Federal Information Processing Standard (FIPS) 140-2
NIST, the National Institute of Standards and Technology, developed the 140-3 standard to define minimum security requirements for cryptographic modules like those found in SonicWall’s Next-Generation Firewalls and Remote Access products. A cryptographic module is defined as "the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary." (NIST SP 800-175B Rev. 1).
The Cryptographic Module Validation Program (CMVP), a joint effort between NIST and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules as part of the FIPS 140-3 certification process. FIPS certification or compliance is often required for companies with federal government agencies or providing products/services. NOTE: Although FIPS 140-3 supersedes 140-2, modules validated under the latter remain certified until sunset/expiration dates.
Status Options
- Validated: “Cryptographic modules that have been tested and validated under the Cryptographic Module Validation Program as meeting requirements for FIPS 140-1, FIPS 140-2, and FIPS 140-3.”
- Modules In Process:
- o Modules In Process (MIP) List: A laboratory has begun FIPS 140 testing. More information can be found here: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process
- o Implementation Under Test: Hardware to be tested and its documentation are at the testing laboratory; however, testing hasn’t begun. More information can be found here: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process
- Revoked: “The module validation is no longer valid and may not be referenced to demonstrate compliance to the 140 standards.”
- Historical: “Federal Agencies should not include these in new systems but can be procured for legacy systems. This does not mean that the overall FIPS-140 certificates for these modules have been revoked, rather it indicates that the certificates and the documentation posted with them are either more than 5 years old, or were moved to the Historical list because of programmatic transitions.”
Status by Product
|
Hardware |
Software |
Status |
Date |
Sunset Date |
|
Network Security Manager (NSM) |
2.3.0 |
Validated |
10/25/2023 |
9/21/2026 |
|
Capture Security Appliance (CSa) |
12.4.3 |
Validated |
08/14/2024 |
08/14/2026 |
|
Secure Mobile Access (SMA) 6210 |
12.4.1 |
Validated |
03/22/2023 |
9/21/2026 |
|
Secure Mobile Access (SMA) 7200 |
12.4.1 |
Validated |
03/22/2023 |
9/21/2026 |
|
Secure Mobile Access (SMA) 7210 |
12.4.1 |
Validated |
03/22/2023 |
9/21/2026 |
|
Secure Mobile Access (SMA) 8200v |
12.4.1 |
Validated |
03/22/2023 |
9/21/2026 |
|
Network Security Virtual Appliance (NSv) |
7.0 |
Validated |
07/08/2022 |
9/21/2026 |
|
Next-Generation Firewall TZ270/W |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall TZ370/W |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall TZ470/W |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall TZ670 |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall NSa2700 |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall NSa3700 |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall NSsp 14700 |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |
|
Next-Generation Firewall NSsp 15700 |
7.0 |
Validated |
02/22/2022 |
9/21/2026 |