Support  | Contact Us

Product Standards, Compliance, & Certifications

Learn More

Common Criteria Certification

The Common Criteria (CC) consists of cybersecurity requirements that address encryption, auditing, security updates, and other related topics. The Network Device Collaborative Protection Profile (NDcPP) is a compilation of CC requirements specifically designed for network devices. Conformance with the NDcPP is verified through independent testing conducted at NIAP-accredited laboratories.

The TSF is currently under evaluation for compliance with NDcPP – see https://www.niap-ccevs.org/ products, group Products in Evaluation, VID 11518.

Trusted Security Foundation® (TSF®) Key & Policy Manager

QuintessenceLabs’ TSF 400 key and policy manager generates, imports, and manages cryptographic keys for network-attached clients. Embedded within the TSF is an Entrust nShield XC FIPS 140-3 Level 3 validated Hardware Security Module (HSM). The HSM serves as a root of trust ensuring the protection of sensitive data and facilitating cryptographic operations.

The HSM Provides FIPS 140 Approved Protection

Use of the integrated HSM is conformant with the FIPS 140-3 Security Policy for the HSM.

Protection of Managed Key Material

Client keys can be either generated on the TSF, utilizing the NIST SP 800-90B entropy source, or imported into the TSF over a secure channel.

In both scenarios, the keys are securely wrapped within the HSM using a wrapping key that is generated within the HSM.

TLS Handshake

TLS provides secure channels for client-server, server-server, and admin-server communications. Server-side TLS private keys are generated, stored, and used within the HSM.

TLS cryptographic handshake operations are performed inside the HSM.

Internal Public Key Infrastructure

The TSF includes an embedded Public Key Infrastructure (PKI) service. The local private Certificate Authority (CA) key is generated within the HSM. All operations performed using the private key are
performed within the HSM. This includes the creation of PKI credentials on behalf of external users, the creation of PKI credentials for internal use, and certificate signing operations performed within
the HSM.

Use of the integrated HSM is conformant with the FIPS 140-3 Security Policy for the HSM.

 

NIST SP
800-57

The Trusted Security Foundation Key & Policy Management application is 100% compliant with NIST Special Publication 800-57, where applicable.

Key Management | CSRC (nist.gov) - NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.

Commercial Solutions for Classified (CSfC)

The Commercial Solutions for Classified (CSfC) program is a key component of NSA’s commercial cybersecurity strategy aimed at providing secure cybersecurity solutions leveraging commercial technologies and products. Established to enable the use of commercial products in layered solutions, NSA’s CSfC Program protects classified National Security Systems (NSS) data.

The TSF 400 has been authorized by NSA for the Symmetric Key Management (KM) Requirements Annex. This authorization allows for the use of Symmetric Pre-Shared Keys to deliver quantum-resistant cryptographic protection for classified information within properly configured, maintained, and monitored CSfC solutions.

The annex incorporates Key Generation Server (KGS) product selection criteria that must be met, in addition to NIST/NIAP certifications for KGS approved for use in CSfC solutions.

The TSF 400 has successfully met the Key Generation Server (KGS) product selection criteria as attested by NSA and has also achieved NIST SP-800B Entropy Source Certification.

VMware by Broadcom Certification

The Trusted Security Foundation® Key & Policy Management application is a VMware by Broadcom Certified Key Management Server (KMS).

KMS Compatibility Guide (https://compatibilityguide.broadcom.com/ ) This document lists Key Management Servers, also referred to as KMS, developed and released by security and cloud vendors for encryption in virtualized environments.

The KMS listed have passed VMware’s KMS Certification tests, which allows these certified KMS to provide a measure of reliability and stability of the end solution in customer deployments. All the tests contained in the KMS Certification plugin are meant to verify that the vendor’s KMIP-compliant KMS works with the vSphere VM Encryption feature.

VMware by Broadcom is also an OEM partner of QuintessenceLabs, licensing the qClient KMIP Client for the vSphere VM Encryption feature.

qStreamTM Quantum Random Number Generator (QRNG)

NIST SP 800-90B CERTIFIED

Entropy Certificate #E145 – Cryptographic Module Validation Program | CSRC

Leidos performed an independent lab evaluation of qStream™ for compliance with NIST SP 800-90A and SP 800-90B. Part of that work included validation of correctness of cryptographic algorithm implementation against the NIST CAVP.

Cryptographic Algorithm Validation Program | CSRC (nist.gov)

qStream2-1

Dieharder Test

qStream™ QRNG is a Leidos validated True Random Number Generator, making use of the Dieharder Tests, which include not only the dieharder tests but other tests from the NIST statistical test suite and others.

Dieharder Tests are a battery of statistical tests for measuring the quality of a random number generator. They include Birthday spacings test, Overlapping 5-permutation test, Binary rank matrices test, Bitstream test, OPSO, OQSO & DNA test, Count-the-1’s test, Parking lot test, Minimum distance test, 3D spheres test, Squeeze test, Overlapping sums test, Runs test, Craps test.

Learn More
Dieharder Test
It Starts Now

Your Quantum Transformation Is Waiting