Product Standards, Compliance, & Certifications
Common Criteria Certification
The Common Criteria (CC) consists of cybersecurity requirements that address encryption, auditing, security updates, and other related topics. The Network Device Collaborative Protection Profile (NDcPP) is a compilation of CC requirements specifically designed for network devices. Conformance with the NDcPP is verified through independent testing conducted at NIAP-accredited laboratories.
The TSF is currently under evaluation for compliance with NDcPP – see https://www.niap-ccevs.org/ products, group Products in Evaluation, VID 11518.
Trusted Security Foundation® (TSF®) Key & Policy Manager
QuintessenceLabs’ TSF 400 key and policy manager generates, imports, and manages cryptographic keys for network-attached clients. Embedded within the TSF is an Entrust nShield XC FIPS 140-3 Level 3 validated Hardware Security Module (HSM). The HSM serves as a root of trust ensuring the protection of sensitive data and facilitating cryptographic operations.
The HSM Provides FIPS 140 Approved Protection
Use of the integrated HSM is conformant with the FIPS 140-3 Security Policy for the HSM.
Protection of Managed Key Material
Client keys can be either generated on the TSF, utilizing the NIST SP 800-90B entropy source, or imported into the TSF over a secure channel.
In both scenarios, the keys are securely wrapped within the HSM using a wrapping key that is generated within the HSM.
TLS Handshake
TLS provides secure channels for client-server, server-server, and admin-server communications. Server-side TLS private keys are generated, stored, and used within the HSM.
TLS cryptographic handshake operations are performed inside the HSM.
Internal Public Key Infrastructure
The TSF includes an embedded Public Key Infrastructure (PKI) service. The local private Certificate Authority (CA) key is generated within the HSM. All operations performed using the private key are
performed within the HSM. This includes the creation of PKI credentials on behalf of external users, the creation of PKI credentials for internal use, and certificate signing operations performed within
the HSM.
Use of the integrated HSM is conformant with the FIPS 140-3 Security Policy for the HSM.
NIST SP
800-57
Commercial Solutions for Classified (CSfC)
VMware by Broadcom Certification
qStreamTM Quantum Random Number Generator (QRNG)
NIST SP 800-90B CERTIFIED
Entropy Certificate #E145 – Cryptographic Module Validation Program | CSRC
Leidos performed an independent lab evaluation of qStream™ for compliance with NIST SP 800-90A and SP 800-90B. Part of that work included validation of correctness of cryptographic algorithm implementation against the NIST CAVP.
Cryptographic Algorithm Validation Program | CSRC (nist.gov)

Dieharder Test
qStream™ QRNG is a Leidos validated True Random Number Generator, making use of the Dieharder Tests, which include not only the dieharder tests but other tests from the NIST statistical test suite and others.
Dieharder Tests are a battery of statistical tests for measuring the quality of a random number generator. They include Birthday spacings test, Overlapping 5-permutation test, Binary rank matrices test, Bitstream test, OPSO, OQSO & DNA test, Count-the-1’s test, Parking lot test, Minimum distance test, 3D spheres test, Squeeze test, Overlapping sums test, Runs test, Craps test.
