Senetas Corp. Ltd. / SafeNet Inc.
Version 1.26
Page 3 of 44
CN1000/CN3000 Series Non-Proprietary Security Policy
1. Introduction
This is a non-proprietary FIPS 140-2 Security Policy for the Senetas Corporation Ltd. and SafeNet
Inc. CN1000/CN3000 Series Encryption modules. The CN1000/CN3000 Series comprises the
CN1000 1G Ethernet and the CN3000 10G Ethernet Encryptors (version 4.6.1). This Security Policy
specifies the security rules under which the CN1000/CN3000 Series modules operate to meet the
FIPS 140-2 Level 3 requirements.
FIPS 140-2 (Federal Information Processing Standards Publication 140-2), Security Requirements for
Cryptographic Modules, specifies the security requirements for a cryptographic module utilized within
a security system protecting sensitive but unclassified information. Based on four security levels for
cryptographic modules this standard identifies requirements in eleven sections. For more information
about the NIST/CSE Cryptographic Module Validation Program (CMVP) and the FIPS 140-2 standard,
visit www.nist.gov/cmvp .
This Security Policy, using the terminology contained in the FIPS 140-2 specification, describes how
the CN1000/CN3000 Series models comply with the eleven sections of the standard.
This Security Policy contains only non-proprietary information. Any other documentation associated
with FIPS 140-2 conformance testing and validation is proprietary and confidential to Senetas
Corporation Ltd. & SafeNet Inc. and is releasable only under appropriate non-disclosure agreements.
For more information describing the CN Series systems, visit http://www.senetas.com.
1.1
References
For more information on the FIPS 140-2 standard and validation program please refer to the National
Institute of Standards and Technology website at www.nist.gov/cmvp.
The following standards from NIST are all available via the URL: www.nist.gov/cmvp .
[1]
FIPS PUB 140-2: Security Requirements for Cryptographic Modules.
[2]
FIPS 140-2 Annex A: Approved Security Functions.
[3]
FIPS 140-2 Annex B: Approved Protection Profiles.
[4]
FIPS 140-2 Annex C: Approved Random Number Generators.
[5]
FIPS 140-2 Annex D: Approved Key Establishment.
[6]
Derived Test Requirements (DTR) for FIsPS PUB 140-2, Security Requirements for
Cryptographic Modules.
[7]
Advanced Encryption Standard (AES), Federal Information Processing Standards Publication
197.
[8]
Digital Signature Standard (DSS), Federal Information Processing Standards Publication
186-2.
[9]
Secure Hash Standard (SHS), Federal Information Processing Standards Publication 180-4.
[10]
ATM Security Specification (Version 1.1), af-sec-0100.002, The ATM Forum Technical
Committee, March, 2001.
[11]
Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key
Lengths, SP800-131A
[12]
Recommendation for Random Number Generation Using Deterministic Random Bit
Generators, SP800-90A
[13]
NIST Special Publication (SP) 800-56A Recommendation for Pair-Wise Key Establishment
Schemes Using Discrete Logarithm Cryptography, March 2013
[14]
Digital Signature Standard (DSS), Federal Information Processing Standards Publication
186-4.
[15]
Recommendation for the Entropy Sources Used for Random Bit Generation, SP800-90B.