Certificate 1708 - nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
intCertNum 1708
strVendorName Thales e-Security Inc.
strURL http://www.thales-esecurity.com
strAddress1 900 South Pine Island Road
strAddress2 Suite 710
strAddress3
strCity Plantation
strStateProv FL
strPostalCode 33324
strCountry 33324
strContact sales@thalesesec.com
strEmail sales@thalesesec.com
strPhone 888-744-4976
strFax
strContact2
strEmail2
strFax2
strPhone2
intCertNum 1708
strModuleName nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
strPartNumber Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N;
Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3
memModuleNotes When operated in FIPS mode and initialized to Overall Level 3 per Security Policy
str140Version 140-2
_sp_ Security Policy   [pdf][html][txt]
_cert_ Certificate   [pdf]
strPURL http://www.thales-esecurity.com/Products/Hardware Security Modules/nShield Solo.aspx
strModuleType Hardware
strValidationDate 04/27/2012;03/08/2013;08/16/2013;11/16/2015
intOverallLevel 3
memIndividualLevelNotes -Physical Security: Level 3 + EFP
strFIPSAlgorithms AES (Cert. #1579);
Triple-DES (Certs. #132 and #1035);
HMAC (Cert. #925);
Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed);
SHS (Cert. #1398);
DSA (Cert. #487);
ECDSA (Cert. #192);
RSA (Cert. #770 and #1092);
DRBG (Cert. #72);
CVL (Cert. #1)
strOtherAlgorithms ARC4;
Aria;
Camellia;
CAST-6;
DES;
MD5;
SEED;
HMAC-MD5;
HMAC-Tiger;
HMAC-RIPEMD160;
RIPEMD-160;
Tiger;
El-Gamal;
KCDSA;
HAS-160;
AES (Cert. #1579, key wrapping;
key establishment methodology provides between 128 and 256 bits of encryption strength);
Triple-DES (Cert. #1035, key wrapping;
key establishment methodology provides 112 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
RSA (key wrapping;
key establishment methodology provides between 112 and 256 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
Diffie-Hellman (CVL Cert. #1, key agreement: key establishment methodology provides between 112 and 256 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
EC Diffie-Hellman (CVL Cert. #1, key agreement: key establishment methodology provides between 112 and 256 bits of encryption strength;
non-compliant less than 112 bits of encryption strength);
ECMQV (key agreement: key establishment methodology provides between 112 and 256 bits of encryption strength;
non-compliant less than 112 bits of encryption strength)
strConfiguration Multi-chip embedded
memModuleDescription The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed.
intModuleCount 1
memAdditionalNotes 05/24/2012 - changed physical security level from 4 to 3+EFP
03/08/13: added FW 2.51.10-3, fixed HW version error from nC4133P-500 to nC4033P-500 and nC4133P-500N to nC4033P-500N, updated vendor address and updated security policy.
08/16/13: added RSA cert #1092 and updated security policy.
Added firmware versions 2.50.35-3 and 2.55.1-3 to remove a bug.
strFirstValidtionDate 04/27/12 00:00:00
strLabName CSC
strValidationYear 2012