US Federal Government

U.S. Federal agencies face complex data protection challenges from cybercriminals, state actors and malicious insiders who seek to expose sensitive records found in agency databases, both on-premises and in the cloud.

Entrust nShield® HSMs and our nFinity technology partners offer proven data protection solutions that enable Federal agencies to align with NIST 800-53, FedRAMP, DHS CDM, NSA CSfC Key Management, as well as other security frameworks and programs. All our nShield hardware security modules (HSMs) are FIPS 140-2 Level 3 certified. Download our Certifications Reference Document for the latest details.

Entrust nShield HSMs are available to the U.S. Federal market through Carahsoft. Visit our Carahsoft vendor page to learn more.

NSA CSfC Solution Brief

Select from the logos below to learn how our nShield HSMs integrate with solutions from leading technology partners serving the Federal community.

Cloud, Containers

Microsoft Google Cloud Amazon Web Services Red Hat Mirantis

ADCs, Firewalls, TLS/SSL Inspection

f5 Gigamon Broadcom A10 Palo Alto McCafee

Key Management

IBM Fornetix Rambus Red Hat Oracle Hytrust Verisec Cryptomathic

Digital Signing, Code Signing

Microsoft Exceet Card Group Ascertia Entrust Cryptomathic Intesi Group

Encryption, Database Security, Tokenization

Verisec Bloombase PrimeFactors IBM HID Microsoft Oracle Micro Focus

Identity, User Authentication

Entrust IBM Alias Lab Cryptomathic Microsoft

Payment Security

Entrust Cryptomathic Rambus

PKI, IOT, Certificate Management

HID AppView X Insta Red Hat Entrust Microsoft Device Authority Venafi PrimeKey

Privileged Access and Secrets Management

HashiCorp CyberArk BeyondTrust Thyotic

Challenges

Insider Threats

Attacks from insiders can not only severely cripple the ability of federal agencies to achieve their objectives, but can also have a chilling effect on federal professional and administrative careers.

Alignment with Government Compliance Mandates

As cybersecurity threats have proliferated and computer technology has advanced, government data security compliance has become increasingly complex. Compliance mandates and frameworks such as FISMA, NIST 800-53, FIPS 140-2, and Common Criteria call for the use of encryption with strong key protection, and need to be part of any government data security solution. And with data increasingly moving to the cloud, government agencies need to comply with FedRAMP. Finally, depending on the government agency, HIPAA-HITECH and PCI DSS may also be important.

Solutions

Strong Key Management

Entrust nShield Hardware Security Modules (HSMs) are FIPS-certified, tamper-resistant devices that help protect federal agencies’ most sensitive data by securely generating, managing and storing encryption and signing keys.

Secure Execution Environment

In addition to protecting your sensitive keys, Entrust nShield HSMs also provide a secure environment for running proprietary applications. The CodeSafe option lets you develop and execute code within Entrust nShield HSMs’ FIPS 140-2 Level 3 boundaries, safeguarding your applications from potential attacks.

Resources

Solution brief: NSA CSfC Key Management

The NSA CSfC Key Management (KM) Requirements Annex specifies the use of approved algorithms and certificates to ensure the security of classified data in transit. Download this solution brief to learn how Entrust nShield HSMs help US government agencies meet the HSM requirements defined by the Key Management (KM) Capability Package.

NSA CSfC Key Management Solution Brief

Brochure: Entrust nShield HSMs Brochure

Entrust nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, Entrust nShield HSMs support a variety of deployment scenarios.

Entrust nShield HSMs Brochure

Brochure: Entrust nShield HSM Professional Services

The Entrust nShield HSM professional services team offers unmatched expertise in architecting and implementing crypto applications for the world’s most security-conscious organizations. Download the catalog to learn how our team can help design and deploy the right solution for your unique environment.

Entrust nShield HSM Professional Services

Datasheet: Code Signing Gateway

The Code Signing Gateway Service provides a range of flexible and centralized workflow automation functions that helps organizations successfully meet secure code signing requirements. The Code Signing Gateway is a customer hosted server that runs an Entrust nShield code signing application and is complemented by onsite installation and training delivered by Entrust nShield HSM professional services.

Code Signing Gateway Datasheet

Solution brief: Code Signing

In addition to enhanced code signing key security, the Entrust nShield HSMs’ Code Signing solution offers a flexible range of automation capabilities for code signing approval processes as well as for centralized cryptographic key management. The Entrust nShield HSM Code Signing solution is unique in that it not only provides a high assurance method to protect private code signing keys in certified secure hardware, but also offers a flexible range of capabilities to simplify and automate the code signing request/approval workflow for organizations with more complex environments.

Code Signing Solutions Brief

Solution brief: Bring Your Own Key | Hold Your Own Key

Entrust nShield HSMs provides the mechanisms that let you use your nShield HSMs to generate keys, secure long-term storage, and export your keys into the cloud, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. Download the solution brief to learn more.

Bring Your Own Key | Hold Your Own Key Solutions Brief

Digital Certificates

Digital Certificates

Standard TLS/SSL

Advantage TLS/SSL

UC Multi-Domain TLS/SSL

EV Multi-Domain TLS/SSL

Wildcard TLS/SSL

Private TLS/SSL

Qualified Electronic Seal Certificates

QWAC eIDAS Certificates

QWAC PSD2 Certificates

Platinum Services

Entrust Certificate Services

Subscription Plan

Digital Signing

Digital Signing

Document Signing Certificates

Secure Email Certificates

Device Certificates

Code Signing Certificates

TrustedX eIDAS

TrustedX Electronic Signatures

Entrust Timestamping Authority

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Certificate Hub

Security Manager

Entelligence Security Provider

Epassport

Validation Authority

Key Recovery Server

Entrust Managed PKI Service

Cryptography as a Service

Managed Microsoft PKI

Managed Offline Root Certificate Authority

Cryptographic Center of Excellence

Internet of Things (IoT) Security

Mobile Device Management BYOD

Products

Identity as a Service

Identity Enterprise

Identity Essentials

Solutions

PIV

Physical / Logical Access

Safeguarding Your VPN

Privileged Users

Workstation Login

Security and Access for Contractors

Consumer Banking

Customer Portals

Digital Citizen

Digital Onboarding

Consumer Identity and Access Management (CIAM)

Data Breach

Improve User Experience

Support Diverse User Groups

Streamline IT

Transaction Verification

Portfolio Capabilities

ID Proofing

Device Reputation

Secure Device Provisioning

Password Reset

Credential Issuance

Authenticators

Mobile Authentication

Multi-Factor Authentication MFA

Passwordless Login

Adaptive Authentication

Single Sign-On

APIs / SDKs

Fraud Detection

Products

nShield Connect

nShield Edge

nShield Solo

nShield as a Service

nShield Issuance HSM

CodeSafe