Product Standards, Compliance, & Certifications
Trusted Security Foundation® (TSF®) Key & Policy Manager
QuintessenceLabs’ TSF 400 key and policy manager generates, imports, and manages cryptographic keys for network attached clients. Embedded within the TSF is an Entrust nShield XC FIPS 140-2 Level 3 validated Hardware Security Module (HSM). The HSM is used as a root of trust for protection of sensitive data and cryptographic operations.
The HSM Provides FIPS 140 Approved Protection
Use of the integrated HSM is conformant with the FIPS 140-2 Security Policy for the HSM.
Protection of Managed Key Material
Client keys can be generated on the TSF using the NIST SP800-90B entropy source, or imported into the TSF over a secure channel. In both cases the keys are wrapped within the HSM using a wrapping key that is generated within the HSM.
TLS Handshake
TLS provides secure channels for client-server, server-server, and admin-server communications. Server-side TLS private keys are generated, stored, and used within the HSM. TLS cryptographic handshake operations are performed inside the HSM.
Internal Public Key Infrastructure
The TSF includes an embedded Public Key Infrastructure (PKI) service. The local private CA key is generated within the HSM. All operations performed using the private key are performed within the HSM. Creation of PKI credentials for internal use, and certificate signing operations are performed within the HSM.
Use of the integrated HSM is conformant with the FIPS 140-2 Security Policy for the HSM.
NIST SP
800-57
The Trusted Security Foundation® Key & Policy Management application is 100% compliant with NIST Special Publication 800-57 Part 1.
Key Management | CSRC (nist.gov) - NIST Special Publication 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Finally, Part 3 provides guidance when using the cryptographic features of current systems.
VMware Certification
The Trusted Security Foundation® Key & Policy Management application is a VMware Certified Key Management Server (KMS).
VI KMS Guide | (vmware.com) - The below-linked document lists Key Management Servers, also referred to as KMS, developed and released by security and cloud vendors for encryption in virtualized environments. The KMS listed have passed VMware’s KMS Certification tests, which allows these certified KMS to provide a measure of reliability and stability of the end solution in customer deployments. All the tests contained in KMS Certification plugin are meant to verify that the vendor’s KMIP compliant KMS works with vSphere VM Encryption feature.
qStreamTM Quantum Random Number Generator (QRNG)
NIST SP 800-90A and SP 800-90B
Leidos performed an independent lab evaluation of qStream™ for compliance with NIST SP 800-90A and SP 800-90B. Part of that work included validation of correctness of cryptographic algorithm implementation against the NIST CAVP.
Cryptographic Algorithm Validation Program | CSRC (nist.gov)
Dieharder Test
qStream™ QRNG is a Leidos validated True Random Number Generator, making use of the Dieharder Tests, which include not only the dieharder tests but other tests from the NIST statistical test suite and others.
Dieharder Tests are a battery of statistical tests for measuring the quality of a random number generator. They include Birthday spacings test, Overlapping 5-permutation test, Binary rank matrices test, Bitstream test, OPSO, OQSO & DNA test, Count-the-1’s test, Parking lot test, Minimum distance test, 3D spheres test, Squeeze test, Overlapping sums test, Runs test, Craps test.