CMVP Main Page
*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***
Questions regarding modules on this list should first be directed to the appropriate vendor.
| Cert# | Vendor | Cryptographic Module | Val. Date |
Level / Description | |
|---|---|---|---|---|---|
| 130 | Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher
|
(When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Software | 12/20/2000; 07/18/2002 |
Overall Level: 2
-EMI/EMC: Level 3 -Operating System Security: Microsoft WindowsNT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server. -FIPS-approved algorithms: Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman Multi-chip standalone"This module is used in the Entrust® family of products." |
| 129 | nCipher Corporation Ltd. 500 Unicorn Park Dr Woburn, MA 01810-3371 USA -Sales
|
and nShield SCSI Cryptographic Accelerators (Firmware v1.77.100; Hardware versions nC4032W-400, 150) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006 |
Overall Level: 3
-Roles and Services: Level 3*
-Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone"The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management." |
| 128 | nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales
|
and nShield 75 Cryptographic Accelerators (Firmware v1.77.100; Hardware nC3031S-300, 150, 75, Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006 |
Overall Level: 3
-Roles and Services: Level 3*
-Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone"The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management." |
| 127 | nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales
|
and nForce SCSI 150 Cryptographic Accelerators (Firmware v1.77.100; Hardware versions nC3022W-400, 150) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006 |
Overall Level: 2
-Roles and Services: Level 3*
-Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone"The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU." |
| 126 | nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales
|
and nForce 75 Cryptographic Accelerators (Firmware v1.77.100; Hardware nC3021S-300, 150, 75 Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006 |
Overall Level: 2
-Roles and Services: Level 3*
-Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone"The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU." |
| 125 | nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne
|
and nForce 75 Cryptographic Accelerators (Firmware v1.54.28; Hardware Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/20/2000; 03/01/2001; 03/09/2006; 03/15/2006 |
Overall Level: 2
-Roles and Services: Level 3*
-Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone"The nCipher nFast/nForce/nShield range of hardware cryptographic accelerators increases server throughput in data security and electronic commerce applications such as: secure Web sites, financial transactions over the Internet, authenticated access to intranets and extranets, certification authorities and digital signatures, secure messaging including X.400/EDI." |
| 124 | Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan C. Asenjo
|
(Hardware Version Issue 2 and Issue 3 Motherboard; Software Version 3.1) (When key zeroization is enabled) Validated to FIPS 140-1 Security PolicyVendor Product Link |
Hardware | 12/07/2000; 01/08/2003; 05/19/2003; 10/13/2005 |
Overall Level: 3
-FIPS-approved algorithms: Triple-DES (Cert. #31); DSA/SHA-1 (Cert. #24) -Other algorithms: DES (Cert. #57); Diffie-Hellman (key agreement); Rijndael Multi-chip standalone"The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption." |
| 123 | AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller
|
(Hardware Version 1E, Firmware Versions: ACCE SP: v1.0 and v1.1 ACCE SP2: v2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 12/07/2000; 11/05/2001; 11/09/2001; 12/04/2001; 07/22/2002; 10/04/2002; 04/21/2005 |
Overall Level: 4
-FIPS-approved algorithms: Triple-DES (Certs. #23 and #24); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed) -Other algorithms: DES (Certs. #81 and #82); DES MAC; Diffie-Hellman (key agreement); MD5 Multi-chip embedded"The ACCE SP & SP2 provide highly-secure cryptographic services and key storage. They are used in a range of AEP Networks and OEM products along with an application (the single user of the module) to provide custom functionality. Example uses are the Europay NSP (ACCE SP) and Europay ESP (ACCE SP2) which were developed for Europay, a major European financial institution." |
| 122 | IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward
|
(ID: P/N 04K9077 (FIPS 140-1 Cert. #81), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ v1.26) (When configured for DSS Authentication and using the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy |
Hardware | 11/15/2000 | Overall Level: 3
-Self Tests: Level 4
-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23) -Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant) Multi-chip embedded"The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed." |
| 121 | IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward
|
(ID: P/N 04K9078 (FIPS 140-1 Cert. #35), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ version) (When configured for DSS Authentication and using the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy |
Hardware | 11/15/2000 | Overall Level: 3
-Physical Security: Level 4
-Self Tests: Level 4
-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23) -Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant) Multi-chip embedded"The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed." |
| 120 | Alcatel Managed IP Services 600 March Road 5T1 Kanata, Ontario K2K 2E6 Canada -Doug Wiemer
|
(Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026) (When operated in FIPS-compliant "Secure" and "Minimum" modes) Validated to FIPS 140-1 Security Policy |
Hardware | 10/12/2000 | Overall Level: 2
-Physical Security: Level 3.
-FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21) -Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5 Multi-chip standalone"The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access." |
| 119 | Alcatel Managed IP Services 600 March Road 5T1 Kanata, Ontario K2K 2E6 Canada -Doug Wiemer
|
TimeStep PERMIT/Gate™ 2520 series 40 and 50 / Alcatel 7133; TimeStep PERMIT/Gate™ 4520 series 40 and 50; and TimeStep PERMIT/Gate™ 4620 series 40 and 50 / Alcatel 7134 (Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026) (When operated in FIPS-compliant "Secure" and "Minimum" modes) Validated to FIPS 140-1 Security Policy |
Hardware | 10/12/2000 | Overall Level: 2
-FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21) -Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5 Multi-chip standalone"The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access." |
| 118 | IBM® Corporation 2455 South Rd Mail Station P371 Poughkeepsie, NY 12601 USA -Clark Norberg
|
(ID: IBM PN 09K1592) (When configured for External Key Entry) Validated to FIPS 140-1 Security Policy |
Hardware | 09/26/2000 | Overall Level: 4
-FIPS-approved algorithms: Triple-DES (Cert. #28); DSA/SHA-1 (Cert. #37); RSA (internal use) -Other algorithms: DES (Cert. #98); Diffie-Hellman (key agreement); CDM; MDC-2; MDC-4; ANSI: X3106, X99, X919 Single-chip"Technology remap encryption module for the IBM eServer zSeries 900 system that provides improved throughput performance over the previous part numbers of the IBM S/390 CMOS Cryptographic Coprocessor (FIPS 140-1 cert. #40)." |
| 117 | IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward
|
(ID: PN 04K9036, EC C75600M, Miniboot 0 version A, Miniboot 1 version A) (When configured for DSS Authentication) Validated to FIPS 140-1 Security Policy |
Hardware | 09/18/2000; 08/08/2002; 09/23/2002 |
Overall Level: 3
-Physical Security: Level 3 +EFP/EFT
-Cryptomodule Design: Level 4 -Module Interfaces: Level 4 -Roles& Services: Level 4 -Finite State Machine Model: Level 4 -Software Security: Level 4 -EMI/EMC: Level 4 -Self Tests: Level 4 -Key Mgmnt.: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #86); DES MAC; RSA Multi-chip embedded"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers." |
| 116 | IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward
|
(ID: PN 04K9131, EC F72272D, Miniboot 0 version A, Miniboot 1 version A) (When configured for DSS Authentication) Validated to FIPS 140-1 Security Policy |
Hardware | 09/18/2000; 08/08/2002 |
Overall Level: 4
-FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #86); DES MAC; RSA Multi-chip embedded"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as and as features in IBM eServer iSeries, pSeries, and zSeries servers." |
| 115 | Thales e-Security Meadow View House Crendon Industrial Estate Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox
|
(Version 1.1) Validated to FIPS 140-1 Security PolicyVendor Product Link |
Hardware | 09/13/2000; 01/08/2003; 05/09/2003; 05/19/2003; 03/21/2005; 04/05/2005; 10/13/2005 |
Overall Level: 4
-FIPS-approved algorithms: DSA/SHA-1 (Cert. #24) -Other algorithms: Multi-chip embedded"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure system initialization for a cryptographic device, such as the Datacryptor 2000, WebSentry and HSM products. The module contains a secure bootstrap and authenticates application-loading using the Digital Signature Algorithm (DSA)." |
| 114 | Technical Communications Corp. 100 Domino Drive Concord, MA 01742 USA -John I. Gill
|
(Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 09/13/2000 | Overall Level: 3
-FIPS-approved algorithms: Triple-DES (Certs. #13 and #14); SHA-1 (Cert. #29) -Other algorithms: DES (09/22/1995); Multi-chip standalone"The CipherX 7200 offers centrally managed end-to-end security that can seamlessly integrate into Internet Protocol (IP) Wide Area Networks (WANs) and Local Area Networks (LANs) providing secure Virtual Private Network (VPN) solutions. The Cipher X 7200 supports encryption, authentication, firewall and secure community capabilities to enable flexible transparent end-to-end network security." |
| 113 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable
|
(Software versions 4.0 and 4.1; Hardware version 2.0) Validated to FIPS 140-1 Security Policy |
Hardware | 09/13/2000; 06/17/2002; 12/04/2003; 10/18/2004 |
Overall Level: 2
-FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone"Cylink ATM Encryptors secure sensitive data transmitted over high-speed ATM networks. The system supports full wirespeed encryption at data rates from 1.5Mbps to 622 Mbps over public and private networks." |
| 112 | AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller
|
(Firmware version 1, Releases 3G1 and 3G2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 09/08/2000; 07/18/2001; 07/22/2002; 10/04/2002; 04/21/2005 |
Overall Level: 4
-FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed) -Other algorithms: DES (Cert. #92); DES MAC; Diffie-Hellman (key agreement); MD5 Multi-chip embedded"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family. There are two versions available: Version 1.3G1 will power-down and zeroize the SMK if the module's temperature exceeds the specified operational temperature range. Version 1.3G2 will power-down and zeroize the SMK when the specified operational temperature is exceeded, and zeroize the IMK when the storage temperature is exceeded." |
| 111 | Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett
|
(Version 1.11) (When using vendor-configured with the FIPS 140-1 Applet) Validated to FIPS 140-1 Security Policy |
Hardware | 08/30/2000 | Overall Level: 3
-Physical Security: Level 3 +EFP
-FIPS-approved algorithms: SHA-1 (Cert. #36) -Other algorithms: Multi-chip standalone"The Dallas Semiconductor 1955 Java-Powered Cryptographic iButton, when operated in FIPS mode, provides SHA-1 hashing, identity-based challenge-response authentication, statistical random number generator tests, and a SHA-1 known answer test. When not operated in FIPS mode, the device provides more cryptographic services such as a high-speed math accelerator for 1024-bit public key cryptography. The module's single silicon chip is encased in a stainless steel button which is rugged enough to withstand harsh outdoor environments." |
| 110 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant
|
(Version SR-1A (3821)) Validated to FIPS 140-1 Security Policy |
Software | 08/15/2000; 10/15/2007 |
Overall Level: 1
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode).
-FIPS-approved algorithms: Triple-DES (Cert. #18); SHA-1 (Cert. #32); RSA (vendor affirmed) -Other algorithms: DES (Cert. #91); DES MAC; RC2; MD2; MD5 Multi-chip standalone"The Microsoft Outlook Cryptographic Provider (EXCHCSP) is a FIPS 140-1 Level 1 compliant general-purpose software-based cryptographic module. EXCHCSP encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography." |
| 109 | Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto
|
(3640, 7140, and 7206 Module Access Routers w/ IOS V12.1(1)T software) (When configured in a FIPS mode of operation) Validated to FIPS 140-1 Security Policy |
Hardware | 08/01/2000; 01/10/2003; 05/24/2005 |
Overall Level: 2
-FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26) -Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone"The Cisco 3640, 7140, and 7206 Secure Integrated VPNs are routers that provide data protection on a network providing packet encryption. The modules perform all of the functions of a typical router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules, providing a secure connection at the packet level." |
| 108 | L-3 Communication Systems One Federal Street Camden, NJ 08102 USA -privatel@L-3com.com
|
(Model 960v (Part Number: K10047665, Software version v6.01) and (Part Number: K10047665-503, Software version v7.10)) Validated to FIPS 140-1 Security Policy |
Hardware | 08/01/2000; 09/18/2000; 04/21/2005 |
Overall Level: 1
-FIPS-approved algorithms: Triple-DES (Cert. #20); SHA-1 (Cert. #33) -Other algorithms: Session Key Development Algorithm (SKDA) Multi-chip standalone"The Privatel(TM) Model 960v provides security for voice telephony applications. The Privatel(TM) product is an applique to an existing office telephone that provides voice coding, traffic encryption, key management, and modem functions. The module uses the strongest commercially-available cryptography, which provides end-to-end secure communications that protect telephone conversations from eavesdropping and unauthorized monitoring and recording, displaying a unique Key Fingerprint during every secure session." |
| 107 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable
|
(Firmware v4.05 and v4.06; Hardware revisions 4 and 5) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 07/31/2000; 03/12/2001; 07/18/2002; 12/04/2003; 10/18/2004 |
Overall Level: 3
-Module Interfaces: Level 3*
-Roles and Services: Level 3* *(Level 3 - Console interface disabled; Level 2 - Console interface enabled.) -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #20); Diffie-Hellman (key agreement) Multi-chip standalone"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links." |
| 106 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant
|
(Version 5.0.2195.1569) Validated to FIPS 140-1 Security Policy |
Software | 07/31/2000; 10/15/2007 |
Overall Level: 1
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode).
-FIPS-approved algorithms: Triple-DES (Cert. #16); SHA-1 (Cert. #35) -Other algorithms: DES (Cert. #89); Multi-chip standalone"Microsoft's Kernel Mode Cryptographic Module (FIPS.SYS) is a general-purpose, software-based cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography." |
| 105 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable
|
(Firmware versions 1.27, 1.31 and 1.33) Validated to FIPS 140-1 Security Policy |
Hardware | 07/31/2000; 09/14/2001; 05/15/2002; 07/18/2002; 12/04/2003; 10/18/2004 |
Overall Level: 2
-Physical Security: Level 3
-Software Security: Level 3
-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement) Multi-chip standalone"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks." |
| 104 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable
|
(Firmware versions 1.27, 1.31 and 1.33) Validated to FIPS 140-1 Security Policy |
Hardware | 07/31/2000; 09/14/2001; 05/15/2002; 07/18/2002; 12/04/2003; 10/18/2004 |
Overall Level: 2
-Physical Security: Level 3
-Software Security: Level 3
-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement) Multi-chip standalone"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks." |
| 103 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant
|
((Base DSS: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]), (Base: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3]), (DSS/DH Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]), (Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3])) (For services provided by the listed FIPS-Approved algorithms) Validated to FIPS 140-1 Security Policy |
Software | 07/10/2000; 12/14/2001; 07/31/2002; 10/15/2007 |
Overall Level: 1
-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 SPx (operated in single-user mode)
-FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) -Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 Multi-chip standalone"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation." |
| 102 | Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams
|
(Software v1.2 and v1.2.2; Hardware v1.000) Validated to FIPS 140-1 Security Policy |
Hardware | 07/10/2000; 11/20/2000; 02/15/2002 |
Overall Level: 1
-Roles & Services: Level 2
-FIPS-approved algorithms: Triple-DES (Cert. #10); SHA-1 (Cert. #30) -Other algorithms: DES; Diffie-Hellman (key agreement); MD5; KPDK_MD5 Multi-chip embedded"DiamondNIC and DiamondLINK provide a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. They not only provide a high level of trust and data separation through the established end-to-end session, they additionally provide added levels of security by bringing firewall filtering functionality to the desktop. These modules provide strong I&A and user selectable/dynamically downloaded security policies to the desktop." |
| 101 | Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett
|
(ID: B9-V1.02) (When using vendor-initialized SHA-1 in transaction group 1) Validated to FIPS 140-1 Security Policy |
Hardware | 06/22/2000 | Overall Level: 3
-Physical Security: Level 3 +EFP
-FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41." |
| 100 | Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dr. Stephen Kovacs
|
(Version 4.0 firmware) (When factory configured in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 06/22/2000 | Overall Level: 2
-Software Security: Level 3.
-FIPS-approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34) -Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement) Multi-chip standalone"The NetFortress® 10 is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec." |
| 99 | Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto
|
(2621 Module Access Router w/ IOS V12.1(1)T software) (When configured in a FIPS mode of operation) Validated to FIPS 140-1 Security Policy |
Hardware | 06/13/2000; 06/22/2000; 01/10/2003; 05/24/2005 |
Overall Level: 2
-FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26) -Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone"The Cisco 2621 Modular Access Router supports the full IOS feature set including advanced security features such as Virtual Private Network (VPN) Access and integrated Firewall protection. The Cisco 2621 supports multiple encrypted tunnels using Cisco IOS IPSec and DES/3DES encryption." |
| 98 | Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis
|
(Firmware version 2.60, 4500 Hardware) (When operated in the 'FIPS-enabled' mode using FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy |
Hardware | 05/23/2000; 09/20/2001; 12/06/2001 |
Overall Level: 2
-FIPS-approved algorithms: SHA-1 (Cert. #31); Triple-DES (DES Cert. #47) -Other algorithms: DES (Cert. #47); RSA; RC4; MD5 Multi-chip standalone"The Contivity 4500 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. 5 PCI expansion slots, dual 10/100 LAN ports, dual redundant power supplies and storage, unlimited IPSEC client licenses." |
| 97 | Stamps.com 3420 Ocean Park Blvd. Suite 1040 Santa Monica, CA 90405 USA -Craig Ogg
|
(Versions 1.01 and 1.02) Validated to FIPS 140-1 Security Policy |
Hardware | 05/18/2000 | Overall Level: 3
-Physical Security: Level 4
-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23, 27); Triple-DES (Cert. #2) -Other algorithms: DES (Certs. #58 and #69); RSA; Diffie-Hellman (key agreement) Multi-chip embedded"The module provides the services to support high-speed, highly secure E-commerce transactions, including the production and verification of United States Postal Service Information-Based Indicia." |
| 96 | Pitney Bowes, Inc. 35 Waterview Dr Shelton, CT 06484 USA -David Riley
|
(Version 0.3.60A) Validated to FIPS 140-1 Security Policy |
Software | 05/18/2000 | Overall Level: 1
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95/98, WindowsNT Workstation 4.0 w/SP3 or later (single-user mode).
-FIPS-approved algorithms: SHA-1 (Cert. #27); Triple-DES (Cert. #3) -Other algorithms: DES (Cert. #83); Multi-chip standalone"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)." |
| 95 | SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens
|
(Version 2.01) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy |
Hardware | 05/08/2000 | Overall Level: 2
-EMI/EMC: Level 3
-FIPS-approved algorithms: Skipjack (Cert. #4); DSA (DSA/SHA-1 Cert. #31) -Other algorithms: DES (Cert. #78); Triple-DES; KEA (primitives only); RSA Single-chip"The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system." |
| 94 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan
|
(Version 1.0) (When using the 'FIPS-mode Configuration File') Validated to FIPS 140-1 Security Policy |
Hardware | 05/08/2000; 02/22/2005 |
Overall Level: 2
-EMI/EMC: Level 3
-FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); Triple-DES (DES Cert. #88, vendor affirmed); RSA/SHA-1 (vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip"The SignaSURE Model 330 Smart Card is a complete public key cryptographic module that is ISO 7816 compliant. This module supports PKI with a highly efficient cryptographic co-processor and the DKCCOS v2.0 smart card OS. The OS is extensible and allows new algorithms to be added." |
| 93 | Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher
|
(When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Software | 04/20/2000; 07/18/2002 |
Overall Level: 2
-EMI/EMC: Level 3 -Operating System Security: Level 2 for Microsoft WindowsNT 4.0 with SP6a (TCSEC C2-rated on a Compaq ProLiant 7000 Server). -FIPS-approved algorithms: Triple-DES (Cert.#6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; Diffie-Hellman (key agreement) Multi-chip standalone"This module is used in the Entrust® family of products." |
| 92 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MA 21017 USA -Rick DeFelice
|
(Software v1.14, v1.15 and v1.16) (For services provided by the FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy |
Software | 04/07/2000; 11/20/2000; 07/02/2002; 10/19/2004 |
Overall Level: 1
-EMI/EMC: Level 3
-Software Security: Level 3; -Self Tests: Level 4; -Operating System Security: Tested as meeting Level 1 when using Windows95/98, WindowsNT Workstation 4.0 w/ SP 3 or later (single-user mode). -FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30) -Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement) Multi-chip standalone"The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP." |
| 91 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MA 21017 USA -Rick DeFelice
|
(Software v1.14, v1.15 and v1.16) (For services provided by the FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy |
Software | 04/07/2000; 11/20/2000; 07/02/2002; 10/18/2004 |
Overall Level: 2
-EMI/EMC: Level 3
-Software Security: Level 3; -Self Tests: Level 4; -Operating System Security: Tested as meeting Level 2 when using Compaq DeskPro 6400 w/ WindowsNT Workstation 4.0, SP3 (ITSEC-certified). -FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30) -Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement) Multi-chip standalone"The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP." |
| 90 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA -Security Evaluations Manager
|
(Software Version 8.1.6) (When operated in FIPS mode using the FIPS approved algorithms [listed in the description column]) Validated to FIPS 140-1 Security Policy |
Software | 03/21/2000; 04/04/2002; 07/07/2003 |
Overall Level: 2
-Operating System Security: Tested as meeting Level 2 with Sun Solaris Version 2.6SE running on a Sun Ultra SPARC-1 workstation.
-FIPS-approved algorithms: SHA-1 (Cert. #18) -Other algorithms: DES (Cert. #52); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone"Oracle® Advanced Security is a comprehensive suite of security features for distributed environments. It provides a single source of integration with network encryption, authentication, and single sign-on services, delivers PKI solutions and integrates with LDAP directories. Oracle® Advanced Security is an option available with Oracle8i™ Enterprise Edition." |
| 89 | RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese
|
(Software version 4.31) (For services provided by the listed FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy |
Software | 03/21/2000; 01/04/2008 |
Overall Level: 1
-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 (single-user mode).
-FIPS-approved algorithms: Triple-DES (DES Cert. #46, vendor affirmed); SHA-1 (Cert. #18); RSA (vendor affirmed) -Other algorithms: DES (Cert. #46); RSA (encrypt/decrypt), MD2, MD5, HMAC, DESX, RC2, RC4, Elliptic Curve (F2&Fp), Elliptic Curve Encryption Scheme, Elliptic Curve DSA; Bloom-Shamir Multi-chip standalone"Cryptographic Toolkit provides cryptographic services to calling applications." |
| 88 | Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar
|
(Version R3.0A; Firmware Version R02.23.00) (When operated in FIPS mode by selection of the DES algorithm) Revoked |
Hardware | 02/23/2000 | Overall Level: 1
-FIPS-approved algorithms: -Other algorithms: DES (Cert. #73); DES-XL, DVI-XL, DVP-XL, DVI-SPFL Multi-chip standalone"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000." |
| 87 | nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne
|
and nShield 75 Cryptographic Accelerators (Firmware v1.54.28; Hardware Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Hardware | 01/18/2000; 03/01/2001; 03/09/2006; 03/15/2006 |
Overall Level: 3
-Roles and Services: Level 3*
-Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #24, vendor affirmed); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST, HMAC, Triple-DES MAC, ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone |
| 86 | Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar
|
(Hardware v. 3.0A; Firmware v. 6.9 & 7.1) (When operated in FIPS mode by selection of the DES algorithm) Revoked |
Hardware | 01/05/2000 | Overall Level: 1
-Roles & Services: Level 2
-FIPS-approved algorithms: -Other algorithms: DES (Cert.#73); DES-XL, DVP-XL, DVI-XL, DVI-SPFL Multi-chip standalone"The ASTRO DIU provides an interface between an analog console and an ASTRO base station or ASTRO-TAC comparator for ASTRO clear and analog two-way radio communications. The DIU EMC is available as an option with ASTRO DIUs to provide encryption capability. The DIU will then support ASTRO encrypted two-way radio communications." |
| 85 | Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher
|
(When operated in FIPS mode) Validated to FIPS 140-1 Security Policy |
Software | 01/07/2000; 07/18/2002 |
Overall Level: 1
-EMI/EMC: Level 3
-Roles & Services: Level 2 -Physical Security: Level 2 -Operating System Security: Level 1 for Microsoft Windows95/98, WindowsNT 3.5 and 3.51, and WindowsNT 4.0 with SP3, SP4, SP5, or SP6 (single user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); Triple-DES (DES Cert.#56, vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; D-H key agreement Multi-chip standalone"This module is used in the Entrust family of products." |