Attention: the NIAPC web site may not include all approved products.The list of approved products is always changing; there is a backlog of approved products still to be added to this information portal, and there are delays in responding to queries and inclusion of new products. NATO is reviewing options to improve collaboration and provide more timely information sharing of approved security products.
CryptoServer CP5 version
This product is currently marked as Archived. This means that special conditions may apply to this product regarding market availability or support. Please check with the manufacturer for specific details. | Generated @ 4/24/2024 11:49:56 AM

CryptoServer VS-NfD is a Hardware Security Module suitable for a variety of use cases, such as PKI, Document and Code Signing, Data Encryption, Hardware Root of Trust and much more. The German Federal Office for Information Security (BSI) approved „CryptoServer CP5 VS-NfD“ according to the Qualified Certification Process - the product is the only BSI approved VS-NfD Hardware Security Module and allows for the usage with data classified up to “NATO restricted”.

CryptoServer VS-NfD is available as a PCIe plug-in card or as a network-attached appliance.

Key Features

  • Secure key storage and processing within the security boundary of the HSM
  • Extensive key management with d
  • Key authorization API and tool (acc. PP EN 419 221-5)
  • “m out of n” quorum authentication (e.g. 3 out of 5)
  • 2-factor authentication based on smartcards
  • Role based access control and separation of duties
  • Multi-tenancy support
  • Remote management
  • Dedicated software simulator for evaluation and integration testing
  • Supported operating systems: Windows and Linux
  • A variety of integrations with PKI applications, etc.
  • Integrated Load balancing and HA functionality
  • Flexible backup options
  • All features included in product price

HSM Functionalities/Cryptographic algorithms

  • RSA, ECDSA with NIST and Brainpool curves
  • ECDH with NIST and Brainpool curves
  • AES
  • SHA2-Family, SHA3
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • Up to 3,000 RSA or 2,500 ECDSA signing operations in bulk processing mode
  • All algorithms included in product price

Application programming interfaces (APIs)

  • PKCS#11
  • Microsoft Cryptography API: Next Generation (CNG)
  • Cryptographic eXtended services Interface (CXI) – Utimaco‘s high performance interface ensures easy integration of cryptographic functionality into client applications

Product Specification

  • Available as PCIe or Network Appliance
  • Dual Hot Swap Power Supplies (Network Appliance)
  • 2x 1Gb/s Network Interfaces (Network Appliance)
  • Field replaceable fans (Network Appliance)
  • MTBF up to 360 000h

CryptoServer VS-NfD is based on the industry Utimaco CryptoServer Se-Series Gen2 and as such benefits from Utimaco’s 35+ years of experience in building secure and reliable HSMs.

Product Images

NATO Classification


MCM Reference Number


Common Criteria Details

CC Certification / Validation Report Reference

CC Security Target / TOE Reference

Product Categories

Security Mechanism Groups

General Information


Utimaco GMBH


Product Documents

Icon product sheet
Type: Product Sheet
498.19 KB

Product QR Code

Last Update Time:
17-May-2022 12:00 AM
Please enter a search term !