Primus HSM - Standards & Certifications
The Securosys Primus HSM has earned the certifications listed on this page.
For all certifications, the certificates can be downloaded from the Securosys Support Portal or directly from the certification body (links below).
Certified Firmware
Some certifications require the device to have specific firmware versions installed and mandate compliance with designated operating instructions detailed in the Primus HSM User Guide.
The certified firmware can be downloaded from the Support Portal. Note that these firmware versions differ from the normal firmware releases.
Additionally, you may be interested in the different Operation Modes.
FIPS 140-2 Level 3
This certification indicates that the HSM has strong physical security, controlled access, and robust key management practices, making it suitable for protecting sensitive information in various applications.
- Firmware 3.1.0 (FIPS 140-3 Level 3): Certification in progress. You can follow NIST's current testing list, where the Securosys Primus HSM has been submitted for evaluation since December 2024. The certificate is expected for 2026. Implementation Under Test List
- Firmware 2.5.14 (FIPS 140-2 Level 3): Certificate #4583 | Certificate #3430
Common Criteria EAL4+
Securosys HSMs are Common Criteria EAL4+ certified. Common Criteria EAL4 is recognized under the SOG-IS body.
- CC certificate for 3.1.0 Issued 2026-02-23. Expires 2031-02-23.
- CC certificate for 2.8.22 Issued 2026-01-23. Expires 2031-01-23.
- CC certificate for 2.8.21 Issued 2021-04-14. Expires 2026-04-14.
Primus HSMs comply with eIDAS protection profile EN 419 221-5, relevant for Trust Service Providers. This ensures compliance with the strict requirements for Qualified Electronic Signature (QSCD) and Seal Creation Device (QSealCD) as well as SCAL2 compliance, as introduced by EU regulation 910/2014 and specified in EN 419 241-2.
- Firmware 3.1.0: The QSCD validation is part of the CC certificate (see above). In particular, note that the CC certificate includes the "EN 419221-5" and "EN 419241-2" protection profiles. Thus it, qualifies as a QSCD.
- Firmware 2.8.21: QSCD certificate
For full compliance, the Primus HSM has to be operated as described in Section 15.1 "Common Criteria operating instructions and conditions" of the Primus HSM User Guide.
Cryptographic Algorithm Validation Program (CAVP)
The CAVP validates that Primus cryptographic algorithms and functions can securely perform encryption, key management, and related operations in compliance with federal standards.
Explore the detailed certified algorithms and functions list.