Certificate 2210 - 3e-636M CyberFence Cryptographic Module
intCertNum 2210
strVendorName 3e Technologies International, Inc.
strURL http://www.ultra-3eti.com
strAddress1 9715 Key West Ave,
strAddress2 Suite 500
strAddress3
strCity Rockville
strStateProv MD
strPostalCode 20850
strCountry 20850
strContact Harinder Sood
strEmail Harinder.Sood@ultra-3eti.com
strPhone 301-944-1325
strFax 301-670-6779
strContact2
strEmail2
strFax2
strPhone2
intCertNum 2210
strModuleName 3e-636M CyberFence Cryptographic Module
strPartNumber Hardware Version: 1.0;
Firmware Version: 5.1
memModuleNotes When operated in FIPS mode
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL
strModuleType Hardware
strValidationDate 07/11/2014;03/29/2016;04/14/2016
intOverallLevel 2
memIndividualLevelNotes -Roles, Services, and Authentication: Level 3;-Design Assurance: Level 3;-Mitigation of Other Attacks: N/A;-Operational Environment: N/A
strFIPSAlgorithms AES (Certs. #2060, #2078 and #2105);
SHS (Certs. #1801 and #1807);
RSA (Certs. #1072 and #1278);
HMAC (Certs. #1253 and #1259);
ECDSA (Certs. #303 and #415);
DRBG (Cert. #822);
CVL (Certs. #22, #87 and #169)
strOtherAlgorithms MD5;
NDRNG;
RSA (key wrapping;
key establishment methodology provides between 112 and 150 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
AES (Cert. #2060, key wrapping;
key establishment methodology provides between 128 and 256 bits of encryption strength);
Diffie-Hellman (CVL Cert. #169, key agreement: key establishment methodology provides 112 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
EC Diffie-Hellman (CVL Cert. #87, key agreement: key establishment methodology provides between 128 and 256 bits of encryption strength)
strConfiguration Multi-Chip Embedded
memModuleDescription 3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions.
intModuleCount 1
memAdditionalNotes Removed RNG and added DRBG. Removed Triple-DES.
Replaced RNG with DRBG.
strFirstValidtionDate 07/11/14 00:00:00
strLabName CygnaCom
strValidationYear 2014