG entered and temporarily cycle encryption/decryption Or AES OFB output in in RAM Data plane within data plane

4014 encrypted rekey

form via approved KTS-1 or KTSMaster key (CSP) 256-bit AES KW N/A Electronically N/A Plaintext Zeroization Used for session key AES ECB entered via persistently command encryption for session key A2758 KTS-2, KTS-3 in Flash exchange between local or KTS-5 and remote units Crypto Officer 958 N/A N/A Electronically N/A SHA2-512 Zeroization Used for Crypto Officer Password (CSP) entered in hash command login encrypted persistently form via in Flash approved KTS-2, KTS-3 or KTS-5 CO Password SHA2-512 SHA2-512 Generated N/A N/A Persistently Zeroization Used to verify Crypto Hash A2758 upon in Flash command Officer login Cambium Networks Ltd. © 2025 Version Public Material

Page 61

Import/Export Establishment Use & related Security Key/SSP Strength Generation Storage Zeroisation Function and Name/Type keys Cert. Number password creation Table 19

Page 62
9.1 Generation

The module generates symmetric and asymmetric keys in compliance with the requirements of the FIPS 140-3 standard. Specifically, symmetric keys are generated using output of the Approved SP 800-90A DRBG and in compliance with IG D.H. Asymmetric keys are generated as part applicable key generation standards. See Table 19 for additional details.

9.2 Import/Export

All keys are entered into or output from the module in a secure manner. Specifically, the Session Keys are output from the module encrypted with an approved KTS using a Master Key with the AES-KW algorithm. Additionally, SSPs provisioned by an operator can be entered using an approved KTS employing AES-GCM or AES and HMAC within the SSH, TLS, or IPsec protocols. See Table 19 for additional details.

9.3 Storage

SSPs are stored in plaintext in non-volatile and volatile memory. See Table 19 for additional details.

9.4 Zeroization Procedures

SSPs stored in volatile memory are zeroized automatically when no longer needed. SSPs stored in nonvolatile memory are zeroized after repeated failure of the Pre-Operational Self-Tests or upon hardzeroization command issued. The zeroization will permanently erase SSPs stored in Flash by overwriting with zeroes. When zeroization occurs via power cycle or the zeroization command the module provides an indicator in the console log. When zeroization occurs via session termination the zeroization indicator is provided via session log. For CSPs that are zeroized after use, the indicator is that the service continues. If there is a zeroization error, the service in process will be terminated. See Table 19 for additional details. Entropy Sources Minimum number of bits of Details entropy ENT (P) The entropy source provides 2.79 Ring-oscillator noise source with bits of entropy per 8-bit sample. no conditioning function. To achieve a security strength of Conformant to SP 800-90B and IG

256 bits, the DBRG’s deviation D.J and D.K

function will require a seed length of at least 138 samples. The DRBG is seeded with 2048 bits (256 samples) of data providing approximately 714 bits of entropy which is sufficient for generating the largest module SSPs of a maximum of 256 bits of security strength. Table 20

Page 63
  1. Self-tests Self-tests are health checks that ensure that the cryptographic algorithms within the module are operating correctly. The self-tests identified in FIPS 140-3 broadly fall within two categories:
  2. Pre-Operational Self-Tests
  3. Conditional Self-Tests When the module is powered on, its power-up self-tests are executed without any operator intervention. CASTs are performed prior to first usage of an algorithm. The operator may run periodic self-tests by power-cycling the module. Conditional tests are performed when a specific condition is met, such as usage of the entropy source or generation of key-pair.
10.1 Pre-Operational Self-Tests

The cryptographic module performs the following Pre-Operational Self-Tests on:

10.2 Conditional Self-Tests

The HW-based entropy source is conditionally tested (when entropy is consumed by any of the FW components). Tests are APT and RCT (mentioned in the SP 800-90B document). The cryptographic module performs the following conditional self-tests:

Page 64
10.3 Self-Tests Error Handling

If any of the identified POSTs fail, the module will not enter an operational state and will instead provide an error message “Failed powerOnSelfTest”. If the failure persists after power-cycle, the module will then be placed in a Default State (where all keys/CSPs are zeroized) and the Approved mode enabled flag is reset to disabled. The module will enter the non-approved mode. Event logs will be updated accordingly. If either of the SP 800-90B self-tests fail, the repeated random numbers are discarded, and an error is reported. If the PWCT fails, the key pair is discarded, and an error is reported. If the Firmware Load Test fails, the new firmware is not loaded. If the conditional Bypass self-test fails, the error is reported, and the module does not transition into or out of bypass. During execution of the self-tests, firmware loading, zeroization, and while in an error state, data output is inhibited. 11. Life-cycle assurance This section describes the configuration and administration of the cryptographic module. Public Material

Page 65
11.1 Secure Operation

When configured as per this section of the Security Policy, the module only runs in the Approved mode of operation, with the exception of the non-Approved Services identified in Table 17. The non-Approved services described may make use of non-compliant cryptographic algorithms or plaintext data transfers. Use of these services is prohibited in an Approved mode of operation. The Crypto Officer is responsible for ensuring that any of the non-Approved Services (Table 17) in Section 4.3 are not used. Once the module is properly configured as outlined below, the non-Approved Services will not be available for use.

11.2 Installation

The module hardware is shipped in sealed boxes to indicate tamper. Upon delivery, the recipient should inspect the package to verify that there has been no tampering. PTP 820G, PTP 820C, PTP 820S, PTP 820CHP, PTP 850C, and PTP 850E have a fixed configuration with TELs applied at factory. The Crypto Officer must verify at installation time that the TELs are affixed and intact. PTP 820N, and PTP 820A have variable configurations and the CO must verify that they are configured as per one of the approved configurations identified in Section 2.1, Table 2. Moreover, the Crypto Officer must verify at installation time that the TELs are affixed and intact. The tamper evident seals installed as indicated in Section 7 is required for the module to be operated in the Approved mode of operation. Please refer to the figures in Section 7 of this document for the proper placement of TELs.

11.3 Initialization

The CO must follow these steps to place the module in an Approved mode of operation. For the exact CLI command syntax or GUI instructions, please refer to the below referenced sections of the FIPS Security Configuration Guide for precise details. 1. Enable Password Enforcement to enforce password strength.

7.10 Configuring Login and Password Settings

- Select Quick Configuration > Security > Access Control. - In the Password change for first login field, select Yes. - In the Enforce password strength field, select Yes. 2. Configure failure login attempts for wrong passwords to 3 attempts (default value).

7.10 Configuring Login and Password Settings

- In the Failure login attempts to block user field, select the number of failed login attempts (3) that will trigger blocking. 3. For radio encryption mode, configure Master Key and enable Payload Encryption.

7.5 Configuring AES-256 Payload Encryption

Public Material

Page 66

4. Enable SNMP v3 (default) and disable SNMPv1 and v2. Add SNMP users as appropriate following the password complexity requirements specified for CO operators in Section 4 above. Ensure that “AES” and “SHA” are selected for the privacy and authentication ciphers, respectively.

7.9 Configuring SNMPv3

- Select Quick Configuration > Security > Protocols. The Quick Configuration Security Protocols page opens (Figure 41). - In the SNMP Admin field, select Enable to enable SNMP - In the V1V2 Blocked field, select Yes to block SNMPv1 and SNMPv2 access so that only SNMPv3 access will be enabled. 5. Disable Telnet

7.8 Blocking Telnet Access

- Select Quick Configuration > Security > Protocols. - In the Telnet Admin field, select Disable. - Click Apply. 6. Disable HTTP and enable HTTPS

7.7 Configuring HTTPS

- Select Quick Configuration > Security > Protocols. - In the HTTP protocol field, select HTTPS 7. [Optional step] in case of External Protection configuration (relevant for PTP 820G, PTP 820C, PTP 820S, PTP 820C-HP), enable Protection Admin and supply a pre-shared key. - 8.1 Encrypting the Protection Link 8. [Optional step] In case of TCC Redundancy (relevant for PTP 820N, PTP 820A), enable Protection Admin, and make sure TCC Protection switch mode is set to Cold Switch Over Note: Hot Switch Over (HSO) shall not be used in the Approved Mode - Web GUI: Platform > Shelf Management > Main Card Redundancy (In the TCC Protection switch mode field, select Cold Switch Over)

  1. Change the default CO password - 3.4 Changing Your Password
  2. Enable Approved Admin configuration, i.e., set operation mode to ‘Approved mode’. Public Material – May be reproduced only in its original entirety (without revision).
Page 67

- 7.1 Enabling ‘Approved Mode’ Once the final step is performed the module will prompt the CO to reboot. Upon successful reboot the module will enter the Approved mode of operation. Once the module has been configured, the Approved mode status can be verified by selecting the Security Summary from the Web EMS main menu. The field for “FIPS Mode Admin” shows “enabled”. - 6 Viewing the Security Parameters

11.4 Management

Protocols such as Telnet, RADIUS, TACACS+, HTTP, SNMPv1, and SNMPv2, Syslog, Hot Standby, NTP are not approved for use in the Approved mode and shall remain disabled. When in FIPS 140-3 compliant mode, only the following algorithms are used for SSH and TLS communications.

11.4.1 SSH Usage

When in the Approved mode, the module supports only the following symmetric encryption algorithm:

11.4.2 TLS Usage

When in the Approved mode, only the following cipher suites are available for TLSv1.2 communications:

Page 68

When in the Approved mode, only the following cipher suites are available for TLSv1.3 communications:

11.5 Maintenance

There are no specific maintenance actions required. 12. Mitigation of other attacks The module does not claim to mitigate any other attacks beyond those specified in FIPS 140-3. Public Material