Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of the Luna Network HSM 7.11.0, models T-2000 and T-5000. Release 7.11.0 features the introduction of the new T-Series Network HSM chassis. The 7.11.0 Network HSM offers enhanced security, maintenance, and usability features while providing industry leading cryptographic performance. The Luna Client is also updated with installation, functional, and usability enhancements. User Documentation has been significantly revised to reflect the changes incorporated into Luna HSM release 7.11.
Highlights of new features in the Luna T-Series HSM release 7.11 include:
New T-Series Network HSM Appliance Chassis
The Luna T-Series Network HSM contains a new chassis and offers enhanced installation, maintenance, security, and usability features, including the following:
- A locking faceplate bezel restricts access to the front of the appliance for enhanced security.
- A new LCD display provides a quick view of the appliance network configuration and overall health.
- Four 1GB Ethernet interface ports with port bonding for redundancy and enhanced reliability.
- Rebranded to reflect company name change to Thales Trusted Cyber Technologies.
- Appliance is delivered with improved accessories (e.g. longer rack mount rails, RJ-45 console port / cable, etc.).
Improved Luna HSM Client
- Improved Client Installer
- User-Defined Install Paths
- Minimal Client for Linux containers
- Cryptographic changes to support changes in upcoming firmware 7.11.0.
Configurable Cipher Suites
The TLS cipher suites used by NTLS can now be configured on the Luna T-Series Network HSM. This new capability allows administrators to select and configure cipher strength to meet their internal security objectives and compliance requirements.
Hardware Support for Quantum Enhanced Keys
By embedding a quantum random number generator (QRNG) chip within the Luna HSM, Thales TCT is offering the industry’s first FIPS 140-2 compliant HSM capable of generating quantum enhanced keys. Using principles of quantum physics, the QRNG chip produces high quality entropy which is the basis for all random numbers and cryptographic keys generated by the HSM. Although the QRNG is included in this hardware, the ability to utilize the QRNG will not be available until a future release of firmware. All shipping Luna Network HSM hardware will support an in-field firmware upgrade that will introduce this capability.
FIPS 140 Status
As previously announced, the Luna T7 Cryptographic Module was submitted (July 2020) to the NIST Cryptographic Module Validation Program and is listed as Module in Process. Most customers (and government contracting officers) accept the official listing on NIST’s Modules in Process List as evidence that the cryptographic module will soon have an official FIPS 140-2 validation certificate issued. The NIST Modules in Process List is available here.
An in-field upgrade to the FIPS validated firmware will be made available for all Luna T-Series Network HSMs.