Functionality
In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.
FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled. |
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Cmd_Import |
No private key import |
No private key import |
|
ExportAsPlain |
Forbidden for private keys |
||
Key generation |
Requires FIPS auth |
||
Key generation |
Pairwise check always on |
||
Impath |
Forbidden |
||
Minimum impath groups |
DHPrime3072 |
DHPrimeMODP3072 |
n/a |
Default module attributes |
ModuleAttribTag_Challenge |
||
SignModuleState with KLF |
Forbidden |
||
Audit logging |
Mandatory |
||
AlwaysUseStrongPrimes |
Mandatory |