nShield 5s certifications

The nShield 5s is fully validated to FIPS 140-3 Level 3. nShield Solo XC has FIPS 140-2 Level 3 validation and will not be submitted for FIPS 140-3.

FIPS 140-3 is the latest revision of the FIPS 140 standard. It was made effective by NIST in September 2019 and accepted for new FIPS submissions one year later, in September 2020. All FIPS 140-2 certificates will be sunset and placed on the Historical list after September 22nd, 2026.

FIPS Level 3 mode and restrictions

The FIPS Level 3 Security World mode in nShield 5s is equivalent to nShield Solo XC. A FIPS Security World v3 created on nShield Solo XC v12.50 or v12.72 validated firmware is fully compatible with the new FIPS 140-3 validated firmware 13.2 and 13.4 on nShield 5s.

FIPS Level 2

Due to the evolving certification landscape and new FIPS 140-3 requirements, the nShield 5s FIPS 140-3 validations will target Level 3 only and there will not be a Level 2 certificate.

The nShield 5 FIPS 140-3 Level 3 configuration comprises:

Customers requiring full compliance with FIPS 140-3 Level 3 will need to use a FIPS 140-3 Level 3 configuration and use a Security World with FIPS 140 mode enabled. Otherwise, customers who want to protect their keys within the FIPS boundary but don’t require full compliance can use a FIPS 140-3 Level 3 configuration with an unrestricted (default) Security World.

The nShield 5s is certified to Common Criteria EAL4 + AVA_VAN.5, ALC_FLR.2 using the Protection Profile EN 419 221-5, see the certification document. It also achieved QSCD status, relevant for the eIDAS regulation. This certification is equivalent to nShield Solo XC.

CMTS mode and restrictions

The Common Criteria (cmts) Security World mode in nShield 5s is equivalent to nShield Solo XC. A cmts Security World created on nShield Solo XC v12.50 or v12.60 validated firmware is fully compatible with the new Common Criteria validated firmware 13.5.