Thales Trusted Cyber Technologies (TCT), a trusted, U.S. based source for cyber security solutions, today announced that its Smart Card 650 v4.2 token (SC650) has received approval from the National Security Agency (NSA) for use in defense networks when using an approved applet (CoolKey version 1.5.558cdcff). The SC650 is a high assurance identification and authentication smart card that brings two-factor authentication to applications and networks where security is critical.
This is an update to the previous SC650 which has been the only certificate-based smart card to ever be designed at all levels from NSA requirements and officially awarded NSA Certification. It enables strong two-factor authentication and proof-positive user identification in all SECRET level environments. The SC650 securely stores users’ credentials, such as digitally-signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, and digital signature processing. The SC650 is capable of performing all private and public key cryptographic functions directly on the smart card, thus eliminating potential threats resulting from private key exposure. The SC650 contains a custom smart card ASIC developed by Thales TCT and produced at a U.S. based foundry. The SC650 is manufactured and supported exclusively in the United States to mitigate potential supply chain security risks.
For more information on the SC650 visit thalestct.com/sc650.
Thales TCT is announcing the release of KeySecure for Government 8.16. Continuing our commitment to provide security improvements for the duration of our products’ lifespans, KeySecure 8.16 includes a number of maintenance items and documentation improvements. KeySecure 8.16 is available on all platforms: G460, G160 (Standard and High Assurance), G350v (VMware and AWS) as a field upgrade package – available through our Customer Support Portal. Review the Customer Release Notes for additional information on the improvements included in this release.
As previously announced, Thales TCT has begun the End-of-Life process for KeySecure. Existing KeySecure for Government customers have several options for migrating from KeySecure for Government to the CipherTrust Data Security Platform. For more information on migration options, please contact your Thales TCT account manager or info@thalestct.com.
The investigation of impact of this vulnerability in Thales TCT product portfolio is continuing and will be updated as results are available. We can confirm that products such as the Luna Network HSMs appliances and clients, CipherTrust Manager are not vulnerable. Cloud Security services such as STA Classic had mitigations deployed immediately and is not vulnerable to this CVE. More details are available through Thales TCT's support portal.
*The link above requires access to Thales TCT's support portal.
Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of version 7.12 of the Luna Network HSM and PCIe HSM. This release encompasses multiple Luna HSM components:
Each of these components is available as a download from the Thales TCT Support Portal.
Release 7.12 includes the following new features:
Details regarding these new capabilities are available in the Luna User Documentation (Rev G) and the Customer Release Notes (Rev N).
June 30, 2021
The FIPS 140-2 certification of the Luna T7 Cryptographic Module and the corresponding release of the Luna T-Series HSMs allows Thales Trusted Cyber Technologies (TCT) to begin the process of retiring the Luna for Government products. Thales TCT is announcing the End-of-Sale (EOS) and End-of-Life (EOL) timeline for the following Thales TCT products:
End-of-Sale and End-of-Life Timeline
The following table describes the End-of-Sale (EOS) and End-of-Life (EOL) milestones, dates, and definitions for the Luna SA for Government and Luna PCI-E for Government products. The last day to order the affected products is December 31, 2021.
Milestones | Dates | Description |
EOL Announcement to Customers | 30-June-2021 | Customers informed about End-of-Life. Product moves to Maintenance Mode – only minor enhancements, security and bug fixes available from this date. |
Last Time Buy | 31-Dec-2021 | Affected products removed from the Sales Catalog, and not sold after this date. |
END-OF-SUPPORT and END-OF-LIFE of Luna for Government | 31-Dec-2023 | Affected products no longer supported. |
Migration Strategy
The Luna T-Series HSMs include the following features to allow easy migration from the legacy Luna for Government models to the new T-Series models:
Professional Services offerings specifically designed to assist customers in migrating to Luna T-Series HSMs are available.
For more information on migration options or any other questions, please contact your Thales TCT account manager or info@thalestct.com.
About Luna T-Series HSMs
Thales TCT Luna T-Series HSMs are the choice for government agencies when storing, protecting and managing cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.
Affected Products List
The Thales TCT part numbers affected by this announcement are included in the following table.
Part Number |
Description |
Luna SA HSMs for Government |
|
972-500013-001 |
Luna SA 1700,PW-AUTH,2 HSMP,CKE,SW 5.4.7,FW6.10.9/6.21.2 |
972-500014-001 |
Luna SA 1700,PW-AUTH,2 HSMP,CL,SW 5.4.7,FW6.10.9/6.21.2 |
972-500011-001 |
Luna SA 1700,PED-AUTH,2 HSMP,CKE,SW 5.4.7,FW6.10.9/6.21.2 |
972-500012-001 |
Luna SA 1700,PED-AUTH,2 HSMP,CL,SW 5.4.7,FW6.10.9/6.21.2 |
972-500015-001 |
Luna SA 1700 Local PED Bndl (Luna SA, Local PED, 20 PED keys, Backup HSM) |
972-500016-001 |
Luna SA 1700 Remote PED Bndl (Luna SA, Remote PED, 20 PED Keys, Backup HSM) |
972-500020-001 |
Luna SA 7000,PW-AUTH,2 HSMP,CL,SW 5.4.7,FW6.10.9/6.21.2 |
972-500052-001 |
Luna SA 7000,PED-AUTH,2 HSMP,CL,SW 5.4.7,FW6.10.9/6.21.2 |
972-500017-001 |
Luna SA 7000 Local PED Bndl (Luna SA, Local PED, 20 PED keys, Backup HSM) |
972-500018-001 |
Luna SA 7000 Remote PED Bndl (Luna SA, Remote PED, 20 PED keys, Backup HSM) |
Luna PCI-E HSMs for Government |
|
972-500007-001 |
Luna PCI-E-1700,PW-AUTH,CKE,SW 5.4.7,FW 6.10.9/6.21.2 |
972-500008-001 |
Luna PCI-E-1700,PW-AUTH,CL,SW 5.4.7,FW 6.10.9/6.21.2 |
972-500005-001 |
Luna PCI-E-1700,PED-AUTH,CKE,SW 5.4.7,FW 6.10.9/6.21.2 |
972-500006-001 |
Luna PCI-E-1700,PED-AUTH,CL,SW 5.4.7,FW 6.10.9/6.21.2 |
972-500010-001 |
Luna PCI-E-7000,PW-AUTH,CL,SW 5.4.7,FW 6.10.9/6.21.2 |
972-500009-001 |
Luna PCI-E-7000,PED-AUTH,CL,SW 5.4.7,FW 6.10.9/6.21.2 |
Luna Credential HSM |
(This is LCS using SA5. LCS using T-Series is not affected) |
972-500069 |
Luna Credential HSM |
972-500078 |
Luna Credential HSM, PED AUTH |
Luna Network HSM (v7.10) |
(Limited release of T7 embedded in Luna SA for Govt appliance) |
972-500056 |
LUNA NETWORK HSM,T-2000,V7.10 |
972-500057 |
LUNA NETWORK HSM,T-5000,V7.10 |