Functionality

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.

Feature	Unrestricted	FIPS 140 Level 3	Common Criteria CMTS
Cmd_Import		No private key import Public key import requires FIPS auth	No private key import
ExportAsPlain		Forbidden for private keys
Key generation		Requires FIPS auth
Key generation		Pairwise check always on
Impath			Forbidden
Minimum impath groups	DHPrime3072	DHPrimeMODP3072	n/a
Default module attributes	ModuleAttribTag_Challenge ModuleAttribTag_ESN ModuleAttribTag_KML ModuleAttribTag_KLF2 ModuleAttribTag_KNSO ModuleAttribTag_KMList ModuleAttribTag_KLF3 (nShield 5 & later)
SignModuleState with KLF		Forbidden
Audit logging			Mandatory
AlwaysUseStrongPrimes		Mandatory

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

Cmd_Import

No private key import
Public key import requires FIPS auth

No private key import

ExportAsPlain

Forbidden for private keys

Key generation

Requires FIPS auth

Key generation

Pairwise check always on

Impath

Forbidden

Minimum impath groups

DHPrime3072

DHPrimeMODP3072

n/a

Default module attributes

ModuleAttribTag_Challenge
ModuleAttribTag_ESN
ModuleAttribTag_KML
ModuleAttribTag_KLF2
ModuleAttribTag_KNSO
ModuleAttribTag_KMList
ModuleAttribTag_KLF3 (nShield 5 & later)

SignModuleState with KLF

Forbidden

Audit logging

Mandatory

AlwaysUseStrongPrimes

Mandatory