Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
884	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks SSG 520M and SSG 550M (Hardware Versions: P/N SSG 520M and SSG 550M; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/14/2007; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #218); SHS (Cert. #601); Triple-DES (Cert. #535); AES (Cert. #529); HMAC (Cert. #278); RSA (Cert. #239); RNG (Cert. #304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks Secure Services Gateway 500 Series (SSG) represents a new class of purpose-built security appliance that delivers a perfect mix of performance, security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
883	TriCipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	TriCipher Common Core Cryptographic Module (Software Version: 3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun JDS Linux 2.4.19 and Microsoft Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #571); RSA (Cert. #273); HMAC (Cert. #310); SHS (Cert. #649); RNG (Cert. #341) -Other algorithms: DES; MD5; RSA (PKCS #5); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The CCCM provides all cryptographic functionality used by TriCipher's ID Tool, APIs and other client-side products."
882	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Yellow Dog Linux 2.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #545); AES (Cert. #549); SHS (Cert.#614); HMAC (Cert. #290); RNG (Cert. #317); DSA (Cert. #223); ECDSA (Cert. #57); RSA (Cert. #246) -Other algorithms: DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; ECNR; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); ECIES Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
881	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment provides 56 bits of encryption strength); DES; MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
880	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite V2 for PIV (Hardware Version: HW P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.2 and 2.6.2.A3; PKI/GC applet package v2.6.2.3 and 2.6.2.A1; ASC library package v2.6.2.2 and 2.6.2.A1; PIV End-Point packages v2.6.2.6, v2.6.2.A1 and v2.6.2.A2) (PIV Card Application: Cert. #7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007; 01/25/2008; 04/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES; DES MAC Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
879	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 515 and PIX 515E (Hardware Versions: 515 and 515E; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
878	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -William McIntosh TEL: 813-288-7388 x117	Fortress Secure Client (Software Versions: 3.1 and 3.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 04/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2; Windows 2000 Professional with SP4; Windows 2003 Server with SP2; Windows CE 3.0; Windows CE 4.0; Windows CE 5.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #607); HMAC (Cert. #313); RNG (Cert. #346); SHS (Cert. #656); Triple-DES (Cert. #579) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
877	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA (Hardware Versions: 7206VXR Version: 2.9, NPE-G1 Version: 2.1, NPE-G2 Version: 1.0, VAM2+ Version: 1.0, VSA Version: 1.0, C7200-JC-PA Version: 1.0, 7301 Version: 2.0; Firmware Version: 12.4(11)T1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #91 and #173); HMAC (Certs. #39 and #203); RNG (Certs. #83, #266 and #267); SHS (Certs. #258, #500, #556 and #557); Triple-DES (Certs. #204 and #275) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
876	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version: P/N CLN7493D Version 8; Firmware Version: R3.52.42) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
875	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RC2; RC4 Multi-chip standalone "The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, DSA and Diffie-Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
874	3e Technologies International, Inc. 9715 Key West Avenue 5th Floor Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989 -Chris Guo TEL: 301-944-1294 FAX: 301-670-6989	3e Cryptographic Kernel Library (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593) -Other algorithms: Multi-chip standalone "The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873	Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA -Jack Edington TEL: 319-295-5997 -Robert Shreve TEL: 319-295-2611	Common Crypto Circuit Card Assembly (Hardware Version: 944-2541-004; Software Version: 091-3186-006) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Physical Security: Level 2 -EMI/EMC: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #169) -Other algorithms: Serpent; Twofish; Triple-DES (non-compliant) Multi-chip embedded "The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
872	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 525 and PIX 535 (Hardware Versions: 525 and 535; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
871	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200 and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Nitrox XL NFB FIPS Cryptographic Module is a cryptographic module integrated into a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
870	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200, and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Cavium Nitrox NFB Cryptographic Modules are a cryptographic component of the Nitrox PCI acceleration board that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
869	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/27/2007; 12/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64, and IA64) (single user mode) -FIPS-approved algorithms: HMAC (Cert. #287); RNG(Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) -Other algorithms: DES; HMAC-MD5 Multi-chip standalone "Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
868	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
867	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HICOS PKI Smart Card Chip (Hardware Version: HD65257C1; Software Versions: GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2, and GSM Applet 1.0; Firmware Versions: HardMask: 2.0 and SoftMask: 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/19/2007	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #234); Triple-DES (Cert. #530); SHS (Cert. #594); RNG (Cert. #298); AES (Cert. #522); HMAC (Cert. #272); Triple-DES MAC (Triple-DES Cert. #530, vendor affirmed) -Other algorithms: COMP-128; AES-MAC (AES Cert. #522; non-compliant) Single-chip "The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
866	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-527A3 AirGuard™ Wireless Access Point, 3e-527A3 AirGuard™ Wireless Access Point with Outdoor Option and 3e-527A3MP AirGuard™ Wireless Access Point with Mobile Power (Hardware Versions: 1.1, 1.1 and 1.1; Firmware Version: 4.0.10.23) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #627); HMAC (Cert. #325); RNG (Cert. #359); SHS (Cert. #669); Triple-DES (Cert. #589) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-527A3 is a device that consists of electronic hardware, firmware, and a strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-527A3 operates as either a gateway connecting a local area network to wide area network (WAN) or as an access point within a local area network."
865	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Versions: 2.1.0.2 [1] and 2.1.0.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/20/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with [1]: AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 Phone Edition; Windows Mobile 5.0; Windows Mobile 5.0 Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2). Tested as meeting Level 1 with [1] and [2]: Windows 2003 SP1 (32-bit x86 - VS6.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Certs. #644 and #673); DSA (Certs. #242 and #254); ECDSA (Certs. #68 and #74); HMAC (Certs. #333 and #357); RNG (Certs. #367, #392 and vendor affirmed: SP 800-90); RSA (Certs. #295 and 314); SHS (Certs. #679 and #706); Triple-DES (Certs. #596 and #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
864	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Key Management Facility Crypto Card (KMF CC) (Hardware Version: P/N T6722A Version CLN7612B; Firmware Version: R01.09) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/13/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DES MAC; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); HCA; LFSR; NDRNG Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
863		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/16/2007; 12/07/2007; 03/07/2008	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
862		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/07/2007	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
861	Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA -Shaun Lee TEL: +44 1189 243860	Oracle Cryptographic Libraries for SSL (Software Version: 10g (10.1.0.5)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/18/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server -FIPS-approved algorithms: Triple-DES (Cert. #573); AES (Cert. #608); SHS (Cert. #657); HMAC (Cert. #314); RSA (Cert. #281); RNG (Cert. #347) -Other algorithms: RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
860	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Digital Interface Unit Crypto Module (DIU CM) (Hardware Version: T6721A, Version CLN7611C; Firmware Versions: R82.01.02, R82.01.03 and R82.01.05) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82; vendor affirmed); AES (Cert. #2); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; HCA; ADP; LFSR; NDRNG; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola's Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola's APCO-25 compliant family of console and base station radio infrastructure equipment."
859	VMware, Inc. 3145 Porter Drive Palo Alto, CA 94304 USA -Eric Masyk TEL: 650-798-5820 FAX: 650-475-5001	ACE Encryption Engine (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/06/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP2; Microsoft Windows Vista Ultimate (single-user mode) -FIPS-approved algorithms: AES (Certs. #533 and #534); DSA (Cert. #220); HMAC (Certs. #280 and #281); RNG (Certs. #306 and #307); RSA (Cert. #241); SHS (Certs. #603 and #604); Triple-DES (Cert. #536) -Other algorithms: Diffie-Hellman (key agreement; not allowed in FIPS mode); DSA signature generation (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (sign/verify 512 bits; non-compliant) Multi-chip standalone "The ACE Encryption Engine allows virtual machines to be encapsulated into files which can be saved, copied, and provisioned. VMware Software Cryptographic Implementation is the kernel implementation that enables the VMware ACE application to perform its cryptographic functions such as hashing, encryption, digital signing, etc."
858	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Radio Network Controller Encryption Module Controller (RNC EMC) (Hardware Version: T7289A; Firmware Version: R03.04.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #530) -Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR Multi-chip standalone "The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
857	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Stefan Kotes TEL: 650-216-2082 FAX: 650-216-2565	Tumbleweed Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server SP2; SuSE Linux 9 Enterprise Server SP3; Windows XP SP2; SunOS 5.10; IBM AIX 5.2.0.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #524 and #543); Triple-DES (Certs. #531 and #540); RSA (Certs. #237 and #244); ECDSA (Certs. #54 and #56); SHS (Certs. #597 and #608); RNG (Certs. #300 and #311); HMAC (Certs. #275 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Tumbleweed Security Kernel is a software module implemented as two dynamic libraries that provide all security functionalities for several products of Tumbleweed Communications Corp., including Validation Authority, SecureTransport, and MailGate."
856	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD2; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
855	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Version: 5.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #511); Triple-DES (Certs. #520 and #521); DSA (Cert. #211); RSA (Cert. #224); ECDSA (Cert. #52); SHS (Cert. #581); HMAC (Cert. #263); Triple-DES MAC (Triple-DES Certs. #520 and #521, vendor affirmed); RNG (Cert. 288) -Other algorithms: AES MAC (AES Certs. #510 and #511; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna ® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
854	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; MD2-MAC; MD5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
853	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972.(0)3.978.1342 FAX: +972.(0)3.978.1010	eToken PRO HD (Hardware Version: (32K and 64K) 4.28; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
852	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972-(0)3-978-1342 FAX: +972-(0)3-978-1010	eToken PRO, eToken NG-OTP and eToken NG-FLASH (128 MB, 512 MB and 1 GB) (Hardware Versions: PRO (32K and 64K) 4.28, NG-OTP (32K and 64K) 2.25, NG-FLASH (32K) 4.27; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
851	QUALCOMM Inc. 5775 Morehouse Drive San Diego, CA 92121 USA -QGOV Sales & Marketing TEL: 877-461-4411	Cryptographic Extension for BREW® Cryptographic Engine (Software Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/24/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with LG Firmware OS T98VZV05 with BREW 3.1 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #488); AES (Cert. #473); SHS (Cert.#541); HMAC (Cert. #230); RNG (Cert. #256); DSA (Cert. #194); ECDSA (Cert. #42); RSA (Cert. #194) -Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "QUALCOMMs Binary Runtime Environment for Wireless (BREW®) provides an integrated platform for developing, selling, and distributing wireless applications. The Cryptographic Extension for BREW® is a general-purpose, software-based cryptographic module packaged as a BREW® extension that can be invoked by BREW® applications to permit FIPS 140-2 Level 1 validated general-purpose cryptography."
850	Doremi Cinema LLC 1020 Chestnut Street Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109	Dolphin Board (Hardware Version: P/N Version DOLPHIN-DCI-F; Firmware Versions: 22.00-0 and 22.00-1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #521 and #532); HMAC (Cert. #271); SHS (Cert. #593); RNG (Certs. #297 and #326) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of strength) Multi-chip standalone "The Dolphin Board is a PCI-card that provides a standard definition/high definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin Board utilizes a dual-link encrypted serial digital interface for output of DCI-compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e., trailers, advertisements, etc.)."
849	Comtech Mobile Datacom Corporation 20430 Century Blvd. Gaithersburg, MD 20874 USA -John Fossaceca TEL: 240-686-2146 FAX: 240-686-3301 -Bill Vaughan TEL: 240-686-3300 FAX: 240-686-3301	MTM-203 Satellite Mobile Transceiver (Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: C.3.6.T) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502) -Other algorithms: DES Multi-chip standalone "CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
848	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SCSI SEP v1.0 (Hardware Version: P/N 60-000343/A; Software Version: 27.8; Firmware Version: dccp_2_2_8_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
847	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort LKM SEP v1.0 (Hardware Version: P/N 60-000388/A; Software Versions: 40.3 and 40.4; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 12/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #523); ECDSA (Cert. #53); HMAC (Certs. #273, #274 and #212); RNG (Cert. #299); SHS (Certs. #595, #596 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
846	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort NAS SEP v1.0 (Hardware Version: P/N 60-000340/A; Software Version: 26.10; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
845	Utimaco® Safeware AG Hohemarkstrasse 22 Oberursel, Hessen D-61440 Germany -US Corporate Headquarters TEL: 508-543-1008 FAX: 508-543-1009 -Dr. Christian Tobias TEL: +49-6171-88-1711 FAX: +49-6171-88-1933	SafeGuard Cryptographic Engine (Software Version: 5.00) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows Server 2003 SP1; Free-BSD Version 5.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #512 and #513); Triple-DES (Cert. #522); HMAC (Cert. #264); SHS (Certs. #582, #583 and #584); RNG (Cert. #289) -Other algorithms: N/A Multi-chip standalone "SafeGuard Cryptographic Engine (SGCE) is a high-performance cryptographic library. It provides cryptographic services to the following products from the SafeGuard solutions: SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto."
844	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 571-236-6942	Sm@rtCafé Expert Embedded Security (Hardware Version: HD65246C1A05BQBC; Firmware Versions: CH463JC_ITIGERRSA_V101 and CH463JC_ITIGERRSA_V102) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Certs. #216 and #536); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed); RNG (Cert. #253) -Other algorithms: DES; DES MAC Single-chip "Sm@rtCafé Expert Embedded Security was developed by G&D and constitutes a complete operating system for smart cards. Providing a complete set of International Organization for Standardization (ISO), Europay, MasterCard and Visa (EMV) and proprietary enhanced commands, the Sm@rtCafé Expert Embedded Security incorporates standards-based functionality along with its own optimized command set."
843	iDirect Technologies, Inc. 13865 Sunrise Valley Drive Herndon, VA 20171 USA -Michael Cohen TEL: 703-463-2262 FAX: 703-648-8015	7350 iNFINITI Satellite Router [1], iConnex-700 [2], iConnex-100 [3], M1D1-T Universal Line Card [4] and 8350 iNFINITI Satellite Router [5] (Hardware Versions: 9130-0062-0002 [1], 9101-2040-0201 [2], 9101-2040-0202 [3], 9101-0040-0008 [4] and 9000-0040-0013 [5]; Software Versions: iDS version 7.1.2 [1, 2, 3 and 4] and iDS version 7.1.3 [5]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 02/06/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #527 and #528); Triple-DES (Cert. # 534); SHS (Cert. #600); RNG (Cert. # 303); RSA (Cert. #238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "An iDirect Time Division Multiple Access (TDMA) network is composed of a single outroute Single Channel Per Carrier (SCPC) and multiple inroute TDMA carriers. The iDirect TDMA network is optimized for satellite transmissions, squeezing the maximum performance out of the bandwidth provided by satellite links. The system is fully integrated with iDirectÆs Network Management System that provides configuration and monitoring functions. The iDirect network components consist of the Protocol Processor, Hub Line Card (also known as Universal Line Card), and the Ethernet switch with remote modem."
842	Dolby Laboratories, Inc. 100 Potrero Ave. San Francisco, CA 94103 USA -Matthew Robinson TEL: 415-558-0200 FAX: 415-645-4000	CAT904 Dolby® JPEG2000/MPEG2 Processor (Hardware Version: P/N CAT904Z Versions FIPS_1.0, FIPS_1.0.1 and FIPS_1.1; Firmware Version: 3.1.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 03/19/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #519 and #520); SHS (Cert. #592); RNG (Cert. #296); HMAC (Cert. #270); RSA (Cert. #233) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT904 Dolby® JPEG2000/MPEG2 processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
841	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
840	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "P7130IP Select, P7150IP Scan Portable and M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130IP, P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
839	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB6 - 6.00.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
838	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6717 FAX: +81-467-41-6975 -Daizoh Funamoto TEL: +81-467-41-6116 FAX: +81-467-41-6951	Command Encryption Module (Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	09/11/2007	Overall Level: 2  -EMI/EMC: Level 3 -Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1 -FIPS-approved algorithms: Triple-DES (Cert. #504) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
837	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-4000T and LX-8000S Series Console Servers (Hardware Versions: 600-R3248 RevB, 600-R3249 RevB, 600-R3250 RevB, 600-R3251 RevB, 600-R3252 RevC, 600-R3253 RevC, 600-R3254 RevB, 600-R3255 RevB, 600-R3256 RevB, 600-R3257 RevB, 600-R3258 RevC, 600-R3259 RevC, and 600-R3265 RevA through 600-R3288 RevA (inclusive); Firmware Version: linuxito Version: 4.1.4 and ppciboot Version: 4.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/11/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #226); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 178 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 112 bits of encryption strength) Multi-chip standalone "The LX-4000T and LX-8000S Series Console Servers are a key component of MRV¦s Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization¦s networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV¦s Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
836	Thales e-Security Meadow View House Crendon Industrial Estate Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.4 (Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/11/2007; 09/25/2007	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: N/A Multi-chip standalone "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
835	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCM (Hardware Versions: LTK-02-0301 and LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert #579); DSA (Cert #210); RSA (Cert #223); ECDSA (Cert #51); HMAC (Cert #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
834	Nokia Enterprise Mobility Systems Nokia Enterprise Mobility Systems 313 Fairchild Drive Mt View, CA 94043 USA -Jeff Ward TEL: 339-927-6383	Nokia VPN Appliance (Hardware Versions: IP260, IP265, IP1220, and IP1260; Firmware Versions: IPSO v3.9 and Check Point VPN-1 NGX (R60) [HFA-03] and IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007; 09/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #442, #226 and #91); Triple-DES (Certs. #465, #466, #317 and #204); HMAC (Certs. #207, #208, #19 and #203); SHS (Certs. #508, #509, #291 and #500); DSA (Certs. #181 and #204); RSA (Certs. #166, #167 and #215); RNG (Certs. #229 and #201) -Other algorithms: Cast; DES (Certs. #314 and #297); Triple-DES (K3 mode, non-compliant); MD5HMAC; MD5; Arcfour; Blowfish; Twofish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
833	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SAN SEP v2.0 (Hardware Versions: P/Ns 60-000191/A, 60-000337/A; Software Version: 27.8; Firmware Version: dcch2_4_2_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
832	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert. #579); DSA (Cert. #210); RSA (Cert. #223); ECDSA (Cert. #51); HMAC (Cert. #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert. #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
831	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, Microsoft Windows 2000 (single user mode) -FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498, #505 and #573); RNG (Certs. #221 and #227); HMAC (Certs. #201, #205 and #256) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. A plug-and-play solution, the Client encrypts and decrypts communication across the network and protects the device against attacks without user intervention."
830	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2000 FAX: 571-434-2001	CA100 (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/05/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #340); SHS (Cert. #334); HMAC (Cert. #69); RNG (Cert. #92) -Other algorithms: DES; DES MAC; MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CA100 is a centrally managed software IPSec client with VPN and firewall functionality. Unlike traditional IPSec software clients that have both the software client and associated policy locally stored on the client's system, the Cryptek CA100 user policies are stored and dynamically downloaded from our manager, the Cryptek CC200."
829	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Module for Palm OS 5 (Software Version: 2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm OS 5 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #509); AES (Cert. #496); SHS (Cert. #566); HMAC (Cert. #250); RNG (Cert. #276); DSA (Cert. #203); RSA (Cert. #212) -Other algorithms: DES; DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ARC4; MD5; HMAC-MD5 Multi-chip standalone "The Security Builder+ FIPS Module is a standards-based cryptographic toolkit that provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
828	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 SE; Windows Mobile 5.0 PocketPC; Windows Mobile 5.0 PocketPC Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 SP1 (32-bit x86 - VS6.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #490); DSA (Cert. #199); ECDSA (Cert. #47); HMAC (Cert. #244); RNG (Cert. #270); RSA (Cert. #203); SHS (Cert. #560); Triple-DES (Cert. #501) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
827	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.4.34 and 3.8.4.47) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	08/27/2007	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8700c with BlackBerry OS Version 4.2 -FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
826	Giritech Herstedøstervej 27-29 C2 2620 Albertslund, Denmark -Lars S. Christensen TEL: +45 30 763 652 FAX: +45 43 47 54 87	Cryptographic Support Library CryptFacility (Software Version: 1.0.485) (When operated in FIPS mode. This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #562 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional (in single-user mode) -FIPS-approved algorithms: AES (Cert. #216); Triple-DES (Cert. #309); Skipjack (Cert. #14); ECDSA (Cert. #5); DSA (Cert. #79); SHS (Cert. #134); HMAC (Cert. #26); RNG (Cert. #61) -Other algorithms: N/A Multi-chip standalone "The Girtech Cryptographic Support Library CryptFacility is a library implemented in the Giritech G/ON product line that performs all of its cryptographic functionality using a FIPS 140-2 validated library called Crypto++ (Cert #562)."
825	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Klorida Miraj TEL: 425-421-5229 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.00.1937) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 11/26/2007; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows CE 6.0 and Microsoft Windows CE 6.0 R2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #516); HMAC (Cert. #267); RNG (Cert. #292); RSA (Cert. #230); SHS (Cert. #589); Triple-DES (Cert. #526) -Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography."
824	Hummingbird Connectivity, a Division of Open Text Corporation 38 Leek Crescent Richmond Hill, Ontario L4B 4N8 Canada -Xavier Chaillot TEL: 514-281-5551 x261 FAX: 514-281-9958	Hummingbird Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro with SP2 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #206); DSA (Cert. #201); Triple-DES (Cert. #505); AES (Cert. #492); HMAC (Cert. #247); SHS (Cert. #563); RNG (Cert. #273) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD Multi-chip standalone "The Hummingbird Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Hummingbird Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol. The Hummingbird Cryptographic Module is available from Hummingbird Connectivity, a division of Open Text Corporation."
823	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-223-3139 -Wayne Whitlock TEL: 443-327-1489	Model 400 Smart Card (Hardware Version: P5CT072EV7/TOPBC150 Version 1.0; Firmware Version: 3.0, EXFs: PIV application executable Version 19) (PIV Card Application: Cert. #6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	8/22/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #455); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant) Single-chip "SCCOS is a state-of-the-art operating system that offers wide range of authentication services together with the highest levels of security. It offers powerful implementaions for public and secret key encryption supporting RSA, DSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
822	VIACK Corporation 16701 NE 80th St. Suite 100 Redmond, WA 98052 USA -Peter Eng TEL: 425-605-7400 FAX: 425-605-7405	VIA3 VkCrypt Cryptographic Module (Software Versions: 4.2 and 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/17/2007; 03/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #478); RNG (Cert. #258); RSA (Cert. #195); SHS (Cert. #546); HMAC (Cert. #235) -Other algorithms: RC2; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing. VIA3 is a secure online collaboration solution integrating real-time audio and video, instant messaging, application sharing, and access to workspaces."
821	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5510, ASA 5520 and ASA 5540 (Hardware Versions: 5510, 5520, and 5540; Firmware Versions: 7.2.2.18 and 7.2.2.27) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/17/2007; 06/23/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #536 and #789); HMAC (Certs. #125, #283 and 432; RNG (Certs. #144, #309 and #454); RSA (Certs. #106, #242, and #376); SHS (Certs. #196, #606 and #790); Triple-DES (Certs. #217, #538 and #682) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80-bits or 112-bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
820	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 3.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/13/2007; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #489); DSA (Cert. #198); HMAC (Cert. #243); RNG (Cert. #269); RSA (Cert. #202); SHS (Cert. #559); Triple-DES (Cert. #500) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
819	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677 -Donna Shaw TEL: 978-720-2351	Crypto++™ Library (Software Version: 5.3.0 [32-bit and 64-bit]) Validated to FIPS 140-2 Security Policy Certificate	Software	08/13/2007; 08/17/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #17 ); Triple-DES (Cert. #512 ); AES (Cert. #499 ); SHS (Cert. #569 ); DSA (Cert. #206 ); RSA (Cert. #216 ); ECDSA (Cert. #49 ); HMAC (Cert. #253 ); RNG (Cert. #279 ); Triple-DES MAC (Cert #512 vendor afffirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. Both 32-bit and 64-bit variants of the dynamic link library (DLL) are FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
818	Arcot Systems, Inc. 455 West Maude Ave., Suite 210 Sunnyvale, CA 94085-3517 USA -Rob Jerdonek TEL: 408-969-6100 FAX: 408-969-6290	Arcot Core Security Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/10/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2; Microsoft Windows Server 2003 Service Pack 1 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #499); SHS (Cert. #558); HMAC (Cert. #242); RSA (Cert. #201); RNG (Cert. #268) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD2; MD4; MD5; RIPEMD-160 Multi-chip standalone "The Arcot Core Security Module provides FIPS-certified cryptographic functionality to Arcot's authentication, encryption/decryption and digital signing products -- ArcotID "software smart card", Arcot WebFort Authentication Server, Arcot SignFort, and Arcot TransFort for 3-D Secure compliance."
817	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	DPHx Radio with LZA0577 or LZA0577/LZA0578 Cryptographic Module (Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606, 030206, 010507, 020707, 072007, 080407, 091207 and 110507; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05058-0001, 722-05059-0001, 722-05059-0002, 722-05059-0003, 722-05060-0000 and 722-05061-0000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/08/2007; 10/15/2007; 12/18/2007; 04/29/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #436); RSA (Cert. #31); SHS (Cert. #504) -Other algorithms: DES Multi-chip standalone "The DPHx Radio with OTAR is a multi-chip standalone cryptographic module encased in an opaque commercial grade enclosure. As a secure radio, the primary purpose for this device is to provide encrypted digital communication."
816	Neopost Industrie 113, Rue Jean-Marin Naudin Bagneux, 92220 France -Jean-Frantois Le Pottier TEL: +00 33 1 36 45 30 37 FAX: +00 33 1 36 45 3010	N95i/255 Secure Metering Module (SMM) (Hardware Version: 4127410K Version B; Firmware Versions: 4130379C Version E41 (SH1) and 4126898B Version A (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/08/2007; 08/29/2007	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (Cert. #12) -Other algorithms: N/A Multi-chip embedded "The IJ40/50/60 are Neopost mid range of Franking products that incorporate the N95i secure metering module for producing highly secure franking impressions to meet USPS postal requirements. These products are connected to Neopost online services server for greater customer options including E-confirmation for mail tracking."
815	Red Hat, Inc. and Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Glen Beasley TEL: 800-555-9SUN -Robert Relyea TEL: 650-254-4236	Network Security Services (NSS) Cryptographic Module (Software Version: 3.11.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/08/2007; 12/07/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 4 x86; Microsoft Windows XP SP 2; 64-bit Solaris 10; HP-UX B.11.11 with HP-UX Strong Random Number Generator (KRNG11i) bundle; Mac OS X 10.4 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #410 and #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. #172); ECDSA (Certs. #30 and #37); RNG (Cert. #208) -Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
814	Red Hat, Inc. and Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Glen Beasley TEL: 1-800-555-9SUN -Wan-Teh Chang TEL: 650-567-9039 FAX: 650-567-9041	Network Security Services (NSS) Cryptographic Module (Software Version: 3.11.4) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/27/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU; Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU -FIPS-approved algorithms: Triple-DES (Cert. #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. 172); ECDSA (Cert. #30); RNG (Cert. #208) -Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
813	Xceedium, Inc. 30 Montgomery St., Suite 1020 Jersey City, NJ 07302 USA -Marjo F. Mercado TEL: 201-536-1000 x121 FAX: 201-536-1200	GateKeeper (Hardware Version: 4a; Firmware Version: 4.0.0f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/07/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #480); Triple-DES (Cert. #493); SHS (Cert. #549); HMAC (Cert. #236); RSA (Cert. #197); RNG (Cert. #260) -Other algorithms: Diffie-Hellman (key agreement; key establishment method provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant) Multi-chip standalone "Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
812	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J Software Module (Software Version: 3.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/07/2007; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #487); DSA (Cert. #197); HMAC (Cert. #240); RNG (Cert. #264); RSA (Cert. #199); SHS (Cert. #553); Triple-DES (Cert. #497) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
811	Utimaco® Safeware AG Germanusstrasse 4 Aachen, D-52080 Germany -Rainer Herbertz TEL: +49-241-1696-240 FAX: +49-241-1696-199	CryptoServer CS (Hardware Version: P/N CryptoServer CS, Version 2.0.2.0; Firmware Version: 2.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/31/2007	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #492); Triple-DES MAC (Cert. #492, vendor affirmed); AES (Cert. #479); SHS (Cert. #547); RSA (Certs. #196 and #204); RNG (Cert. #259); ECDSA (Cert. #44) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); IDEA; Safer; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC (Cert. #479; non-compliant); DES Multi-chip embedded "The CryptoServer CS is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functionality."
810	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-1000A and FortiGate-3600 (Hardware Versions: FortiGate-1000A (build C4WA49); FortiGate-3600 (build C4KW75); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
809	AirMagnet, Inc. 1325 Chesapeake Terrace Sunnyvale, CA 94089 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor AM-5010-11-AG, AM-5012-11AG, A5020 and A5023 (Hardware Versions: AM-5010-11-AG, AM-5012-11AG, A5020 and A5023; Firmware Version: 7.5.0-6285) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135) -Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-approved mode; non-compliant); AES (non-approved mode; non-compliant); IDEA; Blowfish; Twofish Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
808	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip embedded "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
807	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD, 300A/300A-HD and 500A/500A-HD (Hardware Versions: FortiGate-200A/200A-HD, FortiGate 300A/300A-HD, and FortiGate 500A/500A-HD; Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
806	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	ASTRO Subscriber Universal Crypto Module (UCM) (Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A; Firmware Versions: R05.05.02 and R05.05.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/31/2007; 04/04/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
805	NetWeave Integrated Solutions, Inc. 490 Rt 33 W Millstone Twp, NJ 08535 USA -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124 -Ron Byer TEL: 732-786-8830 x120 FAX: 732-786-8832	NetWeave Distributed Services NSK/D30 (Software Version: 2.2v1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Guardian D39 (single-user mode) -FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; IDEA; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "NetWeave Distributed Services (NWDS) is a heterogeneous middleware product that provides a broad base of cross-platform computing services built on a secure high-performance messaging core. While NWDS runs on a variety of platforms, HP systems, particularly the HP NonStopTM Kernel can be found at the core of many NWDS implementations. Specifically, the NWDS NSK/D30 implementation supports HP NSK D39 environments. In all environments, NWDS was standardized on the XYGATE® Encryption Software Development Kit by XYPRO® for its cryptographic services, performance, flexibility and platform coverage."
804	XYPRO® Technology Corporation 3325 Cochran Street, Suite 200 Simi Valley, CA 93063 USA -Sheila Johnson TEL: 805-583-2874 FAX: 805-583-0124 -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124	XYGATE® /ESDK (Software Version: 2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/26/2007: 08/17/2007; 11/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with SP 2; HP-UX 11.11; Solaris 10; HP Nonstop Server G06; HP Nonstop Server H06 (in single user mode) -FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515) -Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant) Multi-chip standalone "The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS; and e-mail protocols such as PGP and S/MIME."
803	KoolSpan, Inc. 4962 Fairmont Ave. 2nd Floor Bethesda, MD 20814 USA -Tony Fascenda TEL: 240-880-4400	SecurEdge Lock (Hardware Version: LRF05123; Firmware Version: 3.1.1) (This module contains the embedded module Axalto Cryptoflex e-Gate 32 smart card validated to FIPS 140-2 under Cert. #242 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/26/2007; 08/29/2007	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #388); SHS (Cert. #464); Triple-DES (Cert. #97; key wrapping; key establishment methodology provides 80-bits of encryption strength); RNG (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The KoolSpan Lock is a VHS-Cassette sized device that authenticates users and bridges their Ethernet traffic onto the network. It contains an embedded Smart Card and cryptographic processor. The case is tamper-resistant. Each Lock can support up to 512 simultaneous users each with 256-bit AES encryption. The Lock supports a "Keyless Exchange" and provides both Wi-Fi security and Remote Access (VPN) connections."
802	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Mike McLaughlin, Corporate Triage/CRM Manager TEL: 613-270-3788 -Entrust Sales TEL: 888-690-2424	Entrust Authority™ Security Toolkit 7.2 for the Java® Platform (Software Version: 7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/26/2007; 08/07/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1 running Sun JRE 5.0 and Solaris 10 running Sun JRE 5.0 (Single-user mode) -FIPS-approved algorithms: AES (Cert. #443); Triple-DES (Cert. #467); Triple-DES MAC (Cert. #467, vendor affirmed); DSA (Cert. #187); ECDSA, (Cert. #34); SHS (Cert. #510); HMAC (Cert. #209); RNG (Cert. #231); RSA (Cert. #168) -Other algorithms: CAST128; CAST3; DES; IDEA; RC2; RC4; Rijndael; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); SPEKE; ElGamal; MD2; MD5; DES MAC; IDEA MAC; CAST128 MAC; HMAC-MD2; HMAC-MD5 Multi-chip standalone "Entrust Authority™ Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms."
801	Secured User Inc. 11490 Commerce Park Drive Suite 240 Reston, Va 20191 USA -Ken Hetzer TEL: 703-964-3164 FAX: 703-783-0446 -Bruce Mitchell TEL: 703-964-3167 TEL: 647-477-7892 FAX: 647-477-5052	SUSK Security Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	07/23/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single user mode) -FIPS-approved algorithms: AES (Cert. #474); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SUSK Security Module is a software-based cryptographic module. Secured User's product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
800	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BAC/BAE/BAF (Canada) and 1MES BAC/BAE/BAF (Canada Specimen)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
799	Polycom, Inc. 4750 Willow Road Pleasanton, CA 94588-2708 USA -Robert V. Seiler TEL: 978-292-5452 FAX: 928-292-5943	VSX 7000e and VSX 8000 (Firmware Version: 8.5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
798	Polycom, Inc. 4750 Willow Road Pleasanton, CA 94588-2708 USA -Robert V. Seiler TEL: 978-292-5452 FAX: 928-292-5943	VSX 3000, VSX 5000, and VSX 7000s (Firmware Version: 8.5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
797	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Security Kernel (Software Version: 7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/03/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #495); AES (Cert. #484); DSA (Cert. #196); SHS (Cert. #551); RNG (Cert. #261); RSA (Cert. #198); HMAC (Cert. #238); ECDSA (Cert. #45) -Other algorithms: DES; DES MAC; CAST; CAST3; CAST5; RC2; RC4; IDEA; MD2; MD5; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); PAKE; AES MAC (non-compliant); NIST 800-90 DRBG RNG (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens."
796	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Security Controller (FC-X) (Hardware Version: FC-X; Firmware Versions: 4.1.1, 4.1.3, 4.1.4 and 4.1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/02/2007; 11/26/2007; 04/04/2008; 05/09/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465 and #538); RNG (Certs. #189 and #190); HMAC (Cert. #174) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA) Multi-chip standalone "The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
795	ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009 USA -Ed Smith TEL: 760-476-4995 FAX: 760-476-4703	Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/N 1010162, Version 1 and P/N 1010163, Version 1; Firmware Version: 01.03.05) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2007; 08/31/2007; 07/09/2008	Overall Level: 2  - Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #448, #449, #619 and #620); SHS (Cert. #800); HMAC (Cert. #441); ECDSA (Cert. #90); RNG (Cert. #461); KAS (SP 800-56A, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
794	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF2100; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/02/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
793	Sagem Orga Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany -Swantje Missfeldt TEL: +49 52 51 88 90	J-IDMark 64 Open (Hardware Version: HW P/N 01016221; FW Versions: FFFFFFFF, 01016221, 02016247, 03016251) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2007; 04/29/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244) -Other algorithms: N/A Single-chip "The J-IDMark 64 Open is a single chip cryptographic module, which combines an implementation of the latest Sun Java Card TM (Rev 2.2.1) [JCS] / Global Platform (Rev 2.1.1)[GP] specifications with a dual interface chip (with both ISO 7816 contact and ISO 14443 contactless protocols). The module meets the requirements to the FIPS 140-2, Level 4 for physical security, and to the Level 3 for other areas. The module loads and runs applets written in Java programming language. Additional features include biometric & PKI APIs in order to run "Match On Card" and cryptographic services properly."
792	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Java Module (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	06/26/2007; 07/20/2007; 10/12/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit ; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit ; Solaris 9 32-bit ; Solaris 9 64-bit; and Solaris 10 32-bit with 32 bit SPARC processor (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); RSA (Cert. #191); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder® FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder® PKI and Security Builder® SSL."
791	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.4.27 and 3.8.4.28) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/21/2007; 06/21/2007	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8700c with BlackBerry OS Version 4.2 -FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry® ."
790	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 64 v5.4 D (Hardware Version: P/N 77; Firmware Versions: E910-066491, E910-065972, E910-066421) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #425); Triple-DES (Certs. #454 and #455); Triple-DES MAC (Certs. #454 and #455, vendor affirmed); SHS (Cert. #496); RSA (Cert. #160); RNG (Cert. #219) -Other algorithms: AES MAC (Cert. #425; non-compliant); ECDSA (Cert. #32; non-compliant) Single-chip "This single chip module offers a highly secure architecture with state of the art on board cryptographic services such as Triple DES (128 and 192), AES (up to 256 bits), RSA (up to 2048) with ANSI X9.31 on board key generation, SHA1 & SHA 256, ISO 9796, ISO 9797, PKCS#1.5, OAEP, OSS, etc. Additional features include fingerprint Match on Card (ISO 19794-2), Logical Channels and Delegated Management. The module supports Java Card 2.2.1 and Global Platform 2.1.1.A. It is available with up to three communication interfaces (ISO 7816, ISO 14443 & USB)."
789	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Versions: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
788	Neopost Industrie 113, rue Jean-Marin Naudin Bagneaux, 92220 France -Jerome Modolo TEL: +33 1 45 36 34 02 FAX: +33 1 45 36 30 10	IJ25 Secure Metering Module (SMM) (Hardware Version: 4127925W A; Firmware Version: 4130171L K01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: DSA (Cert. #149); ECDSA (Cert. #17); RNG (Cert. #142); SHS (Cert. #392); HMAC (Cert. #123) -Other algorithms: N/A Multi-chip embedded "The module provides services to a small office postal meter. The system's features include hand postage printing using ink jet technology, weighing scale interface, internal modem for remote recrediting, memory card for slogan and rate loading."
787	Attachmate Corporation 1500 Dexter Avenue North Seattle, WA 98109 USA -Steve Poole TEL: 206-217-7500 FAX: 206-217-7515	Attachmate Security Component for Java (Software Version: 1.32) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/21/2007; 04/29/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Linux 4 x 64 and Sun Java Runtime 1.5.0; Mac OS X 10.4.3 and Apple Java Runtime 1.5.0; Windows XP and Sun Java Runtime 1.5.0 (single user) -FIPS-approved algorithms: Triple-DES (Cert. #449); AES (Cert. #419); DSA (Cert. #174); RNG (Cert. #213); RSA (Cert. #156); SHS (Cert. #488); HMAC (Cert. #193) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Attachmate Security Component for Java provides SSL/TLS and cryptographic services for the Attachmate Reflection for the Web product. Reflection for the Web provides centrally managed terminal emulation within a web browser. This cross-platform, server-based solution connects users to applications on IBM, HP, Unix, and OpenVMS hosts, meeting host access needs while minimizing management costs, maximizing IT flexibility, and ensuring high-level security for administrative, terminal emulation, printer emulation, and file transfer operations."
786	L-3 Communications Linkabit 3033 Science Park Road San Diego, CA 92121 USA -Rick Roane TEL: 858-597-9097 FAX: 858-552-9660	MPM-1000 (Hardware Version: 119811-1; Firmware Version: 120435-03/119881-05) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
785	UGS Corporation 5800 Granite Parkway Suite 600 Plano, TX 75024 USA -Doug de la Torre TEL: 425-468-5300	Teamcenter Cryptographic Module (Software Version: 1.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	06/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (x86) and Solaris 8 (64-bit SPARC) (single-user mode) -FIPS-approved algorithms: AES (Cert. #410); DSA (Cert. #170); HMAC (Cert. #183); RNG (Cert. #204); RSA (Cert. #150); SHS (Cert. #477); Triple-DES (Cert. #443) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
784	Check Point Software Technologies Ltd 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	Reflex Magnetics Cryptographic Library (Software Version: 1.0.0.61103) Validated to FIPS 140-2 Security Policy Certificate	Software	06/14/2007; 05/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #466); SHS (Cert. #534); RNG (Cert. #250); RSA (Cert. #188); HMAC (Cert. #225) -Other algorithms: N/A Multi-chip standalone "The Reflex Magnetics Cryptographic Library v1.0 provides cryptographic support for the Check Point Software Technologies Ltd software products. The module is used to perform various cryptographic services including pseudo random number generation, and encryption/decryption using symmetric and asymmetric algorithms."
783	Global Relief Technologies, LLC. 40 Congress Street, Suite 300 Portsmouth, NH 03801 USA -Chip Peter TEL: 603-422-7333 FAX: 603-422-7331	Rapid Data Management Software (RDMS) (Software Version: 2.3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	06/14/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows© Mobile 5.0 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #444); SHS (Cert. #478); HMAC (Cert. #184); RNG (Cert. #205) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Rapid Data Management Software (RDMS) is a software application developed by Global Relief Technologies (GRT) designed for installation on a Personal Digital Assistant (PDA) and cellular communications devices. The device is used during humanitarian and relief efforts in order to gather data and information quickly about the surrounding area to better decide where to allocate resources and what resources are needed."
782	Schweitzer Engineering Laboratories, Inc. 2545 NE Hopkins Court Pullman, WA 99163-5603 USA -Joe Casebolt TEL: 509-336-2408 FAX: 509-336-2406	SEL-3021 Serial Encrypting Transceiver (Hardware Version: P/N SEL-3021 Versions 00016A10 and 00006A10; Firmware Versions: SEL-3021-1-R101-V0-Z001001-D20070521 and SEL-3021-1-R102-V0-Z001001-D20080505) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/14/2007; 06/20/2007; 05/20/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #447); DSA (Cert. #182); SHS (Cert. #512); HMAC (Cert. #213); RNG (Cert. #234) -Other algorithms: N/A Multi-chip standalone "The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device providing strong cryptographic security to new serial communications links and an easy and effective security solution for existing serial communications networks. It is for use on both point-to-point byte oriented communications links and multi-drop networks. The SEL-3021 has preset configuration settings for popular SCADA or PCS protocols like DNP and MODBUS common to PLCs and RTUs. The SEL-3021 also has support for standard MODEM communications."
781	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	PrivateServer (Hardware Version: 4.0; Firmware Version: 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/14/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #349); Triple-DES (Cert. #409); RSA (Cert. #118); SHS (Cert. #424); Triple-DES MAC (Cert. #409, vendor affirmed); RNG (Cert. #185) -Other algorithms: DES; DES MAC; DES Stream; MD5; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. The PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include DES, Triple-DES, AES, DES-MAC, Triple-DES-MAC, RSA, SHA-1, SHA-256, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
780	Gemalto 101 Park Drive Montgomeryville, PA 18936-9618 USA -Nick Hislop TEL: 215-390-2805 FAX: 215-390-2915 -David Teo TEL: 512-257-3895 FAX: 512-257-3881	SafesITe Large Memory Dual Interface Open Platform card (Hardware Version: A1002878; Firmware Version: HM 4v1, SM 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/31/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #463); Triple-DES (Cert. #479); SHS (Cert. #531); RSA (Cert. #183); Triple-DES MAC (Cert. #479, vendor affirmed); RNG (Cert. #248) -Other algorithms: DES Multi-chip embedded "The SafesITe Large Memory Dual Interface Open Platform card provides powerful features that drive PKI applications, digital signature and access control. With a large data storage capacity and two communication interfaces (contact and contactless), the SafesITe smartcard serves as a highly portable credential for securing personal identity, fraud prevention and supporting issuers' e-services strategies"
779	Stonewood Electronics Ltd. Sandford Lane Wareham, Dorset BH20 4DY England -Tim D. Stone TEL: 01929 55 44 00 FAX: 01929 55 25 25 -Peter F. Western TEL: 01929 55 44 00 FAX: 01929 55 25 25	FlagStone Core (Hardware Versions: 1.0.1.1a, 1.0.1.2a, 1.0.1.3, 1.0.2.1a, 1.0.2.2a and 1.0.2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/18/2007; 09/12/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #403 and #630); RNG (Certs. #198 and #361) -Other algorithms: Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the FlagStone Corporate and the FlagStone Freedom Drives. The FlagStone Core and subsequently the FlagStone Drives utilising the FlagStone Core provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
778	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 -Gary Morton TEL: 303-272-4738	Sun Cryptographic Accelerator 6000 (Hardware Version: 375-3424, Revisions -02 and -03; Firmware Version: 1.0.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/18/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #435); AES (Cert. #397); DSA (Cert. #92); SHS (Certs. #171 and #469); HMAC (Certs. #88 and #176); RSA (Cert. #142); RNG (Cert. #108) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
777	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP Passport (Hardware Versions: 4.1 StealthMXP Passport 128MB, 4.1 StealthMXP Passport 256MB, 4.1 StealthMXP Passport 512MB, 4.1 StealthMXP Passport 1GB, 4.1 StealthMXP Passport 2GB, 4.1 StealthMXP Passport 4GB, 4.2 StealthMXP Passport 128MB, 4.2 StealthMXP Passport 256MB, 4.2 StealthMXP Passport 512MB, 4.2 StealthMXP Passport 1GB, 4.2 StealthMXP Passport 2GB, 4.2 StealthMXP Passport 4GB, 4.2 StealthMXP: Liquid Metal Passport 512MB, 4.2 StealthMXP: Liquid Metal Passport 1GB,4.2 StealthMXP: Liquid Metal Passport 2GB and 4.2 StealthMXP: Liquid Metal Passport 4GB with Version 2.3 of FPGA; Firmware Versions: 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/18/2007; 08/07/2007; 09/25/2007; 11/06/2007; 12/20/2007; 01/28/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
776	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Kernel Mode Cryptographic Driver™ for Linux (Software Version: 1.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux RH EL 4 (in single user mode) -FIPS-approved algorithms: AES (Cert. #462); SHS (Cert. #529); HMAC (Cert. #223); RNG (Cert. #247) -Other algorithms: DES; Triple-DES (Cert. #478, non-compliant); Blowfish; MD5; HMAC-MD5; RC2; RIPEMD-160; HMAC-RIPEMD-160 Multi-chip standalone "The F-Secure« Cryptographic LibraryÖ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
775	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (Software Version: 1.4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SUN Solaris 9 (UltraSparc), HPUX 11i (PA-RISC 2.0), AIX 5.2 (PowerPC), RHEL v4 (IA-32, AMD64, PowerPC, zSeries), SLES 9.1 (IA-32, PowerPC, zSeries), SLES 9.0 (AMD64), Windows Server 2003 with SP1 (AMD64, IA-32) (single-user mode) -FIPS-approved algorithms: AES (Certs. #426 and #468); Triple-DES (Certs. #456 and #484); SHS (Certs. #497 and #535); DSA (Certs. #177 and #192); RSA (Certs. #184 and #189); RNG (Certs. #220 and 252); HMAC (Certs. #200 and #226) -Other algorithms: RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides a minimum of 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; RSA (encrypt/decrypt) Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
774	Sagem Orga Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany -Swantje Missfeldt TEL: +49 52 51 88 90	J-IDMark 64 PIV (Hardware Version: P/N AT58803-H-AA; Firmware Version: 01016221/FFFFFFFF, PIV applet A0000002430015010100010601 V01) (PIV Card Application: Cert. #8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/18/2007; 04/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244) -Other algorithms: Single-chip "The J-IDMark 64 PIV is a single chip cryptographic module, which combines a PIV FIPS 201 compliant applet (SP 800-73) loaded on J-IDMark 64 Open, a dual (contact & contactless) interface platform compliant with the latest Java CardTM 2.2/Global Platform 2.1.1 specifications, FIPS 140-2 Level 3 Approved and Level 4 Approved for physical security. Thus J-IDMark 64 PIV module is a reliable and standardized solution for PIV systems, which allow managing physical and logical access to Federal government facilities and systems, by help of identity credentials."
773	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client (Software Versions: 2.5.6 and 2.5.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/18/2007; 06/20/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, 2000, CE 3.0, CE 4.0 and Linux Kernel 2.4.21-37:EL (in single-user mode) -FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498 and #505); RNG (Certs. #221 and #227); HMAC (Certs. #201 and #205) -Other algorithms: DES; MD5; Blowfish; GUAVA; IDEA; Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength) Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
772		Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/08/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
771	Gemalto Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Anthony Vella TEL: +33 4 42 36 61 38 FAX: +33 4 42 36 52 36	GemXpresso R4 E36/E72 PK (Hardware Version: GXP4-M2612410; Firmware Version: GX4-S_E005 (MSA029)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/08/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #435); Triple-DES (Cert. #462); SHS (Cert. #503); RSA (Cert. #164); Triple-DES MAC (Cert. #462, vendor affirmed); RNG (Cert. #226) -Other algorithms: Single-chip "GemXpresso R4 E36/E72 PK is based on a Gemplus Open OS Smart Card with a large EEPROM memory. The Smart Card platform provides Random Number generation, 3DES, AES, SHA-1 and RSA up to 2048 bits key length as well as RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.2.1 and Global Platform 2.1.1 standards, and is particularly designed to support any application dedicated to meet the very demanding requirements of multi-application government & enterprise security programs."
770	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	Check Point Crypto Core (Software Versions: 1.2 (Win 2000/Win XP/Check Point Pre-Boot/Win Mobile 5/Symbian9) and 1.3 (Win 2003/Vista/Mac OS X 10.5)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/08/2007; 04/29/2008; 09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4 (x86), Windows XP with SP2 (x86), Windows Mobile 5 (ARM and TI OMAP), Symbian 9 (ARM), Microsoft Windows Server 2003 SP2, Windows Vista Ultimate and Mac OS X v10.5 (single user mode) -FIPS-approved algorithms: AES (Certs. #429 and #430); Triple-DES (Certs. #458 and #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SHA-224 (non-compliant) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Win 2K/XP/2K3/Vista, Check Point Pre-Boot, Win Mobile 5, Symbian 9 and Mac OS X. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
769	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4; Microsoft Windows XP with SP 2; Red Hat Advanced Server 3.0 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
768	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Novell Netware 6.5 SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS KeyExchange-RSASign; NetWarePassword; X9.62 PRNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
767	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Server with SP3 and Q326886 (on Dell Optiplex GX400); Trusted Solaris 8 (on Sunblade 100); SuSE Linux Enterprise Server 8 (on IBM eServer e325) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
766	Attachmate Corporation 1500 Dexter Ave N Seattle, WA 98109 USA -Zeke Evans TEL: 206-301-6891 FAX: 206-272-1346 -Joe Silagi TEL: 206-217-7655 FAX: 206- 272-1346	Attachmate Crypto Module (Software Version: 1.0.170) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Itanium w/ HP-UX 11iv2 (IA64); Intel Itanium w/ Windows 2003 Server SP1 (IA64); Intel Pentium D w/ Windows 2003 Server SP1 (x64); Intel Pentium 4 w/ Windows 2003 Server SP1; AMD Opteron w/ Solaris 10; UltraSPARC w/ Solaris 8; AMD Opteron w/ SuSE Linux Enterprise Server 9.0 (x64); Intel Pentium 4 w/ SuSE Linux Enterprise Server 9.0; Intel Itanium w/ Red Hat Enterprise Linux 4.0 (IA64); Intel Pentium D w/ Red Hat Enterprise Linux 4.0 (x64); Intel Pentium 4 w/ Red Hat Enterprise Linux 4.0; PA-RISC w/ HP-UX 11iv1; Intel Pentium 4 w/ Sun Solaris 10 (used in single-user mode) -FIPS-approved algorithms: AES (Cert. #417); Triple-DES (Cert. #447); SHS (Cert. #486); DSA (Cert. #173); RSA (Cert. #208); RNG (Cert. #212); HMAC (Cert. #191) -Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; DES MAC; RSA (key wrapping, key establishment methodology provides between 80 and 152 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, systems and security management, and PC lifecycle management products."
765	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Versions: 3.7.1 and 3.8.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007; 05/08/2007; 10/22/2007; 03/07/2008; 07/28/2008; 08/21/2008	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.4.8; Windows XP Professional SP2 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RSA (Cert. #172); RNG (Cert. #238) -Other algorithms: AES (EME mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; ARC4-128; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP WDE, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
764	Futurex, LLC 864 Old Boerne Road Bulverde, TX 78163 USA -Jason Anderson TEL: 830-980-9782 FAX: 830-438-8782	Excrypt Cryptographic Module (Hardware Version: P/N 9750-0235-R, Version 1.1; Firmware Version: 2.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #369); SHS (Cert. #369); RSA (Cert. #86); RNG (Cert. #122); HMAC (Cert. #133) -Other algorithms: DES (Cert. #327); MD5 Multi-chip embedded "The Excrypt Cryptographic Module (ECM) is a tamper-resistant / responding PCI compatible universal module that provides secure cryptographic processing. The ECM features an Ethernet 10 / 100 interface supporting up to 999 sockets, a serial port, and 1000 3DES / 1000 4096-bit RSA battery backed key storage. The ECM provides TDES and PKI support for key management and electronic payment / funds transfer security. The ECM is used in the ExcryptTM SSP, RMC, PCE, KMS, and SKI Series products."
763	Atmel Maxwell Building Scottish Enterprise Technology Park East Kilbride, G75 0QG Scotland -Steve Mitchell TEL: 00-44-1355-803000 FAX: 00-44-1355-242744	jNet Citadel-OS on Atmel AT90SC144144CT (Hardware Version: P/N AT90SC144144CT, Version AdvX V01.01; Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -Physical Security: Level 4 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #437); Triple-DES MAC (Cert. #437, vendor affirmed); SHS (Cert. #470); RSA (Cert. #144); AES (Cert. #399); RNG (Cert. #214) -Other algorithms: NDRNG Single-chip "The jNet Citadel-OS on Atmel AT90SC144144CT is a Personal Identity Verification Smart Card, HSPD-12 implementation with dual interface I/O. The secure, smart card native OS is fully compliant with NIST 800-73-1 and FIPS PUB 201-1 requirements. The module is used for physical and logical access control to government resources. The AT90SC144144CT is a low-power, high-performance, 8/16-bit microcontroller with Flash program memory and EEPROM data memory, based on the secureAVR enhanced RISC architecture."
762	Data-Pac Mailing Systems Corp. 1217 Bay Road Webster, NY 14580 USA -Ken Yankloski TEL: 585-787-7074 FAX: 585-671-1409 -John Keirsbilck TEL: 585-787-7077 FAX: 585-671-1409	AMERICA2 (PSD) (Hardware Version: 1.0.25.5; Firmware Version: 1.0.20.5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 2  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #453); SHS (Cert. #492); HMAC (Cert. #196) -Other algorithms: Multi-chip embedded "The AMERICA2 (PSD) is a cryptographically secure, tamper proof device capable of storing customer postal credit and then dispensing valid postal indicia. As an embedded multi-chip Cryptographic Device, the AMERICA2 is enclosed within a tamper-response envelope that prevents all physically invasive attacks while still ensuring the retention of all postal data. The AMERICA2 (PSD) generates HMAC indicia as part of Data-Pac's IBI Light Symmetric postage system, which obviates the need for the digital signature used in traditional IBI franking. Data-Pac embeds the AMERICA2 into its line of Digit"
761	Gemalto 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access E-gate V3 (Hardware Version: P/N A1002431, Version A.12; Firmware Version: HardMask 3v1; SoftMask 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #451); Triple-DES (Cert. #468); Triple-DES MAC (Cert. #468, vendor affirmed); RNG (Cert. #236); RSA (Certs. #169 and #170); SHS (Cert. #514) -Other algorithms: NDRNG; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Cyberflex Access E-gate V3 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. The Cyberflex Access E-gate V3 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. The card incorporates the conventional ISO 7816-3 interface, as well as the USB interface normally resident in the smart card reader, making it especially suitable for usage as a USB token."
760	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/23/2007; 05/22/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
759	Icom Inc. 1-1-32 Kamiminami Hirano-ku Osaka 547-0003 Japan -Chris Lougee TEL: 425-454-8155 FAX: 425-450-1509	Digital Unit UT-120 #10 and #11 (Hardware Version: 1.1; Firmware Version: 3.0 version 2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/13/2007; 11/26/2007; 12/03/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #422); SHS (Cert. #493); HMAC (Cert. #197) -Other algorithms: DES; RNG (non-compliant) Multi-chip embedded "The UT-120 is an optional unit available for Icom radios that provides digital transmission and reception capabilities, as well as, providing secure communication with FIPS approved AES and non-FIPS approved DES."
758	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 525 and PIX 535 (Hardware Versions: 525 and 535; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/11/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: Triple-DES (Certs.#298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124), RSA (Certs. #105 and #107), DSA (Certs. #150 and #152) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 112 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
757	Lexmark International, Inc. 740 West Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000	Lexmark PrintCryption (Firmware Version: 1.3.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	04/11/2007; 05/22/2007	Overall Level: 1  -Tested: T640, T642, T644, C920, W840, C534, T630, T632, T634, C760, C762, C912, W820, X644e, X646e, X646dte, X850e, X852e, X854e, C772, C782, C935 and X945e; Lexmark ver. 2.4 O/S -FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360, and #470); AES (Certs. #273, #274, #275, #276, #277, and #452); RSA (Certs. #73, #74, #75, #76, #77, and #171); SHS (Certs. #350, #351, #352, #353, #354, and #515); HMAC (Certs. #89, #90, #91, #92, #93, and #215); RNG (Certs. #100, #101, #102, #103, #104, and #237) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Lexmark PrintCryption Card is an option for the Lexmark T, C, W, and X series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
756	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Wireless Access Bridge ES520 (Hardware Version: ES520; Firmware Versions: 2.6.1, 2.6.3 and 2.6.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/11/2007; 05/22/2007; 12/07/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #423); SHS (Cert. #494); HMAC (Cert #198); RNG (Cert. #218) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); RSA (non-compliant); Blowfish; DES; RC2; RC4; RC5; Safer; Skipjack; DSA (non-compliant); MD2; MD4; MD5; GUAVA; IDEA; Triple-DES Multi-chip standalone "The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
755	Sharp Corporation 1-9-2, Nakase Mihama-ku, Chiba-shi, Chiba 251-8520 Japan -Kazuhiro Yaegawa TEL: +81-43-299-8368 FAX: +81-43-299-8741	SHARP JCOP31ID FIPS (Hardware Version: P/N SM4128(V3)A7; Firmware Version: HAL v1.1.06, IBM JCOP31IDv2.2OS Release Level 0400) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/11/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #439); Triple-DES MAC (Cert. #439, vendor affirmed); AES (Cert. #402); RSA (Cert. #147); RNG (Cert. #197); ECDSA (Cert. #33); SHS (Cert. #472) -Other algorithms: DES; AES MAC (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECSVDP Single-chip "The single-chip module is a 16-bit Sharp processor and a specifically modified version of the IBM JCOP 31-ID Java Card software satisfying the FIPS 140-2 requirements. The single-chip module provides an operational environment with up to 640 kBytes of Cryptographic Officer/Issuer available non-volatile memory. The defined user space allows for multiple validated applets to be concurrently loaded and used, as well as supporting re-issuance capability. The primary purpose for this device is to provide data security for Personnel Identification."
754		Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/02/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
753		Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/02/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
752	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Software Application Java Comm Crypto Module, Version 5.0 (Software Version: 5.0.2 build 12-9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #374); SHS (Cert. #376); HMAC (Cert. #110) -Other algorithms: DES, Triple-DES (ECB, CBC, and OFB modes; non-compliant) Multi-chip standalone "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Some of the key components of the ETM System are: the Management Server, Report Server, Performance Manager, and Usage Manager. These components are written in the Java programming language and are used in a distributed architecture across an enterprise LAN or WAN. These components utilize a library of Triple DES encryption routines to secure their network communications."
751	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Software Application C Comm Crypto Module, Version 5.0 (Software Version: 2.0 build 11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #375); SHS (Cert. #377); HMAC (Cert. #111) -Other algorithms: DES Multi-chip standalone "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. The ETM System's C Language Applications Dynamic Link Library provides Triple DES encryption routines for Windows-based ETM Applications. The C Language DLL is used to secure network communications between the ETM Collection Server and ETM Call Recorder Cache Appliances."
750	IBM® Corporation 11505 Burnet Rd. Austin, TX 78758 USA -Jacqueline Wilson TEL: 512-838-2702 FAX: 512-838-3509 -Martin Clausen TEL: +45 45 23 33 38	IBM CryptoLite for C (Software Version: 3.23) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/23/2007	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with AIX 5200-07 (32-bit kernel), AIX 5200-07 (64-bit kernel), AIX 5300-03 (32-bit kernel), AIX 5300-03 (64-bit kernel) (single-user mode) -FIPS-approved algorithms: AES (Cert. #498); Triple-DES (Cert. #511); SHS (Cert. #568); DSA (Cert. #205); RSA (Cert. #214); RNG (Cert. #278); HMAC (Cert. #252) -Other algorithms: RC2; CAST-5; CAST-6; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; MD2; HMAC-MD2; HMAC-MD5; Whirlpool; Arc-Four; DES Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
749	Hitachi, Ltd. Hitachi System Plaza Shin-Kawasaki 890 Kashimada, Saiwai-ku Kawasaki, Kanagawa 212-8567 Japan -Yoshiaki Kawatsura TEL: 81-44-549-1755 FAX: 81-44-549-1756 -Manabu Natsume TEL: 81-44-549-1755 FAX: 81-44-549-1756	Hitachi One-Passport PKI Card Application on Athena Smartcard Solutions OS755 for Renesas XMobile Card Module (Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.7; Application Program Product C-9550-702 One-Passport PKI Card Application Versions 03-00 and CX 03-00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/23/2007; 04/26/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #428; key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES MAC (Cert. #428, vendor affirmed); SHS (Certs. #315 and #458); RSA (Certs. #57 and #135); RNG (Certs. #75 and #209) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant) Single-chip "The One-Passport PKI solution provides a remote access environment through the Internet for general commercial uses by private companies. It consists of XMC Cards, PC Software, and PDA Software. Under the One-Passport PKI environment, employees such as sales persons can access their corporate mail servers and other corporate information from their satellite office, home, or other places outside the office. In order to avoid unexpected leakage of information during such remote access, the One-Passport PKI solution uses the VPN technique and PKI based authentication method."
748	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP (Hardware Versions: 4.0 StealthMXP 128MB, 4.0 StealthMXP 256MB, 4.0 StealthMXP 512MB, 4.0 StealthMXP 1GB, 4.0 StealthMXP 2GB, 4.0 StealthMXP 4GB, 4.1 StealthMXP 128MB, 4.1 StealthMXP 256MB, 4.1 StealthMXP 512MB, 4.1 StealthMXP 1GB, 4.1 StealthMXP 2GB, 4.1 StealthMXP 4GB, 4.2 StealthMXP 128MB, 4.2 StealthMXP 256MB, 4.2 StealthMXP 512MB, 4.2 StealthMXP 1GB, 4.2 StealthMXP 2GB, 4.2 StealthMXP 4GB, 4.2 StealthMXP: Liquid Metal 512MB, 4.2 StealthMXP: Liquid Metal 1GB, 4.2 StealthMXP: Liquid Metal 2GB and 4.2 StealthMXP: Liquid Metal 4GB with Version 2.3 of FPGA; Firmware Versions: 4.16, 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2007; 05/01/2007; 08/07/2007; 09/25/2007; 11/06/2007; 12/20/2007; 01/28/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
747	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Timothy J. Barton TEL: 210-402-9669 FAX: 210-402-6996 -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Firmware Appliance C Comm Crypto Module, Version 5.0 (Firmware Version: 5.02.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/23/2007	Overall Level: 1  -Tested: ETM® System Appliance Model 3200 with Linux 2.6 (locked down) -FIPS-approved algorithms: Triple-DES (Cert. #373); SHS (Cert. #375); HMAC (Cert. #109) -Other algorithms: DES Multi-chip embedded "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Primary components of the ETM System are the ETM Appliances, custom designed devices installed inline on the telecommunication circuits to monitor and control VoIP, PRI, CAS, SS7, and analog voice traffic. The system uses a C library of TDES encryption routines to secure their network communications."
746	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Linux (Software Version: 1.0.1) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007; 06/13/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the Netfilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
745	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
744	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
743	Encryption Solutions, Inc. 1740 E. Garry Ave. Suite 110 Santa Ana, CA 92705 USA -Frederick C. Meyer TEL: 949-660-0102 FAX: 949-660-0202	SkyLOCK™ Encryption Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/09/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on an HP Pavilion dv8210us computer; Windows XP Professional SP2 running on an HP Pavilion zt1175 computer; Windows XP Professional SP2 running on a Dell Optiplex GX270 computer -FIPS-approved algorithms: AES (Cert. #413); SHS (Cert. #482); HMAC (Cert. #187) -Other algorithms: SkyLOCK™ Data Protection Scheme Multi-chip standalone "The SkyLOCK cryptographic module will be used by Encryption Solutions, Inc. to provide clients with a fast, efficient, and secure solution for protecting information, data and files. The SkyLOCK cryptographic module is the core of all products in the SkyLOCK family. With uses including data storage, file transfer, streaming, and email, SkyLOCK products cover a wide range of security applications and needs. These robust software products provide security in both wired and wireless environments."
742	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module for ADS 1.2 (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/01/2007; 07/20/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Phillips RTK-E OS (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #452); AES (Cert. #421); SHS (Cert.#491); HMAC (Cert. #195); RNG (Cert. #217); DSA (Cert. #176); ECDSA (Cert. #31); RSA (Cert. #159) -Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 57 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 57 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module for ADS 1.2 is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
741	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -nCipher Sales TEL: 800-NCIPHER FAX: 781-994-4001	Ultralock Symmetric Module (Hardware Version: 010-00007 a.00) (When operated in FIPS mode and using the nForce Ultra Asymmetric Module validated to FIPS 140-2 under Cert. #740 and nCipher MiniHSM validated to FIPS 140-2 under Cert. #672 when operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/01/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #345); AES (Cert. #263); SHS (Cert. #342); HMAC (Cert. #75) -Other algorithms: DES; RC4; MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Ultralock Symmetric Module performs all the cryptography required for SSL/TLS applications. This module is a common element of the Britestream BN2010 SSL Security ASIC, the industry's first single-chip solution for completely off-loading SSL/TLS processing from host systems. The innovative in-line architecture combines TCP."
740	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce Ultra Asymmetric Module (Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/01/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The nForce Ultra Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for archieving FIPS 140-2 certification of the overall system that the module is used in."
739	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa,, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	ProtectServer Gold (Hardware Version: Revisions B2 and B3; Firmware Version: 2.03.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/01/2007; 03/20/2007; 04/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #382); Triple-DES (Cert. #426); SHS (Cert. #457); HMAC (Cert. #171); RNG (Cert. #184); RSA (Cert. #134); DSA (Cert. #166); ECDSA (Cert. #26); Triple-DES MAC (Cert. #426, vendor affirmed) -Other algorithms: DES; DES MAC; AES MAC (non-compliant); CAST 128; CAST MAC; IDEA; IDEA MAC; RC2; RC2 MAC; SEED; SEED MAC; MD2; MD5; HMAC MD5; RC4; RIPEMD-128; RIPEMD-160; HMAC RMD128; HMAC RMD160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
738	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-030-2 Security Server Cryptographic Core (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/08/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Server with SP4 and Windows 2003 with SP1 (in single user mode) -FIPS-approved algorithms: AES (Certs. #415 and #428); HMAC (Cert. #189); RNG (Cert. #210); RSA (Cert. #153); SHS (Cert. #484) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The 3e-030-2 Security Server Cryptographic Core (Version 3.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS-like back-end Authentication Server, capable of dynamic key exchange, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES (ECB mode; 256-bit key size), SHA-1, HMAC-SHA1, RSA sign/verify, FIPS 186-2 (Appendix 3.1 and 3.2 3.3) PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman"
737	TriCipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	TriCipher Armored Credential System (TACS) (Hardware Versions: 1000 and 2000; Firmware Versions: 3.1, build 255 and 3.1.1, build 261) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/08/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #413); RSA (Cert. #120); SHS (Cert. #430); HMAC (Cert. #159); RNG (Cert. #170) -Other algorithms: MD5; RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The TriCipher Armored Credential System (TACS) provides a single platform that can issue and support a flexible range of credentials from a single infrastructure."
736	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	JUNOS-FIPS-L2 Cryptographic Module ((Chassis Model Numbers nnnn (T640, T320, M320 and M40e); Hardware P/Ns [nnnnBASE Rev A, RE-600 (RE3) Rev A,DOC-FIPS-140-2-L2-KIT Rev A] and [nnnnBASE Rev A, RE-1600 (RE4) Rev A, DOC-FIPS-140-2-L2-KIT Rev A]; Firmware Versions 7.2R1.7 and 7.4R1.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344) -Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The JUNOS-FIPS-L2 Cryptographic Module is a multi-chip standalone cryptographic module (for Juniper Networks T-Series and M-Series routers) that executes JUNOS-FIPS firmware. JUNOS-FIPS is a release of the JUNOS operating system, the first routing operating system designed specifically for the Internet. JUNOS is currently deployed in the largest and fastest-growing networks worldwide. A full suite of industrial-strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes."
735	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6202 FAX: 954-888-6211	Datacryptor® SONET/SDH v1.00 (Hardware Version: 1600X40 (Options 4 and 6) v1.00; Firmware Version: v1.00 (Rev43)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #366); DSA (Cert. #159); SHS (Cert. #439); RNG (Cert. #175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Datacryptor« SONET/SDH v1.00 is a multi-chip standalone cryptographic module. It secures communications using signed Diffie-Hellman key exchange and AES-256 encryption over SONET/SDH networks. It provides data encryption and OC-3, OC-12 and OC-48 data rates. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
734	Thales Communications, Inc 22605 Gateway Center Drive Clarksburg, MD 20871 USA -George Korus TEL: 240-864-7646	Thales 25 Portable Radio (Hardware Version: PRC6894; Firmware Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert# 347); SHS (Cert# 421); HMAC (Cert# 150) -Other algorithms: DES Multi-chip standalone "The Thales 25 portable radio (T25) is a small, light, and rugged radio that meets the requirements of the Association of Public Safety Communications Officials (APCO) Project 25 Common Air Interface (CAI) Standard. The T25 supports Project (P25) digital voice and data encryption operation, as well as Motorola Key Variable Loader (KVL). It supports full multi-mode operation over a frequency range of 136 to 174 MHz and features high quality, error-corrected, digital voice and AES Encryption."
733	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: opensslfips1.1.1.tar.gz; Resultant Compiled Software Version: 1.1.1) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/06/2007;11/30/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #451); AES (Cert. #420); SHS (Cert. #490); HMAC (Cert. #194); RSA (Cert. #177); DSA (SigVer, Cert. #175); -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (Cert. #216, non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175, non-compliant); Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
732	Hitachi, Ltd. Hitachi System plaza Shinkawasaki, 890 Kashimada, Saiwai Kawasaki, Kanagawa Perfecture 212-8567 Japan -Yutaka Takami TEL: +81-44-549-1755 FAX: +81-44-549-1756 -Tomomi Haruna TEL: +81-44-549-1755 FAX: +81-44-549-1756	Personal Identity Verification Application on Hitachi MULTOS Smart Chip (Hardware Version: AE45X1; Firmware Version: 1.0) (PIV Card Application: Cert. #3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/25/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RNG (Cert. #186); Triple-DES (Cert. #429) -Other algorithms: RSA (non-compliant) Single-chip "The HITACHI MULTOS Smart Chip is a single chip for smart cards with a dual interface (contact and contactless), which is compliant with MULTOS. The MULTOS OS is a high-security multi-application smart card operating system and Key Management Infrastructure which provides Card Issuers with the opportunity to define their own card programmes, delivering services with their own smart card applications or those of other third-party Application Providers."
731	Taua Biomatica S/A Rua do Rosario 103 / 13 andar Rio de Janeiro, RJ 20041-004 Brazil -Marcio Lima TEL: 55-21-2232-1321 FAX: 55-21-2531-0255	Zyt Cryptographic Module (Hardware Version: P/N PM400002-9, Version 3; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/08/2007	Overall Level: 3  -FIPS-approved algorithms: RSA (Certs. #36 and #37); SHS (Certs. #282 and #283); RNG (Cert. #47) Triple-DES (Cert. #294); -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5 Multi-chip embedded "Taua Biomatica has developed an innovative product, the Zyt, created to offer the highest security level for Internet transactions. It was designed to digitally sign documents and transactions, integrating the most modern biometrical technologies, digital certification and cryptography. It is composed of a fingerprint sensor for the user's positive identification, a smart card reader for private key and digital certificate storage, a liquid crystal for transaction display, and a USB port for communication with the PC."
730	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Tom Gilbert TEL: 703-631-0700 FAX: 703-631-9588	BorderGuard X.509 VPN Client (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/08/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode) -FIPS-approved algorithms: AES (Certs. #386 and #418); Triple-DES (Certs. #432 and #448); HMAC (Certs. #173 and #192); SHS (Certs. #463 and #487) -Other algorithms: MD5; DES; IDEA; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The BorderGuard VPN Client is a security enhanced VPN Client which is used for establishment of secure Virtual Private Network with a BorderGuard network security appliance and individual remote access users."