All modules
CMVP Validated Module · FIPS 140-3 Security Policy

PL-4000M and PL-4000T

Certificate#5055StandardFIPS 140-3Level2TypeHardwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPacketLight Networks Ltd.
Low review priority  ·  no TCB surface named  ·  last validated 11 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level2
Module typeHardware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date8/17/2030
CaveatWhen installed, initialized and configured as specified in Section 11 of the Security Policy. The tamper evident seals installed as indicated in the Security Policy.
VendorPacketLight Networks Ltd.

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for PL-4000M and PL-4000T
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>Update</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>UnAuth</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for PL-4000M and PL-4000T
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>Update</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>UnAuth</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>IPSEC</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

PacketLight Networks Ltd. PL-4000M and PL-4000T Document Version 1.0 July 2025 Prepared by: www.lightshipsec.com PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 2
Table of Contents
#SectionPage
Page 3

PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 4
List of Tables
ItemPage
Table 1: Security Levels5
Table 2: Tested Module Identification – Hardware7
Table 3: Modes List and Description7
Table 4: Approved Algorithms9
Table 5: Vendor-Affirmed Algorithms9
Table 6: Security Function Implementations12
Table 7: Entropy Certificates13
Table 8: Entropy Sources13
Table 9: Ports and Interfaces17
Table 10: Authentication Methods19
Table 11: Roles19
Table 12: Approved Services33
Table 13: Mechanisms and Actions Required37
Table 14: Storage Areas41
Table 15: SSP Input-Output Methods41
Table 16: SSP Zeroization Methods41
Table 17: SSP Table 145
Table 18: SSP Table 246
Table 19: Pre-Operational Self-Tests47
Table 20: Conditional Self-Tests48
Table 21: Pre-Operational Periodic Information48
Table 22: Conditional Periodic Information49
Table 23: Error States50
Figure 1: PL-4000M6
Figure 2: PL-4000T7
Figure 3: PL-4000M (Front)15
Figure 4: PL-4000T (Front)15
Figure 5: PL-4000M and PL-4000T (Rear)15
Figure 6: PL-40000M (Front, Rear, Left, Right, Bottom)38
Figure 7: PL-40000T (Front, Rear, Left, Right, Bottom)39
Page 5
1 General
1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for the PacketLight Networks Ltd. PL-4000M and PL-4000T cryptographic modules (also referred to as “the module(s)” hereafter) running firmware version 2.1.0. It contains specification of the security rules, under which the cryptographic module operates, including the security rules derived from the requirements of the FIPS 140-3 standard for an overall Security Level 2 module.

1.2 Security Levels

The table below describes the individual security areas of FIPS 140-3, as well as the Security Levels of those individual areas. Section Title Security Level

1 General 2

2 Cryptographic module specification 2

3 Cryptographic module interfaces 2

4 Roles, services, and authentication 2

5 Software/Firmware security 2

6 Operational environment N/A

7 Physical security 2

8 Non-invasive security N/A

9 Sensitive security parameter management 2

10 Self-tests 2

11 Life-cycle assurance 2

12 Mitigation of other attacks N/A

Overall Level 2 Table 1: Security Levels The Module has an overall security level of 2. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 6
2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The PL-4000M and PL-4000T are two product variations of the PL-4000x clone. The hardware modules run the same firmware and provide the same cryptographic security services. The PL-4000M is a cost-effective solution for rolling out multi-rate 10/25/100GbE, 16G FC, OTU2/2e/4 services, or increasing existing network capacity. The device delivers up to 600G in a 1U chassis using dual 400G CFP2-DCO Open ROADM standards-based pluggable coherent modules for metro and long-haul applications. The PL-4000M provides a full demarcation point between the service and the OTN/DWDM network and is interoperable with any third-party switch or router. This provides full visibility and performance monitoring of both line optical transport layer (OTN) and 10/25/100GbE, 16G FC, and OTU2/2e/4 service interfaces. The PL-4000M can be configured to work in the following system modes: - Single 400G Muxponder: mix of client interfaces aggregated into a 400G uplink - Dual 100/200/300G Muxponder: mix of client interfaces aggregated into two 100/200/300G uplinks - Optical Amplifiers: Up to two EDFA modules (optional) - Optical Switch: 1+1 facility protection (optional) The PL-4000T is a cost-effective high-capacity solution for rolling out 400GbE and 100GbE services or increasing existing network capacity. The device has four 400G pluggable uplink optical modules, delivering up to 1.6T in a 1U chassis. The PL-4000T integrates mux/demux, EDFA and OSW and delivers the entire optical layer. This flexible solution enables pay-as-you-grow architecture. The solution provides a full demarcation point between the service and the DWDM network and is interoperable with any third-party switch or router. This provides full visibility and performance monitoring of both the optical transport layer (OTN) and 100GbE/400GbE/OTU4 service interfaces. The PL-4000T can be configured to work in the following system modes: - Muxponder: 4x100G clients per 200G/300G/400G slice - Transponder: 1x400G per 400G - Optical Amplifiers: Up to two EDFA modules (optional) - Mux/Demux: 4ch mux/demux module (optional) - Optical Switch: 1+1 optical switch, 4 x 1+1 optical switches Module Type: Hardware Module Embodiment: MultiChipStand Cryptographic Boundary: The cryptographic boundary of the modules is defined as the entire outer casing of the chassis as pictured below. The PL-4000T’s cryptographic boundary includes uplink module(s) which are protected by Tamper-evident Seals (see Section 7.1). Figure 1: PL-4000M PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 7
2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

2.3 Excluded Components
2.4 Modes of Operation

Modes List and Description: The table below details the Mode of Operation supported by the module. Mode Description Type Status Name Indicator Approved When installed, initialized and configured as specified in Section 11 of the Security Approved Global Mode Policy, and with the tamper evident seals installed as indicated in Section 7 of the Security Policy, the module only runs in the approved mode of operation. Table 3: Modes List and Description

2.5 Algorithms

Approved Algorithms: The table below lists all the Approved Algorithms supported by the module. Algorithm CAVP Cert Properties Reference AES-CFB128 A4261 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-CTR A4136 Direction - Decrypt, Encrypt SP 800-38A Key Length - 256 PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 8

Algorithm CAVP Cert Properties Reference AES-CTR A4261 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128, 192, 256 AES-ECB A2709 Direction - Encrypt SP 800-38A Key Length - 256 AES-ECB A4261 Direction - Decrypt, Encrypt SP 800-38A Key Length - 128 AES-GCM A2709 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 256 AES-GCM A4261 Direction - Decrypt, Encrypt SP 800-38D IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 256 AES-GMAC A4136 Direction - Decrypt, Encrypt SP 800-38D IV Generation - External IV Generation Mode - 8.2.1 Key Length - 256 Counter DRBG A4261 Prediction Resistance - Yes SP 800-90A Mode - AES-256 Rev. 1 Derivation Function Enabled - No ECDSA KeyGen A4261 Curve - P-384 FIPS 186-5 (FIPS186-5) Secret Generation Mode - testing candidates ECDSA KeyVer A4261 Curve - P-384 FIPS 186-5 (FIPS186-5) ECDSA SigGen A4261 Curve - P-384 FIPS 186-5 (FIPS186-5) Hash Algorithm - SHA2-384, SHA2-512/224 ECDSA SigVer A4261 Curve - P-384 FIPS 186-5 (FIPS186-5) Hash Algorithm - SHA2-384 HMAC-SHA2-256 A4261 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2-384 A4261 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 HMAC-SHA2-512 A4261 Key Length - Key Length: 8-524288 Increment 8 FIPS 198-1 KAS-ECC-SSC Sp800- A4261 Domain Parameter Generation Methods - P-256, P-384, P-521 SP 800-56A 56Ar3 Scheme - Rev. 3 ephemeralUnified KAS Role - initiator, responder KAS-FFC-SSC Sp800- A4261 Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, SP 800-56A 56Ar3 MODP-2048, MODP-3072, MODP-4096 Rev. 3 Scheme dhEphem KAS Role - initiator, responder KDA OneStep A4261 Derived Key Length - 2048 SP 800-56C SP800-56Cr2 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 Rev. 2 KDF SNMP (CVL) A4261 Password Length - Password Length: 64-160 Increment 8 SP 800-135 Rev. 1 PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 9

Algorithm CAVP Cert Properties Reference KDF SSH (CVL) A4261 Cipher - AES-128, AES-192, AES-256 SP 800-135 Hash Algorithm - SHA2-256, SHA2-512 Rev. 1 RSA KeyGen A4261 Key Generation Mode - probableWithProbableAux FIPS 186-5 (FIPS186-5) Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard Safe Primes Key A4261 Safe Prime Groups - ffdhe2048, ffdhe3072, MODP-2048, MODP- SP 800-56A Generation 3072, MODP-4096 Rev. 3 Safe Primes Key A4261 Safe Prime Groups - ffdhe2048, ffdhe3072, MODP-2048, MODP- SP 800-56A Verification 3072, MODP-4096 Rev. 3 SHA2-256 A4261 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA2-384 A4261 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 SHA2-512 A4261 Message Length - Message Length: 0-65536 Increment 8 FIPS 180-4 TLS v1.2 KDF A4261 Hash Algorithm - SHA2-256, SHA2-384 SP 800-135 RFC7627 (CVL) Rev. 1 TLS v1.3 KDF (CVL) A4261 HMAC Algorithm - SHA2-256, SHA2-384 SP 800-135 KDF Running Modes - DHE Rev. 1 Table 4: Approved Algorithms Vendor-Affirmed Algorithms: The table below lists all the Vendor-Affirmed Algorithms supported by the module. Name Properties Implementation Reference CKG Key PacketLight Cryptographic IG D.H, SP800-133r2 (Section 4/example 1) The seed used in Type:Asymmetric Implementation asymmetric key generation is the unmodified output from a NIST SP 800- 90A DRBG. Table 5: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: The module does not support any Non-Approved, Allowed Algorithms. N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: The module does not support any Non-Approved, Allowed Algorithms with No Security Claimed. N/A for this module. Non-Approved, Not Allowed Algorithms: The module does not support any Non-Approved Algorithms that are not Allowed in the Approved Mode of Operation. N/A for this module.

2.6 Security Function Implementations

The table below lists the Security Function Implementations supported by the module. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 10

Name Type Description Properties Algorithms Config File BC-UnAuth Encryption/Decryption AES-CTR: (A4261) Encrypt/Decrypt of respective SSPs in Key Length: 256 configuration files Key File BC-UnAuth Encryption/Decryption AES-ECB: (A4261) Encrypt/Decrypt of respective SSPs in key files SNMPv3 BC-UnAuth Encryption/Decryption AES-CFB128: (A4261) Encrypt/Decrypt of SNMPv3 packets SSH Encrypt/Decrypt BC-UnAuth Encryption/Decryption AES-CTR: (A4261)

1 of SSH session packets

SSH Encrypt/Decrypt BC-Auth Encryption/Decryption AES-GCM: (A4261)

2 of SSH session packets

TLS Encrypt/Decrypt BC-Auth Encryption/Decryption AES-GCM: (A4261) of TLS session packets Client Data BC-Auth Encryption/Decryption AES-CTR: (A4136) Encrypt/Decrypt 1 of Client Data (PL- AES-GMAC: (A4136) 4000M hardware block) Client Data BC-Auth Encryption/Decryption AES-GCM: (A2709) Encrypt/Decrypt 2 of Client Data (DCO AES-ECB: (A2709) transceiver hardware block, inserted into 4000T) TLS Key AsymKeyPair-KeyGen Generation of ECDSA KeyGen Pair/Certificate certificate and keys (FIPS186-5): (A4261) Generation for TLS server Counter DRBG: authentication (A4261) SSH Key Pair AsymKeyPair-KeyGen Generation of keys for RSA KeyGen (FIPS186Generation SSH server 5): (A4261) authentication Counter DRBG: (A4261) TLS Key Pair AsymKeyPair-KeyVer TLS Key Pair ECDSA KeyVer Verification Verification (FIPS186-5): (A4261) TLS Digital Signature DigSig-SigGen TLS Digital Signature ECDSA SigGen Generation Generation (FIPS186-5): (A4261) TLS Digital Signature DigSig-SigVer TLS Digital Signature ECDSA SigVer Verification Verification (FIPS186-5): (A4261) SSH Message MAC SSH Message HMAC-SHA2-256: Authentication 1 Authentication (A4261) SSH Message MAC SSH Message HMAC-SHA2-512: Authentication 2 Authentication (A4261) SHA2-512: (A4261) TLS Message MAC TLS Message HMAC-SHA2-256: Authentication 1 Authentication (A4261) PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 11

Name Type Description Properties Algorithms TLS Message MAC TLS Message HMAC-SHA2-384: Authentication 2 Authentication (A4261) SHA2-384: (A4261) SNMP Message MAC SNMP Message HMAC-SHA2-256: Authentication 1 Authentication (A4261) SNMP Message MAC SNMP Message HMAC-SHA2-384: Authentication 2 Authentication (A4261) SHA2-384: (A4261) SNMP Message MAC SNMP Message HMAC-SHA2-512: Authentication 3 Authentication (A4261) SHA2-512: (A4261) Data Plane KEX MAC Data Plane KEX HMAC-SHA2-384: Message Message (A4261) Authentication Authentication SHA2-384: (A4261) (prevents man-in-themiddle) Verify Firmware MAC Verify Firmware HMAC-SHA2-384: Integrity Integrity (A4261) SHA2-384: (A4261) Verify Firmware Load MAC Verify Firmware Load HMAC-SHA2-384: (A4261) SHA2-384: (A4261) KAS 1 KAS-Full Data exchange keys IG:D.F Scenario 2 path KAS-ECC-SSC Sp800generation and (2) 56Ar3: (A4261) distribution Bit Strength KDA OneStep SP800Caveat:provides 56Cr2: (A4261) between 128 and 256 bits of encryption strength KAS 2 KAS-Full Key Agreement for IG:D.F Scenario 2 path KAS-ECC-SSC Sp800SSH (2) 56Ar3: (A4261) Bit Strength KDF SSH: (A4261) Caveat:provides between 128 and 256 bits of encryption strength KAS 3 KAS-Full Key Agreement for IG:D.F Scenario 2 path KAS-FFC-SSC Sp800SSH (2) 56Ar3: (A4261) Bit Strength Domain Parameter Caveat:provides Generation Methods: between 112 and 152 MODP-2048, MODPbits of encryption 3072 and MODP-4096 strength KDF SSH: (A4261) KAS 4 KAS-Full Key Agreement for IG:D.F Scenario 2 path KAS-ECC-SSC Sp800TLSv1.2 (2) 56Ar3: (A4261) Bit Strength PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 12

Name Type Description Properties Algorithms Caveat:provides TLS v1.2 KDF between 128 and 256 RFC7627: (A4261) bits of encryption strength KAS 5 KAS-Full Key Agreement for IG:D.F Scenario 2 path KAS-ECC-SSC Sp800TLSv1.3 (2) 56Ar3: (A4261) Bit Strength TLS v1.3 KDF: (A4261) Caveat:provides between 128 and 256 bits of encryption strength KAS 6 KAS-Full Key Agreement for TLS IG:D.F Scenario 2 path KAS-FFC-SSC Sp800v1.3 (2) 56Ar3: (A4261) Bit Strength Domain Parameter Caveat:provides 112 Generation Methods: or 128 bits of ffdhe2048, ffdhe3072 encryption strength TLS v1.3 KDF: (A4261) SNMP Key Derivation KAS-135KDF Derives SNMPv3 Keys KDF SNMP: (A4261) SSH Key Derivation KAS-135KDF Derives SSH Keys KDF SSH: (A4261) TLS Key Derivation KAS-135KDF Derives TLS 1.2/3 Keys TLS v1.2 KDF RFC7627: (A4261) TLS v1.3 KDF: (A4261) Password SHA Operator Password SHA2-256: (A4261) Obfuscation obfuscation in config file Entropy Source ENT-ESV Entropy Source KAS Key Pair KAS-KeyGen KAS Key Pair ECDSA KeyGen Generation 1 Generation (ECDH) (FIPS186-5): (A4261) ECDSA KeyVer (FIPS186-5): (A4261) Counter DRBG: (A4261) KAS Key Pair KAS-KeyGen KAS Key Pair Safe Primes Key Generation 2 Generation (DH) Generation: (A4261) Safe Primes Key Verification: (A4261) Counter DRBG: (A4261) DRBG DRBG Deterministic Random Counter DRBG: Bit Generation (A4261) Table 6: Security Function Implementations PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 13
2.7 Algorithm Specific Information

The module's TLS v1.2 firmware AES-GCM implementation conforms to FIPS 140-3 IG C.H Scenario #1. The module is compatible with TLS v1.2 and provides support for the acceptable GCM ciphersuites from SP 800-52 Rev2, Section 3.3.1. The counter portion of the IV is set by the module within its cryptographic boundary. When the IV exhausts the maximum number of possible values for a given session key, the first party, client or server, to encounter this condition will trigger a handshake to establish a new encryption key (in accordance with RFC 5246). In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established. The module's TLS v1.3 firmware AES-GCM implementation conforms to FIPS 140-3 IG C.H Scenario #5. The TLS v1.3 protocol, and specifically the use of the AES-GCM encryption within the TLS v1.3 protocol is defined in RFC 8446. The module supports the acceptable GCM ciphersuites from SP 800-52 Rev2, Section 3.3.1. The IV is generated and used within this protocol’s implementation. The module's SSHv2 firmware AES-GCM implementation conforms to FIPS 140-3 IG C.H Scenario #1. The SSHv2 implementation is compliant with RFC 4252 and RFC 4253, and the IV generation of SSHv2 AES-GCM implementation is compliant with RFC 5647. The module's hardware AES-GCM implementations conform to IG C.H, scenario #4. The module uses a 96-bit IV, which is constructed deterministically per SP 800-38D Section 8.2.1 from a nonce and counter. PL-4000T - from a Frame Block Counter, Multi-Frame Index (MFI), Multi Frame Alignment Signal (MFAS) and nonce. PL-4000M - from Frame Counter (which is comprised of MFAS and MFI-38 bits and 26 zero pads), and Frame Block Counter (32-bits). Per the requirements specified in Section 8 in NIST SP 800-38D, the probability that the authenticated encryption function ever will be invoked with the same IV and the same key on two (or more) distinct sets of input data is no greater than 2-32. In all cases the module enforces FIPS 140-3 IG C.H, which states, “In case the module’s power is lost and then restored, a new key for use with the AES GCM encryption/decryption shall be established.”

2.8 RBG and Entropy

The tables below detail the modules ESV information. Cert Vendor Name Number E63 ID QUANTIQUE SA Table 7: Entropy Certificates Name Type Operational Sample Entropy Conditioning Environment Size per Component Sample IDQ Quantis IID QRNG Physical IDQ250C2 2 bits 1.75 bits Table 8: Entropy Sources

2.9 Key Generation

Please see SFI table.

2.10 Key Establishment

Please see SFI table. The module implements the DH and ECDH key agreement schemes specified in NIST SP 800-56Arev3. This specification requires that certain checks are performed to provide assurances regarding the keys being used. The following assurance checks are performed by the cryptographic module: PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 14
2.11 Industry Protocols

No parts of the SSH protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. No parts of the TLS protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. No parts of the SNMP protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 15
3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

Figure 3: PL-4000M (Front) Figure 4: PL-4000T (Front) Figure 5: PL-4000M and PL-4000T (Rear) The table below details the modules Ports and Interfaces. Physical Port Logical Data That Passes Interface(s) LC ports (4000M) None Not in use CFP2 400G Uplink ports (4000M) Data Input Muxponded/Transponded data, Inband Data Output management Control Input Status Output SFP+/SFP28 10G/25G Service ports (4000M) Data Input Data Data Output Status Output OSC ports (4000M) None Not in use PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 16

Physical Port Logical Data That Passes Interface(s) SFP 100/1000M Base-X MNG ports (4000M) Control Input Management Status Output RJ-45 Control port (4000M) Control Input Local CLI Status Output RJ-45 Alarm port (4000M) Status External alarms dry contacts Output QSFP28 100G Service ports (4000M) Data Input Data Data Output Status Output Interlaken RJ-45 port (4000M) None Not in use RJ-45 100/1000M Base-T LAN ports (4000M) Control Input Management Status Output LEDs (4000M) Status Status Output Power connectors (4000M) Power Power Mux/Demux MPO port (4000T) None Not in use LC ports (4000T) None Not in use QSFP-DD 400G Uplink ports (4000T) None Not in use CFP2 400G Uplink ports (4000T) Data Input Transponded data, Inband management Data Output Control Input Status Output SFP 100/1000M Base-X MNG ports (4000T) Control Input Management Status Output RJ-45 Control port (4000T) Control Input Local CLI Status Output RJ-45 Alarm port (4000T) Status External alarms dry contacts Output QSFP28 100G ports QSFP28 100G/ QSFP-DD 400G Data Input Data ports (4000T) Data Output Control Input Status Output RJ-45 100/1000M Base-T LAN ports (4000T) Control Input Management Status Output LEDs (4000T) Status Status Output PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 17

Physical Port Logical Data That Passes Interface(s) Power connectors (4000T) Power Power Table 9: Ports and Interfaces PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 18
4 Roles, Services, and Authentication
4.1 Authentication Methods

The table below details the modules Authentication Methods. Method Description Security Strength Each Attempt Strength per Minute Name Mechanism WebGUI Grants access to Username Passwords are required to be at Assuming 10 attempts per (HTTPS) GUI according to and minimum 8 characters in length, and second via a scripted or Auth role Password at maximum 20 bytes. Accepted automatic attack, the characters are a-z, A-Z, 0-9, and probability of a success with [$@#&_!%^*]. An 8-character multiple attempts in a onepassword allowing all legal characters minute period is 600/73^8, (73) with repetition equates to a which is less than 1/100,000. 1:(73^8), or 1: 806,460,091,894,081 chance of false acceptance. SSH/SFTP Grants access to Username Passwords are required to be at Assuming 10 attempts per Auth CLI according to and minimum 8 characters in length, and second via a scripted or role Password at maximum 20 bytes. Accepted automatic attack, the characters are a-z, A-Z, 0-9, and probability of a success with [$@#&_!%^*]. An 8-character multiple attempts in a onepassword allowing all legal characters minute period is 600/73^8, (73) with repetition equates to a which is less than 1/100,000. 1:(73^8), or 1: 806,460,091,894,081 chance of false acceptance. Console Grants access to Username Passwords are required to be at The fastest data rate for the Auth CLI according to and minimum 8 characters in length, and serial port is 115,200 bps. Each role Password at maximum 20 bytes. Accepted ASCII character is 10 bits (1 characters are a-z, A-Z, 0-9, and Start, 8 data, 1 Stop), so that is [$@#&_!%^*]. An 8-character (115,200 / 10 =) 115,20 password allowing all legal characters characters per second or (73) with repetition equates to a (115,20 * 60 =) 691,200 1:(73^8), or 1: 806,460,091,894,081 characters per minute. Running chance of false acceptance. 100,000 trials in a minute will require a minimum of (4 * 10 * 100,000 =) 4,000,000 characters to be sent. This exceeds the 691,200 limit imposed by the data rate of the serial port. Therefore, the probability that a random attempt will succeed in one minute is less than 1/100,000. SNMPv3 Verifying the Username Passwords are required to be at Assuming 10 attempts per Auth rights of SNMP and minimum 8 characters in length, and second via a scripted or based processes Password at maximum 20 bytes. Accepted automatic attack, the to access for characters are a-z, A-Z, 0-9, and probability of a success with [$@#&_!%^*]. An 8-character multiple attempts in a onePacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 19

Method Description Security Strength Each Attempt Strength per Minute Name Mechanism monitoring and password allowing all legal characters minute period is 600/73^8, management (73) with repetition equates to a which is less than 1/100,000. 1:(73^8), or 1: 806,460,091,894,081 chance of false acceptance. Table 10: Authentication Methods

4.2 Roles

The module supports four different roles: Admin, Crypto, Read-Write and Read-Only, which are detailed in the table below. Name Type Operator Type Authentication Methods Admin Role CO WebGUI (HTTPS) Auth SSH/SFTP Auth Console Auth SNMPv3 Auth Crypto Role CO WebGUI (HTTPS) Auth SSH/SFTP Auth Console Auth Read-Write Role CO WebGUI (HTTPS) Auth SSH/SFTP Auth Console Auth SNMPv3 Auth Read-Only Role CO WebGUI (HTTPS) Auth SSH/SFTP Auth Console Auth SNMPv3 Auth Table 11: Roles

4.3 Approved Services

The table below lists all approved services supported by the module. The abbreviations of the access rights to keys and SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Name Description Indicator Inputs Outputs Security SSP Access Functions Initialization Initial N/A Command Command None Admin Configuration and response/ parameters status PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 20

Name Description Indicator Inputs Outputs Security SSP Access Functions Manage Add, Edit, Delete, Global ("FIPS Command Command Password Admin Accounts View user Compliant and response/ Obfuscation - Operator accounts Mode") in parameters status Passwords: W combination with successful completion of service Change Admin to any Global ("FIPS Command Command Password Admin Password except Crypto, Compliant and response/ Obfuscation - Operator each user its own Mode") in parameters status Passwords: W combination Crypto with successful - Operator completion of Passwords: W service Read-Write - Operator Passwords: W Read-Only - Operator Passwords: W Encryption Transfer of Global ("FIPS Command Command Client Data Admin Service encryption data Compliant and response/ Encrypt/Decrypt - EC DH Key Pair Mode") in parameters status 1 for DEK: G,E combination Client Data - ECC CDH with successful Encrypt/Decrypt primitive for completion of 2 DEK: G,E service Data Plane KEX - Data Message Encryption Key Authentication (DEK): G,E KAS 1 - PeerKAS Key Pair Authentication Generation 1 Pre-Shared Secret: R,W,E Read-Write - EC DH Key Pair for DEK: G,E - ECC CDH primitive for DEK: G,E - Data Encryption Key (DEK): G,E - PeerAuthentication Pre-Shared Secret: R,W,E PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 21

Name Description Indicator Inputs Outputs Security SSP Access Functions Add/Change Add/Changes the Global ("FIPS Command Command Config File Crypto Pre-Shared pre-shared secret Compliant and response/ Encrypt/Decrypt - PeerSecret used for the Mode") in parameters status Authentication authentication of combination Pre-Shared the key exchange with successful Secret: W messages. completion of service Lock Locks the N/A Command Command None Crypto Encrypted encrypted uplink response/ Service port. status Change Provisions the N/A Command Command None Admin Provisioning service port or response/ Read-Write Type remove status provisioning from the selected port View System View system N/A Command Command None Admin Information specific response/ Crypto information status Read-Write Read-Only View View port N/A Command Command None Admin Performance performance response/ Crypto Monitoring monitoring info status Read-Write Read-Only View Faults or Used to localize N/A Command Command None Admin Alarms and identify response/ Crypto problems in the status Read-Write network Read-Only Configure Configure Firewall N/A Command Command None Admin Firewall rules/policies and response/ parameters status Show Status Outputs current N/A Command Command None Admin module status response/ Crypto status Read-Write Read-Only Show Returns module N/A Command Module None Admin Versioning name/identifier versioning Crypto information and versioning information Read-Write information Read-Only Set Device N/A Command Command None Admin Configuration configuration tool and response/ Read-Write data parameters status Establish SSH Establish an SSH Global ("FIPS Command Command Key File Admin session session Compliant response/ Encrypt/Decrypt - Operator Mode") in status SSH Passwords: W combination Encrypt/Decrypt - Diffie-Hellman PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 22

Name Description Indicator Inputs Outputs Security SSP Access Functions with successful 1 (DH) Key Pair: completion of SSH G,E service Encrypt/Decrypt - Diffie-Hellman

2 Shared Secret:

SSH Key Pair G,E Generation - Elliptic Curve SSH Message Diffie-Hellman Authentication 1 (ECDH) Key SSH Message Pair: G,E Authentication 2 - EC DiffieKAS 2 Hellman Shared KAS 3 Secret: G,E SSH Key - SSH/SFTP Host Derivation Key Pair: G,E KAS Key Pair - SSH/SFTP Generation 1 Session KAS Key Pair Encryption Key: Generation 2 G,E - SSH/SFTP Session Authentication key: G,E Crypto - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - SSH/SFTP Host Key Pair: G,E - SSH/SFTP Session Encryption Key: G,E - SSH/SFTP Session PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 23

Name Description Indicator Inputs Outputs Security SSP Access Functions Authentication key: G,E Read-Write - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - SSH/SFTP Host Key Pair: G,E - SSH/SFTP Session Encryption Key: G,E - SSH/SFTP Session Authentication key: G,E Read-Only - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - SSH/SFTP Host Key Pair: G,E PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 24

Name Description Indicator Inputs Outputs Security SSP Access Functions - SSH/SFTP Session Encryption Key: G,E - SSH/SFTP Session Authentication key: G,E Establish TLS Establish a web Global ("FIPS Command Command Key File Admin session session using TLS Compliant response/ Encrypt/Decrypt - Operator protocol Mode") in status TLS Passwords: W combination Encrypt/Decrypt - Diffie-Hellman with successful TLS Key (DH) Key Pair: completion of Pair/Certificate G,E service Generation - Diffie-Hellman TLS Key Pair Shared Secret: Verification G,E TLS Digital - Elliptic Curve Signature Diffie-Hellman Generation (ECDH) Key TLS Digital Pair: G,E Signature - EC DiffieVerification Hellman Shared TLS Message Secret: G,E Authentication 1 - TLS Key Pair: TLS Message G,E Authentication 2 - TLS Premaster KAS 4 Secret: G,E KAS 5 - TLS Master KAS 6 Secret: G,E TLS Key - TLS Session Derivation Encryption Key: KAS Key Pair G,E Generation 1 - TLS Session KAS Key Pair Authentication Generation 2 Key: G,E Crypto - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 25

Name Description Indicator Inputs Outputs Security SSP Access Functions Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - TLS Key Pair: G,E - TLS Premaster Secret: G,E - TLS Master Secret: G,E - TLS Session Encryption Key: G,E - TLS Session Authentication Key: G,E Read-Write - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - TLS Key Pair: G,E - TLS Premaster Secret: G,E - TLS Master Secret: G,E - TLS Session Encryption Key: G,E - TLS Session Authentication Key: G,E PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 26

Name Description Indicator Inputs Outputs Security SSP Access Functions Read-Only - Operator Passwords: W - Diffie-Hellman (DH) Key Pair: G,E - Diffie-Hellman Shared Secret: G,E - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: G,E - EC DiffieHellman Shared Secret: G,E - TLS Key Pair: G,E - TLS Premaster Secret: G,E - TLS Master Secret: G,E - TLS Session Encryption Key: G,E - TLS Session Authentication Key: G,E Configure Configure Global ("FIPS Command Command SNMPv3 Admin SNMPv3 SNMPv3 security Compliant and response/ Encrypt/Decrypt - SNMP Privacy profile, Mode") in parameters status SNMP Message Key: G,E authentication, combination Authentication 1 - SNMP privacy, etc. with successful SNMP Message Authentication settings completion of Authentication 2 Key: G,E service SNMP Message - SNMPv3 Authentication 3 Passwords SNMP Key (Privacy and Derivation Auth): W SNMPv3 traps Provide system Global ("FIPS Command Command None Admin condition Compliant response/ - SNMPv3 information Mode") in status Passwords combination (Privacy and with successful Auth): W completion of Read-Write service - SNMPv3 Passwords PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 27

Name Description Indicator Inputs Outputs Security SSP Access Functions (Privacy and Auth): W Export Backup Save device and Global ("FIPS Command Command Config File Admin of services Compliant response/ Encrypt/Decrypt - Operator Configuration configuration into Mode") in status Password Passwords: R file over file combination Obfuscation - PeerHTTPS/SFTP with successful Authentication completion of Pre-Shared service Secret: R - SNMPv3 Passwords (Privacy and Auth): R Restore Restore device Global ("FIPS Command Command Config File Admin Configuration and services Compliant response/ Encrypt/Decrypt - Operator file over configuration into Mode") in status Password Passwords: W HTTPS/SFTP file combination Obfuscation - Peerwith successful Authentication completion of Pre-Shared service Secret: W - SNMPv3 Passwords (Privacy and Auth): W View Network View the structure N/A Command Command None Admin Topology of a network response/ Crypto status Read-Write Read-Only Random Random Number Global ("FIPS Command Command Entropy Source Admin Number Generation Compliant response/ DRBG - SP 800-90A Generation Mode") in status CTR_DRBG combination Entropy Input: E with successful - SP 800-90A completion of CTR_DRBG service Seed: E - SP 800-90A CTR_DRBG key value: E - SP 800-90A CTR_DRBG V value: E Crypto - SP 800-90A CTR_DRBG Entropy Input: E PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 28

Name Description Indicator Inputs Outputs Security SSP Access Functions - SP 800-90A CTR_DRBG Seed: E - SP 800-90A CTR_DRBG key value: E - SP 800-90A CTR_DRBG V value: E Read-Write - SP 800-90A CTR_DRBG Entropy Input: E - SP 800-90A CTR_DRBG Seed: E - SP 800-90A CTR_DRBG key value: E - SP 800-90A CTR_DRBG V value: E Read-Only - SP 800-90A CTR_DRBG Entropy Input: E - SP 800-90A CTR_DRBG Seed: E - SP 800-90A CTR_DRBG key value: E - SP 800-90A CTR_DRBG V value: E Perform Self- Run self-tests N/A Command Command Verify Firmware Admin Tests On- response/ Integrity Read-Write Demand status Factory Reset See Section 9.3 Status Command Command None Admin response/ - Operator status Passwords: Z - EC DH Key Pair for DEK: Z - ECC CDH primitive for DEK: Z PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 29

Name Description Indicator Inputs Outputs Security SSP Access Functions - Data Encryption Key (DEK): Z - PeerAuthentication Pre-Shared Secret: Z - Diffie-Hellman (DH) Key Pair: Z - Diffie-Hellman Shared Secret: Z - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: Z - EC DiffieHellman Shared Secret: Z - SNMP Privacy Key: Z - SNMP Authentication Key: Z - SNMPv3 Passwords (Privacy and Auth): Z - TLS Key Pair: Z - TLS Premaster Secret: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - TLS Session Authentication Key: Z - SSH/SFTP Host Key Pair: Z - SSH/SFTP Session Encryption Key: Z - SSH/SFTP PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 30

Name Description Indicator Inputs Outputs Security SSP Access Functions Session Authentication key: Z - Firmware Update Key: Z - SP 800-90A CTR_DRBG Seed: Z - SP 800-90A CTR_DRBG Entropy Input: Z - SP 800-90A CTR_DRBG key value: Z - SP 800-90A CTR_DRBG V value: Z Read-Write - Operator Passwords: Z - EC DH Key Pair for DEK: Z - ECC CDH primitive for DEK: Z - Data Encryption Key (DEK): Z - PeerAuthentication Pre-Shared Secret: Z - Diffie-Hellman (DH) Key Pair: Z - Diffie-Hellman Shared Secret: Z - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: Z - EC DiffieHellman Shared Secret: Z - SNMP Privacy Key: Z PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 31

Name Description Indicator Inputs Outputs Security SSP Access Functions - SNMP Authentication Key: Z - SNMPv3 Passwords (Privacy and Auth): Z - TLS Key Pair: Z - TLS Premaster Secret: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - TLS Session Authentication Key: Z - SSH/SFTP Host Key Pair: Z - SSH/SFTP Session Encryption Key: Z - SSH/SFTP Session Authentication key: Z - Firmware Update Key: Z - SP 800-90A CTR_DRBG Seed: Z - SP 800-90A CTR_DRBG Entropy Input: Z - SP 800-90A CTR_DRBG key value: Z - SP 800-90A CTR_DRBG V value: Z Zeroization See Section 9.3 Status Command Command None Admin (Zeroization) response/ - Operator status Passwords: Z - EC DH Key Pair PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 32

Name Description Indicator Inputs Outputs Security SSP Access Functions for DEK: Z - ECC CDH primitive for DEK: Z - Data Encryption Key (DEK): Z - PeerAuthentication Pre-Shared Secret: Z - Diffie-Hellman (DH) Key Pair: Z - Diffie-Hellman Shared Secret: Z - Elliptic Curve Diffie-Hellman (ECDH) Key Pair: Z - EC DiffieHellman Shared Secret: Z - SNMP Privacy Key: Z - SNMP Authentication Key: Z - SNMPv3 Passwords (Privacy and Auth): Z - TLS Key Pair: Z - TLS Premaster Secret: Z - TLS Master Secret: Z - TLS Session Encryption Key: Z - TLS Session Authentication Key: Z - SSH/SFTP Host Key Pair: Z - SSH/SFTP PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 33

Name Description Indicator Inputs Outputs Security SSP Access Functions Session Encryption Key: Z - SSH/SFTP Session Authentication key: Z - Firmware Update Key: Z - SP 800-90A CTR_DRBG Seed: Z - SP 800-90A CTR_DRBG Entropy Input: Z - SP 800-90A CTR_DRBG key value: Z - SP 800-90A CTR_DRBG V value: Z Firmware Upload and Global ("FIPS Command Command Verify Firmware Admin Update deploy firmware Compliant response/ Load - Firmware Mode") in status Update Key: G,E combination Read-Write with successful - Firmware completion of Update Key: G,E service Table 12: Approved Services

4.4 Non-Approved Services

The module does not support any Non-Approved Services. N/A for this module.

4.5 External Software/Firmware Loaded

The version signature is verified by HMAC-SHA-384. Any firmware loaded into this module that is not shown on the module certificate, is out of the scope of this validation and requires a separate FIPS 140-3 validation.

4.6 Bypass Actions and Status

The Bypass capability is the ability of a service to partially or wholly circumvent a cryptographic function or process. The following two independent internal actions are required to activate the bypass capability, to prevent the inadvertent bypass of plaintext data due to a single error: 1. The admin shuts down the interface. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 34

2. Then switches the interface to non-encrypted mode. *Both actions are accompanied by a service impact warning The module shows status to indicate that the bypass capability is alternately activated and deactivated, and that the module is providing some services with cryptographic processing and some services without cryptographic processing, as follows: If the bypass service indicator is “Bypass is in effect”, it means that at least one active service is not encrypted. If the bypass service indicator is “Bypass in not in effect”, it means that all active services are encrypted.

4.7 Cryptographic Output Actions and Status

The Self-initiated cryptographic output capability is the ability of the module to perform cryptographic operations and other approved security functions or SSP management techniques without external operator request. The following two independent internal actions are required to activate the self-Initiated cryptographic output capability to prevent the inadvertent output due to a single error:

  1. The admin selects the service type and turns on the interface.
  2. The admin confirms the changes. The module shows status to indicate whether the self-Initiated cryptographic output capability is activated through the Admin Status of the respective channel. If the self-Initiated cryptographic output service indicator is “Up” for a respective channel, it means that the capability is activated. If the self-Initiated cryptographic output service indicator is “Down” for a respective channel, it means that the capability is not activated. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.
Page 35
5 Software/Firmware Security
5.1 Integrity Techniques

The firmware is delivered as an executable file and the module implements a HMAC-SHA2-384 keyed hash firmware integrity test.

5.2 Initiate on Demand

The Firmware Integrity Test can be invoked by rebooting the module. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 36
6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Limited PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 37
7 Physical Security
7.1 Mechanisms and Actions Required

The table below details the Physical Security Mechanisms supported by the module. Mechanism Inspection Inspection Guidance Frequency Tamper- Minimum of The CO shall inspect the enclosure and tamper-evident seals for physical signs of evident Seals every 30 days. tampering or attempted access to the cryptographic module. The physical security of the module is intact if there is no evidence of tampering with the tamper-evident seals. Table 13: Mechanisms and Actions Required The module has a multi-chip standalone embodiment and is made of commercially available, production grade components meeting commercial specifications for power, temperature, reliability, shock and vibration. All production-grade components include standard passivation techniques, in the form of a coating applied over the module’s circuitry to protect against environmental and other physical damage. The production grade metal enclosure is opaque to the visible spectrum, and all openings are designed in such a way to obscure visual access to the security relevant innards of the module.

7.2 User Placed Tamper Seals

Number: The PL-4000M is sealed with 4-5 tamper-evident seals, and the PL-4000T is sealed with 4-7 tamper-evident seals. Placement: The locations of the tamper-evident seals are indicated by the red rectangles in Figures 6 and 7. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 38

Figure 6: PL-40000M (Front, Rear, Left, Right, Bottom) PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 39

Figure 7: PL-40000T (Front, Rear, Left, Right, Bottom) Surface Preparation: For optimum adhesion, surfaces must be cleaned with alcohol to remove surface contaminants before affixing the tamper-evident seals:

Page 40
8 Non-Invasive Security

Currently, the ISO/IEC 19790:2012 non-invasive security area is not required by FIPS 140-3 (see NIST SP 800-140F). The requirements of this area are not applicable to the module. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 41
9 Sensitive Security Parameters Management
9.1 Storage Areas

The table below lists Sensitive Security Parameters (SSPs) storage areas for the module. Section 9.4 below selects from the storage areas listed and specifies the appropriate parameter in the “Storage” column if applicable to a specific SSP. Storage Area Description Persistence Name Type DDR4 SDRAM Random memory access Dynamic QSPI FLASH Flash file system Static Table 14: Storage Areas

9.2 SSP Input-Output Methods

The table below lists SSP input and output methods for the module. Section 9.4 below selects from the input and output methods listed and specifies the appropriate parameter in the “Inputs/Outputs” column if applicable to a specific SSP. Name From Format To Distribution Entry SFI or Type Type Type Algorithm SSP Input 1 External QSPI FLASH Plaintext Manual Electronic SSP Input 2 External QSPI FLASH Encrypted Manual Electronic SSP Input 3 External DDR4 SDRAM Plaintext Automated Electronic SSP Output 1 QSPI FLASH External Encrypted Manual Electronic SSP Output 2 DDR4 SDRAM External Plaintext Automated Electronic Table 15: SSP Input-Output Methods

9.3 SSP Zeroization Methods

The table below lists SSP zeroization methods for this module. Section 9.4 below selects from the zeroization methods listed and specifies the appropriate parameter in the “Zeroization” column if applicable to a specific SSP. Zeroization Description Rationale Operator Initiation Method Session All session ephemeral keys are zeroized. Loss of By closing of HTTPS/SSH session. Termination contents Key Lifetime Data Plane ephemeral keys are zeroized. Loss of N/A contents Power Cycle All session ephemeral keys are zeroized. Loss of Power cycle contents Zeroization All SSPs are zeroized. System IP is restored Loss of Input zeroization command in Command to default. contents console. Factory Reset All SSPs are zeroized. System IP is kept. Loss of Input factory reset command in contents console. Table 16: SSP Zeroization Methods

9.4 SSPs

The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module: PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 42

Name Description Size - Type - Generated By Established Used By Strength Category By Operator Authentication Minimum of 8 Authentication Passwords for the Admin, bytes (64 bits) string - CSP Crypto, Read- and Write and Read- maximum of Only roles 20 bytes (160 bits) string value Minimum of 8 bytes (64 bits) and maximum of

20 bytes (160

bits) string value EC DH Key Pair Key pair used in P-384 - 192 Public/Private - KAS Key Pair KAS 1 for DEK NIST SP 800- bits CSP Generation 1 56Arev3 (Section 5.7.1.2) ECC CDH Primitive computation ECC CDH Shared Secret 384-bit string Key Material - KAS 1 KAS 1 primitive for (Z) value that - 192 bits CSP DEK will be used to derive the DEK Data Used for 256-bit - 256 Symmetric key KAS 1 Client Data Encryption Key encrypting or bits - CSP Encrypt/Decrypt (DEK) decrypting 1 payload data Client Data Encrypt/Decrypt Peer- Entered by 384-bit string Authentication Data Plane KEX Authentication Crypto. - 384 bits hex string - CSP Message Pre-Shared Parameter used Authentication Secret for PeerAuthentication during key exchange Diffie-Hellman Negotiating Public: 2048- Public/Private - KAS Key Pair KAS 3 (DH) Key Pair TLS/HTTPS or bit, 3072-bit, CSP Generation 2 KAS 6 SSH/SFTP 4096-bit / sessions Private: 224bit, 256-bit, 325-bit - 112 PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 43

Name Description Size - Type - Generated By Established Used By Strength Category By bits, 128 bits,

152 bits

Diffie-Hellman Diffie-Hellman 2048-bit, Shared Secret - KAS 3 KAS 3 Shared Secret Shared Secret 3072-bit, CSP KAS 6 KAS 6 4096-bit - 112 bits, 128 bits,

152 bits

Elliptic Curve Negotiating P-256, P-384, Public/Private - KAS Key Pair KAS 2 Diffie-Hellman TLS/HTTPS or P-521 - 128 CSP Generation 1 KAS 4 (ECDH) Key Pair SSH/SFTP bits, 192 bits, KAS 5 sessions 256 bits EC Diffie- EC Diffie- P-256, P-384, Shared Secret - KAS 2 KAS 2 Hellman Hellman Shared P-521 - 128 CSP KAS 4 KAS 4 Shared Secret Secret bits, 192 bits, KAS 5 KAS 5

256 bits

SNMP Privacy Encryption / 128-bit, 192- Symmetric key SNMP Key SNMPv3 Key Decryption of bit, 256-bit - - CSP Derivation Encrypt/Decrypt SNMP traffic 128 bits, 192 bits, 256 bits SNMP Message HMAC-SHA2- Symmetric key SNMP Key SNMP Message Authentication authentication 256, HMAC- - CSP Derivation Authentication 1 Key and verification SHA2-384, SNMP Message in SNMP HMAC-SHA2- Authentication 2

512 - 256 bits, SNMP Message

384 bits, 512 Authentication 3

bits SNMPv3 SNMPv3 Minimum of 8 Authentication SNMP Key Passwords Passwords bytes (64 bits) string - CSP Derivation (Privacy and and Auth) maximum of

20 bytes (160

bits) string value Minimum of 8 bytes (64 bits) and maximum of

20 bytes (160

bits) string value TLS Key Pair Key Pair used for P-384 - 192 Public/Private - TLS Key TLS Digital TLS bits CSP Pair/Certificate Signature authentication Generation Generation TLS Digital PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 44

Name Description Size - Type - Generated By Established Used By Strength Category By Signature Verification TLS Premaster Establish the TLS 384-bit string Key material - KAS 4 TLS Key Secret Master Secret - 192 bits CSP KAS 5 Derivation KAS 6 TLS Master Establish the TLS 384-bit string Key material - TLS Key TLS Key Secret Session Keys - 192 bits CSP Derivation Derivation TLS Session Used for 128-bit, 256- Symmetric Key TLS Key TLS Encryption Key encrypting/ bit - 128 bits, - CSP Derivation Encrypt/Decrypt decrypting TLS 256 bits messages TLS Session Used for HMAC SHA2- Symmetric Key TLS Key TLS Message Authentication authenticating 256, HMAC - CSP Derivation Authentication 1 Key TLS messages SHA2-384 - TLS Message

256 bits, 384 Authentication 2

bits SSH/SFTP Host Key Pair used for 2048-bit - 112 Public/Private - SSH Key Pair Key Pair SSH/SFTP bits CSP Generation authentication SSH/SFTP Used for 128-bit, 192- Symmetric Key SSH Key SSH Session Encrypting bit, 256-bit - - CSP Derivation Encrypt/Decrypt Encryption Key SSH/SFTP 128 bits, 192 1 messages bits, 256 bits SSH Encrypt/Decrypt SSH/SFTP Data HMAC SHA2- Symmetric Key SSH Key SSH Message Session authentication 256, HMAC - CSP Derivation Authentication 1 Authentication for SSH/SFTP SHA2-512 - SSH Message key sessions 256 bits, 512 Authentication 2 bits Firmware Firmware HMAC SHA2- Symmetric Key Factory Verify Firmware Update Key Update Key 384 - 384 bits - CSP Load SP 800-90A Seeding material 384-bit value Key material - Entropy Source DRBG CTR_DRBG for the SP800- - 384-bit CSP Seed 90A CTR_DRBG value SP 800-90A Entropy Input 384-bit value Key material - Entropy Source DRBG CTR_DRBG for the SP800- - 384-bit CSP Entropy Input 90A CTR_DRBG value SP 800-90A Used for the SP Internal state Internal state DRBG DRBG CTR_DRBG key 800-90A value - value - CSP value CTR_DRBG Internal state value SP 800-90A Used for the SP Internal state Internal state DRBG DRBG CTR_DRBG V 800-90A value - value - CSP value CTR_DRBG PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 45

Name Description Size - Type - Generated By Established Used By Strength Category By Internal state value Table 17: SSP Table 1 Name Input - Storage Storage Zeroization Related SSPs Output Duration Operator Passwords SSP QSPI Zeroization Input 1 FLASH:Obfuscated Command SSP Factory Reset Input 2 SSP Output 1 EC DH Key Pair for DEK SSP DDR4 Key Lifetime ECC CDH primitive for Input 3 SDRAM:Plaintext Power Cycle DEK:Derives SSP Output 2 ECC CDH primitive for DDR4 Key Lifetime EC DH Key Pair for DEK SDRAM:Plaintext Power Cycle DEK:Derived From Data Encryption Key DDR4 Key Lifetime ECC CDH primitive for (DEK) SDRAM:Plaintext Power Cycle DEK:Derived From Peer-Authentication Pre- SSP QSPI Zeroization Shared Secret Input 1 FLASH:Encrypted Command SSP Factory Reset Input 2 SSP Output 1 Diffie-Hellman (DH) Key SSP DDR4 Session Diffie-Hellman Shared Pair Input 3 SDRAM:Plaintext Termination Secret:Derives SSP Power Cycle Output 2 Diffie-Hellman Shared DDR4 Session Diffie-Hellman (DH) Key Secret SDRAM:Plaintext Termination Pair:Derived From Power Cycle Elliptic Curve Diffie- SSP DDR4 Session EC Diffie-Hellman Shared Hellman (ECDH) Key Pair Input 3 SDRAM:Plaintext Termination Secret:Derives SSP Power Cycle Output 2 EC Diffie-Hellman Shared DDR4 Session Elliptic Curve Diffie-Hellman Secret SDRAM:Plaintext Termination (ECDH) Key Pair:Derived From Power Cycle SNMP Privacy Key DDR4 Power Cycle SNMPv3 Passwords (Privacy SDRAM:Plaintext and Auth):Derived From SNMP Authentication DDR4 Power Cycle SNMPv3 Passwords (Privacy Key SDRAM:Plaintext and Auth):Derived From PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 46

Name Input - Storage Storage Zeroization Related SSPs Output Duration SNMPv3 Passwords SSP QSPI Zeroization SNMP Privacy Key:Derives (Privacy and Auth) Input 1 FLASH:Encrypted Command SNMP Authentication SSP Factory Reset Key:Derives Input 2 SSP Output 1 TLS Key Pair QSPI Zeroization FLASH:Encrypted Command Factory Reset TLS Premaster Secret DDR4 Session TLS Master Secret:Derives SDRAM:Plaintext Termination Power Cycle TLS Master Secret DDR4 Session TLS Premaster Secret:Derived SDRAM:Plaintext Termination From Power Cycle TLS Session Encryption Key:Derives TLS Session Authentication Key:Derives TLS Session Encryption DDR4 Session TLS Master Secret:Derived Key SDRAM:Plaintext Termination From Power Cycle TLS Session DDR4 Session TLS Master Secret:Derived Authentication Key SDRAM:Plaintext Termination From Power Cycle SSH/SFTP Host Key Pair QSPI Zeroization FLASH:Encrypted Command Factory Reset SSH/SFTP Session DDR4 Session Encryption Key SDRAM:Plaintext Termination Power Cycle SSH/SFTP Session DDR4 Session Authentication key SDRAM:Plaintext Termination Power Cycle Firmware Update Key QSPI N/A FLASH:Encrypted SP 800-90A CTR_DRBG DDR4 Power Cycle SP 800-90A CTR_DRBG Seed SDRAM:Plaintext Entropy Input:Derived From SP 800-90A CTR_DRBG DDR4 Power Cycle Entropy Input SDRAM:Plaintext SP 800-90A CTR_DRBG DDR4 Power Cycle SP 800-90A CTR_DRBG key value SDRAM:Plaintext Seed:Derived From SP 800-90A CTR_DRBG V DDR4 Power Cycle SP 800-90A CTR_DRBG value SDRAM:Plaintext Seed:Derived From Table 18: SSP Table 2 PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 47
10 Self-Tests

This section specifies the pre-operational and conditional self-tests performed by the module. The pre-operational and conditional selftests ensure that the module is not corrupted and that the cryptographic algorithms work as expected.

10.1 Pre-Operational Self-Tests

Pre-operational Self-Tests are run upon the power up/initialization of the module. The module transitions to the operational state only after the pre-operational self-tests (and the cryptographic algorithm self-tests (CASTs)) are passed successfully. The design of the modules ensures that all data output, via the data output interface, is inhibited whenever the module is in a pre-operational self-test condition. The Pre-Operational Self-Tests are detailed in the table below. Algorithm or Test Test Test Type Indicator Details Test Properties Method HMAC-SHA2-384 384-bit Integrity SW/FW Status Keyed message authentication code-based (A4261) Test Integrity firmware integrity verification SHA2-384 384-bit Bypass Bypass Status Ensures the correct operation of the logic (A4261) Test governing activation of the bypass capability. Table 19: Pre-Operational Self-Tests

10.2 Conditional Self-Tests

Conditional Self-Tests are run when an applicable security function or process is invoked. The Conditional Self-Tests are detailed in the table below. Algorithm or Test Test Properties Test Test Indicator Details Conditions Method Type AES-CTR (A4136) 256-bit KATs CAST Status Separate Encrypt and Power Up Decrypt AES-GMAC (A4136) 256-bit KATs CAST Status Separate Encrypt and Power Up Decrypt AES-ECB (A2709) 256-bit KATs CAST Status Separate Encrypt and Power Up Decrypt AES-GCM (A2709) 256-bit KATs CAST Status Separate Encrypt and Power Up Decrypt AES-ECB (A4261) 128-bit KATs CAST Status Separate Encrypt and Power Up Decrypt AES-GCM (A4261) 256-bit KATs CAST Status Separate Encrypt and Power Up Decrypt Counter DRBG 128-bit KAT CAST Status SP 800-90 A Section Power Up (A4261) 11.3 ECDSA KeyGen P-384, SHA2-384 PCT PCT Status - Key Pair (FIPS186-5) (A4261) Generation ECDSA SigGen P-384, SHA2-384 KAT CAST Status Sign Power Up (FIPS186-5) (A4261) ECDSA SigVer P-384, SHA2-384 KAT CAST Status Verify Power Up (FIPS186-5) (A4261) HMAC-SHA2-384 384-bit KAT CAST Status - Power Up (A4261) PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 48

Algorithm or Test Test Properties Test Test Indicator Details Conditions Method Type KAS-ECC-SSC P-256 KAT CAST Status Ephemeral Unified Power Up Sp800-56Ar3 Shared Secret (Z) (A4261) Computation KAS-FFC-SSC Sp800- 2048-bit KAT CAST Status Ephemeral Unified Power Up 56Ar3 (A4261) Shared Secret (Z) Computation KDA OneStep SHA2-384 KAT CAST Status - Power Up SP800-56Cr2 (A4261) KDF SNMP (A4261) - KAT CAST Status - Power Up KDF SSH (A4261) SHA2-256 KAT CAST Status - Power Up RSA KeyGen 2048-bit PCT PCT Status - Key Pair (FIPS186-5) (A4261) Generation Safe Primes Key MODP-2048, MODP- PCT PCT Status - Key Pair Generation (A4261) 3072, MODP-4096, Generation ffdhe2048, ffdhe3072 SHA2-256 (A4261) 256-bit KAT CAST Status - Power Up SHA2-512 (A4261) 512-bit KAT CAST Status - Power Up TLS v1.2 KDF SHA2-256 KAT CAST Status - Power Up RFC7627 (A4261) TLS v1.3 KDF SHA2-256 KAT CAST Status - Power Up (A4261) Firmware Load Test HMAC-SHA2-384 - SW/FW Status - Firmware (HMAC-SHA2-384 Load Loading (A4261) SHA2-384 (A4261) 384-bit - Bypass Status - Bypass modification Adaptive - FD CAST Status SP 800-90B Section 4 Continuous Proportion Test (APT) Repetition Count - FD CAST Status SP 800-90B Section 4 Continuous Test (RCT) Table 20: Conditional Self-Tests

10.3 Periodic Self-Test Information

Pre-operational self-tests can be run on-demand, for periodic testing, by rebooting the module. Algorithm or Test Test Method Test Type Period Periodic Method HMAC-SHA2-384 Integrity Test SW/FW Integrity On Demand Power Cycle (A4261) SHA2-384 (A4261) Bypass Test Bypass On Demand Power Cycle Table 21: Pre-Operational Periodic Information PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 49

Algorithm or Test Test Method Test Type Period Periodic Method AES-CTR (A4136) KATs CAST On Demand Power Cycle AES-GMAC (A4136) KATs CAST On Demand Power Cycle AES-ECB (A2709) KATs CAST On Demand Power Cycle AES-GCM (A2709) KATs CAST On Demand Power Cycle AES-ECB (A4261) KATs CAST On Demand Power Cycle AES-GCM (A4261) KATs CAST On Demand Power Cycle Counter DRBG KAT CAST On Demand Power Cycle (A4261) ECDSA KeyGen PCT PCT On Demand Power Cycle (FIPS186-5) (A4261) ECDSA SigGen KAT CAST On Demand Power Cycle (FIPS186-5) (A4261) ECDSA SigVer KAT CAST On Demand Power Cycle (FIPS186-5) (A4261) HMAC-SHA2-384 KAT CAST On Demand Power Cycle (A4261) KAS-ECC-SSC Sp800- KAT CAST On Demand Power Cycle 56Ar3 (A4261) KAS-FFC-SSC Sp800- KAT CAST On Demand Power Cycle 56Ar3 (A4261) KDA OneStep SP800- KAT CAST On Demand Power Cycle 56Cr2 (A4261) KDF SNMP (A4261) KAT CAST On Demand Power Cycle KDF SSH (A4261) KAT CAST On Demand Power Cycle RSA KeyGen (FIPS186- PCT PCT On Demand Power Cycle 5) (A4261) Safe Primes Key PCT PCT On Demand Power Cycle Generation (A4261) SHA2-256 (A4261) KAT CAST On Demand Power Cycle SHA2-512 (A4261) KAT CAST On Demand Power Cycle TLS v1.2 KDF RFC7627 KAT CAST On Demand Power Cycle (A4261) TLS v1.3 KDF (A4261) KAT CAST On Demand Power Cycle Firmware Load Test - SW/FW Load On Demand Provided Service (HMAC-SHA2-384 (A4261) SHA2-384 (A4261) - Bypass On Demand Provided Service Adaptive Proportion FD CAST On Demand & Power Cycle Test (APT) Continuous Repetition Count Test FD CAST On Demand & Power Cycle (RCT) Continuous Table 22: Conditional Periodic Information PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 50
10.4 Error States

If any of the Pre-operational Self-Tests or Cryptographic Algorithm Self-Tests fail, the module will output an error status and enter a critical error state, where all data output is inhibited. Upon entering a critical error state, an operator can attempt to clear the critical error state by rebooting the module. If the critical error state cannot be cleared, the module must be returned to the manufacturer. The action taken upon failure of a conditional self-test is context dependent. The table below shows the different causes that lead to the Error States and the status indicators reported. Name Description Conditions Recovery Method Indicator Critical Error - Pre-Operational, A4261 CAST, Attempt reboot, if reboot does not "...Self-Test A4136 CAST or 4261 PCT fails clear error return to manufacturer. FAILED" Data Plane - A2709 CAST or Conditional Attempt reboot, if reboot does not "...Self-Test Critical Error Bypass self-test fails clear error return to manufacturer. FAILED" Soft Error - RCT or APT self-test fails Module returns to operational state "...Self-Test once error is logged. FAILED" Table 23: Error States PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 51
11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The secure delivery of the modules is guaranteed by the trusted courier (DHL). Upon receipt of the module, the Crypto-Officer is responsible for verifying the packaging information slip and checking the delivery packaging for any irregularities (such as openings or tears). If the Crypto-Officer suspects any tampering, they should immediately contact PacketLight Networks Ltd. If the Crypto-Officer does not suspect tampering upon delivery of the module, they shall follow the steps defined in the Installation section of the PacketLight PL4000M/PL-4000T Security Guides (shipped with the cryptographic module). The operator shall set up the device as defined in the PacketLight PL-4000M/PL-4000T Security Guides

11.2 Administrator Guidance

The following steps are required to enable the secure operation of the Module:

Page 52
11.3 Non-Administrator Guidance

PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.

Page 53
12 Mitigation of Other Attacks

The module does not claim mitigation of other attacks. PacketLight Networks Ltd. 2025 This document may be reproduced and distributed only in its original entirety without revision.