Functionality

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.
Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

Cmd_Import

No private key import
Public key import requires FIPS auth

No private key import

ExportAsPlain

Forbidden for private keys

Key generation

Requires FIPS auth

Key generation

Pairwise check always on

Impath

Forbidden

Minimum impath groups

DHPrime3072

DHPrimeMODP3072

n/a

Default module attributes

ModuleAttribTag_Challenge
ModuleAttribTag_ESN
ModuleAttribTag_KML
ModuleAttribTag_KLF2
ModuleAttribTag_KNSO
ModuleAttribTag_KMList
ModuleAttribTag_KLF3 (nShield 5 & later)

SignModuleState with KLF

Forbidden

Audit logging

Mandatory

AlwaysUseStrongPrimes

Mandatory